Red Hat Bugzilla – Bug 1367683
getcert request command fails to use Sub CA using -X argument
Last modified: 2016-11-04 03:50:59 EDT
Description of problem: When ipa-getcert request is triggered with Sub CA using -X argument, then command fails to issue certificate with Sub-CA as issuer. See console.log for steps involved. Version-Release number of selected component (if applicable): ipa-server-4.4.0-7.el7.x86_64 How reproducible: 100% Steps to Reproduce: 1. ipa ca-add 2. ipa-getcert request -k /samplereq1.key -f /samplereq1.crt -X SampleCA1 3. View issued certificate for issuer name 4. View ipa-getcert list -i <request_id> for issuer name Actual results: Issuer Name in certificate issued is set to default IPA CA instead of Sub CA Expected results: Issuer Name in certificate issued should be set to Sub CA Additional info: As per IRC chat with jcholast, https://git.fedorahosted.org/cgit/certmonger.git/tree/src/ipa.c#n384 - here it should say "cacn" instead of "ca"
Certmonger version used :: certmonger-0.78.4-2.el7.x86_64
Created attachment 1191493 [details] console.log
Patch is available: https://lists.fedorahosted.org/archives/list/certmonger-devel@lists.fedorahosted.org/thread/KWGVMVSZ4LTIVTYZL2NTMX3HF6ODUHRI/
Verified using IPA and Certmonger version :: ipa-server-4.4.0-12.el7.x86_64 certmonger-0.78.4-3.el7.x86_64 Marking BZ as verified.
Created attachment 1202711 [details] console.log
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://rhn.redhat.com/errata/RHEA-2016-2519.html