Bug 1371479 - cert-find --all does not show information about revocation
Summary: cert-find --all does not show information about revocation
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: ipa
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: IPA Maintainers
QA Contact: Ganna Kaihorodova
Aneta Šteflová Petrová
Depends On:
Blocks: 1389252
TreeView+ depends on / blocked
Reported: 2016-08-30 10:04 UTC by Martin Bašti
Modified: 2017-08-01 09:39 UTC (History)
13 users (show)

Fixed In Version: ipa-4.4.0-13.el7
Doc Type: Known Issue
Doc Text:
The IdM web UI does not correctly recognize the status of a revoked certificate The Identity Management (IdM) web UI is currently unable to determine whether a certificate has been revoked. As a consequence: * The `Revoked` sign is not displayed when viewing the certificate from the user, service, or host details page. * The `Revoke` action is still available from the details page. Attempting to revoke an already revoked certificate results in an error dialog. * The `Remove Hold` button is always disabled even if the certificate has been revoked because of Certificate Hold (revocation reason 6).
Clone Of:
: 1389252 (view as bug list)
Last Closed: 2017-08-01 09:39:54 UTC
Target Upstream Version:

Attachments (Terms of Use)
Verification for bug "cert-find --all does not show information about revocation" (9.76 KB, text/plain)
2017-05-17 13:45 UTC, Ganna Kaihorodova
no flags Details
verification screenshot for webUI part of the bug (124.98 KB, image/png)
2017-05-17 13:48 UTC, Ganna Kaihorodova
no flags Details
verification screenshot #2 for webUI part of the bug (128.49 KB, image/png)
2017-05-17 13:49 UTC, Ganna Kaihorodova
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2304 0 normal SHIPPED_LIVE ipa bug fix and enhancement update 2017-08-01 12:41:35 UTC

Description Martin Bašti 2016-08-30 10:04:01 UTC
This bug is created as a clone of upstream ticket:


Cert-find with --all option stopped to show information whether certificate is revoked and the reason of revocation. Affects CLI and API. 

These information are needed to correctly disable and enable Revoke and Remove Hold buttons on user/service/host details pages in WebUI.

Comment 1 Martin Bašti 2016-08-30 10:05:10 UTC
Fixed upstream

Comment 5 Scott Poore 2016-09-16 16:47:44 UTC
I see revoked but, I don't see a reason.

This user was revoked with reason 6 (certificateHold)

[root@master ~]# ipa cert-find --all --subject="certuser6"
1 certificate matched
  Subject: CN=certuser6,O=IPA.TEST
  Issuer: CN=Certificate Authority,O=IPA.TEST
  Not Before: Fri Sep 16 16:34:40 2016 UTC
  Not After: Mon Sep 17 16:34:40 2018 UTC
  Fingerprint (MD5): 54:99:de:e6:ae:ad:17:fc:0f:e2:98:d9:f2:8a:70:f4
  Fingerprint (SHA1): 61:41:b9:01:57:e2:d4:7c:f5:bd:af:1d:12:06:b1:9c:83:d1:85:8b
  Serial number: 33
  Serial number (hex): 0x21
  Status: REVOKED
  Revoked: True
  Owner user: certuser6
Number of entries returned 1

I can remove the hold:

[root@master ~]#  ipa cert-remove-hold 33
  Unrevoked: True

But I cannot tell from cert-find what the reason is.  From the initial bug description that should be added as well, right?

Comment 6 Scott Poore 2016-09-19 13:30:20 UTC

Can you help with this?  This should be showing the reason too right?


Comment 7 Petr Vobornik 2016-09-19 15:01:13 UTC
Pavel, the original bug description talks about revocation reason, but the fix doesn't touch it. Was this bug about it?

Comment 8 Pavel Vomacka 2016-09-19 15:05:22 UTC
Yes, it was about the information whether bug is revoked and if it is then what is the reason. The revocation reason is needed.

Comment 9 Scott Poore 2016-09-19 18:33:54 UTC
Moving back to assigned since it does look like revocation reason should be listed.

Comment 22 Ganna Kaihorodova 2017-05-17 13:45:37 UTC
Created attachment 1279694 [details]
Verification for bug "cert-find --all does not show information about revocation"

Comment 23 Ganna Kaihorodova 2017-05-17 13:48:01 UTC
Created attachment 1279695 [details]
verification screenshot for webUI part of the bug

Comment 24 Ganna Kaihorodova 2017-05-17 13:49:26 UTC
Created attachment 1279696 [details]
verification screenshot #2 for webUI part of the bug

Comment 25 errata-xmlrpc 2017-08-01 09:39:54 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.