Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1367683 - getcert request command fails to use Sub CA using -X argument
getcert request command fails to use Sub CA using -X argument
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: certmonger (Show other bugs)
7.3
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: Jan Cholasta
Kaleem
Aneta Šteflová Petrová
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2016-08-17 04:45 EDT by Abhijeet Kasurde
Modified: 2016-11-04 03:50 EDT (History)
5 users (show)

See Also:
Fixed In Version: certmonger-0.78.4-3.el7
Doc Type: Bug Fix
Doc Text:
*certmonger* no longer fails to request certificates from IdM sub-CAs The *certmonger* service previously used incorrect API calls to request certificates from IdM sub-Certificate Authorities (sub-CAs). As a consequence, the sub-CA setting was ignored and the certificate was always issued by the IdM root CA. This update fixes the bug, and *certmonger* now requests certificates from IdM sub-CAs as expected.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2016-11-04 03:50:59 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
console.log (8.69 KB, text/plain)
2016-08-17 04:49 EDT, Abhijeet Kasurde 		no flags Details
console.log (1.99 KB, text/plain)
2016-09-20 02:19 EDT, Abhijeet Kasurde 		no flags Details
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2519 normal SHIPPED_LIVE certmonger bug fix update 2016-11-03 10:15:16 EDT

  None (edit)
Description Abhijeet Kasurde 2016-08-17 04:45:31 EDT 
Description of problem:
When ipa-getcert request is triggered with Sub CA using -X argument, then command fails to issue certificate with Sub-CA as issuer.

See console.log for steps involved.

Version-Release number of selected component (if applicable):
ipa-server-4.4.0-7.el7.x86_64

How reproducible:
100%

Steps to Reproduce:
1. ipa ca-add 
2. ipa-getcert request -k /samplereq1.key -f /samplereq1.crt -X SampleCA1 
3. View issued certificate for issuer name
4. View ipa-getcert list -i <request_id> for issuer name

Actual results:
Issuer Name in certificate issued is set to default IPA CA instead of Sub CA

Expected results:
Issuer Name in certificate issued should be set to Sub CA

Additional info:
As per IRC chat with jcholast, https://git.fedorahosted.org/cgit/certmonger.git/tree/src/ipa.c#n384 - here it should say "cacn" instead of "ca"
Comment 1 Abhijeet Kasurde 2016-08-17 04:46:02 EDT 
Certmonger version used :: 

certmonger-0.78.4-2.el7.x86_64
Comment 2 Abhijeet Kasurde 2016-08-17 04:49 EDT 
Created attachment 1191493 [details]
console.log
Comment 10 Abhijeet Kasurde 2016-09-20 02:19:02 EDT 
Verified using IPA and Certmonger version ::

ipa-server-4.4.0-12.el7.x86_64
certmonger-0.78.4-3.el7.x86_64


Marking BZ as verified.
Comment 11 Abhijeet Kasurde 2016-09-20 02:19 EDT 
Created attachment 1202711 [details]
console.log
Comment 15 errata-xmlrpc 2016-11-04 03:50:59 EDT 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2519.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.