Unable to generate certificate using `ipa cert-request` command. Marking this BZ as failed QA.
[root@master1 ~]# openssl req -new -sha256 -key testuser1.key -out testuser1.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) :MH
Locality Name (eg, city) [Default City]:PUNE
Organization Name (eg, company) [Default Company Ltd]:RED HAT
Organizational Unit Name (eg, section) :QE
Common Name (eg, your name or your server's hostname) :testuser1
Email Address :firstname.lastname@example.org
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password :
An optional company name :
[root@master1 ~]# ipa cert-request testuser1.csr --principal=testuser1@TESTRELM.TEST
ipa: ERROR: invalid 'csr': DN emailAddress does not match any of user's email addresses
IPA version:: ipa-server-4.5.0-11.el7.x86_64
Moving back to ON_QA. This depends on #1451576
Verified using mod_nss version :: mod_nss-1.0.14-10.el7.x86_64
Marking BZ as verified. See attachment for console.log.
Created attachment 1281534 [details]
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.