Hide Forgot
Description of problem: Options for removing certificate hold in UI and CLI are not consistent: * UI: the "Restore" button * CLI: the "ipa cert-remove-hold" command For better usability, both UI and CLI should use the same terminology. Expected results: As a fix, Petr Voborník proposed to rename the UI button to "Remove Hold". The button would only be displayed (or active) for certificates revoked because of reason 6: Certificate Hold.
Upstream ticket: https://fedorahosted.org/freeipa/ticket/5878
Verified. Version :: ipa-server-4.4.0-12.el7.x86_64 Results :: ### Setup: Create user with certificate [root@vm1 ~]# ipa user-add bz1334582_0 --first=f --last=l ------------------------ Added user "bz1334582_0" ------------------------ User login: bz1334582_0 First name: f Last name: l Full name: f l Display name: f l Initials: fl Home directory: /home/bz1334582_0 GECOS: f l Login shell: /bin/sh Principal name: bz1334582_0@EXAMPLE.COM">bz1334582_0@EXAMPLE.COM Principal alias: bz1334582_0@EXAMPLE.COM">bz1334582_0@EXAMPLE.COM Email address: bz1334582_0@example.com">bz1334582_0@example.com UID: 635200004 GID: 635200004 Password: False Member of groups: ipausers Kerberos keys available: False [root@vm1 ~]# openssl req -new -newkey rsa:2048 -days 365 -nodes -keyout bz1334582_0.key -out bz1334582_0.csr -subj "/CN=bz1334582_0" Generating a 2048 bit RSA private key ...................................................................................................+++ ..................+++ writing new private key to 'bz1334582_0.key' ----- [root@vm1 ~]# ipa cert-request bz1334582_0.csr --principal bz1334582_0 Issuing CA: ipa Certificate: MIIECTCCAvGgAwIBAgIBDTANBgkqhkiG9w0BAQsFADA2MRQwEgYDVQQKDAtFWEFNUExFLkNPTTEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5MB4XDTE2MDkxOTIzMzE1NFoXDTE4MDkyMDIzMzE1NFowLDEUMBIGA1UECgwLRVhBTVBMRS5DT00xFDASBgNVBAMMC2J6MTMzNDU4Ml8wMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1A0YPBgDqV4HPQY/NCEZKqITgfo3J8aNarLXcwpPeLQV6BYbXcgWeQANwpaLgP9A9jRhZEXBqR3v6/5KhKpmavYVoYA1CVGMcI5zs1x12h+rArN/9yTGbguhnIi9q77/K3d3IXi9gjZUQiyC0+sYTU682Gnuam03R8aa+uOLm+wVHGIGKRpsSuxjQuXGKT85580afLf45E8NaoLJ+6LEJrGwbc9Og4htMZBxnKuk2yVJl6b4wETHQGSML5j5On8pb/gPfr8hFsLMlSbpS4x5XioxWd/rrjlIV+1P8npH0HwVv9dQ422vQhg8i6hBBm7BXds3VkE9yEb/VTXLFCKu3wIDAQABo4IBKjCCASYwHwYDVR0jBBgwFoAUDB7zjSoaGVF+EcB3gNSlLOHpKyMwPQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vaXBhLWNhLmV4YW1wbGUuY29tL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjB2BgNVHR8EbzBtMGugM6Axhi9odHRwOi8vaXBhLWNhLmV4YW1wbGUuY29tL2lwYS9jcmwvTWFzdGVyQ1JMLmJpbqI0pDIwMDEOMAwGA1UECgwFaXBhY2ExHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhvcml0eTAdBgNVHQ4EFgQUct6f6YC/e3ZBdo07dv2clblgwiswDQYJKoZIhvcNAQELBQADggEBABnVgCbSaBfbEBsaZVZV5kcAXLlNcjRZwUOB98txTfh8E05sr4ZBgskiO0qbcpogeveMjTGWpATc5uVRas9QHBugXQvOluIfE6Y7N0xGPTBd8zPTMuHzzPIDzQuWPZmdS7M2N0ynOz4Voz6jYw06t1RdbAT2CaYc8swVS2qR9IgEQL6So1GYRCGn9oziDQunPiP5gCephcLsd/7CQ5EAEz9mFJiCebGDheR7RCMmYHr+8jfzJgv4XBaflZreCBp3cQcnjRSiBDV2Euo40Ai+1O5m+6tVVaRYuTwuK1MT2iyfWV6+puAIDcNwQ6EXtgnbj5i1ETYhLEkU7wrSqnuMqdk= Subject: CN=bz1334582_0,O=EXAMPLE.COM Issuer: CN=Certificate Authority,O=EXAMPLE.COM Not Before: Mon Sep 19 23:31:54 2016 UTC Not After: Thu Sep 20 23:31:54 2018 UTC Fingerprint (MD5): 5e:de:ef:b7:93:c5:48:e6:70:5e:20:ed:43:69:cf:55 Fingerprint (SHA1): 0e:25:e0:1d:9e:fe:12:cc:a2:86:fe:3e:17:d2:60:f2:1e:e7:4e:aa Serial number: 13 Serial number (hex): 0xD ### TC_1: Remove hold not active if cert not revoked # Go to WebUI Authenticaion > Certificates > Certificates (Default for Authentication) == Certificates == 13 (certificate for user bz1334582_0) == Certificate: 13 == Actions Remove hold is inactive (grayed out) ### TC_2: Remove hold option available if revocation reason is 6 # Back to Master CLI [root@vm1 ~]# ipa cert-revoke --revocation-reason=6 13 Revoked: True # WebUI Authenticaion > Certificates > Certificates (Default for Authentication) == Certificates == Refresh 13 (now shows revoked) == Certificate: 13 == Action (still showed remove hold inactive) refresh browser Actions Remove hold is now active ( Click ) == Remove Certificate Hold == Remove hold == Certificate: 13 == Actions Remove hold is inactive (grayed out) # Back to Master CLI ### TC_3: remove hold not active for other revocation reason [root@vm1 ~]# ipa cert-revoke --revocation-reason=0 13 Revoked: True # WebUI Authenticaion > Certificates > Certificates (Default for Authentication) == Certificates == Refresh 13 (now shows revoked) == Certificate: 13 == Action (still showed remove hold inactive) refresh button Actions Remove hold is not active ^^^^ In all cases above WebUI did use label "Revoke Hold" for the Action menu option.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHBA-2016-2404.html