Bug 1249165 - certmonger rekey command not usable
certmonger rekey command not usable
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: certmonger (Show other bugs)
Unspecified Linux
unspecified Severity medium
: rc
: ---
Assigned To: Rob Crittenden
Depends On:
Blocks: 1087932
  Show dependency treegraph
Reported: 2015-07-31 13:13 EDT by Kaleem
Modified: 2018-07-01 18:26 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Kaleem 2015-07-31 13:13:21 EDT
Description of problem:
rekey subcommand does not seems to be working

[root@nocp6 ~]# getcert rekey -i test -g 2048
Unrecognized parameter or wrong value type.
[root@nocp6 ~]# getcert rekey -i test -G RSA -g 2048
Unrecognized parameter or wrong value type.
[root@nocp6 ~]# getcert rekey -i test -G RSA 
Unrecognized parameter or wrong value type.
[root@nocp6 ~]#

Also, no man page for rekey

[root@nocp6 ~]# man getcert-rekey
No manual entry for getcert-rekey
[root@nocp6 ~]# rpm -ql certmonger |grep rekey

We man page for these two options 

  -G TYPE	type of new key to be generated
  -g SIZE	size of new key to be generated

Which keytypes and keysizes supported?

Version-Release number of selected component (if applicable):
[root@nocp6 ~]# rpm -q certmonger
[root@nocp6 ~]# 

How reproducible:
Comment 2 Nalin Dahyabhai 2015-07-31 13:30:11 EDT
The "modify" call's logic doesn't accept requests to change the key type or size, which "getcert rekey" is asking it to do.  Both should be fixed in upstream master before long.
Comment 3 Kaleem 2015-08-04 06:42:18 EDT
I saw following in RFE bug of rekey feature where bug is targeted for RHEL-7.3 release.


Its means that any reference to rekey should not be there in the RHEL-7.2 certmonger build, right?
Comment 4 Nalin Dahyabhai 2015-08-04 12:49:39 EDT
It was deferred, but we hadn't patched out what was there when that decision was made.  We could patch it out of 'getcert' and disconnect the API endpoint, and not backport the man page when it's finished.
Comment 5 Martin Kosek 2015-08-05 06:09:58 EDT
Please see Bug 1250397, we should simply hide/remove the feature in 7.2, not to cause a bad experience to RHEL users.

Note You need to log in before you can comment on or make changes to this bug.