Bug 1540440 - CMC: Audit Events needed for failures in SharedToken scenario's
Summary: CMC: Audit Events needed for failures in SharedToken scenario's
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core
Version: 7.5
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Christina Fu
QA Contact: Asha Akkiangady
URL:
Whiteboard:
Depends On:
Blocks: 1594128
TreeView+ depends on / blocked
 
Reported: 2018-01-31 04:59 UTC by Geetika Kapoor
Modified: 2018-10-30 11:06 UTC (History)
4 users (show)

Fixed In Version: pki-core-10.5.9-2.el7
Doc Type: No Doc Update
Doc Text:
See Doc Text in BZ#1594128.
Clone Of:
: 1594128 (view as bug list)
Environment:
Last Closed: 2018-10-30 11:05:22 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2018:3195 None None None 2018-10-30 11:06:40 UTC

Description Geetika Kapoor 2018-01-31 04:59:24 UTC
Description of problem:

Audit events are required in case of SharedToken failures.Debug logs have it but audit logs doesn't capture them.
This behavior is observed when testing is done for "CMC Revocation Request (User-signed)" and SharedSecret.


if we provide incorrect value of sharedsecret  in revocation file or ldap missing metainfo ,it will fail during HttpClient request.That's expected.Currently, any failures related to revocation is not getting displayed in audit logs.Below are two snip for a better understanding.

<snip1>
debug logs:
[30/Jan/2018:06:30:23][http-bio-20443-exec-14]: CMCOutputTemplate: processRevokeRequestControl:  Client and server shared secret are not the same, cannot revoke certificate.
[30/Jan/2018:06:30:23][http-bio-20443-exec-14]: SignedAuditLogger: event CERT_STATUS_CHANGE_REQUEST_PROCESSED


Audit logs:

0.http-bio-20443-exec-14 - [30/Jan/2018:06:30:23 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.12.28.208][ServerIP=10.12.28.208][SubjectID=UID=usercert,CN=usercert][Outcome=Success] access session establish success
0.http-bio-20443-exec-14 - [30/Jan/2018:06:30:23 EST] [14] [6] [AuditEvent=AUTHZ][SubjectID=$Unidentified$][Outcome=Success][aclResource=certServer.ee.profile][Op=submit] authorization success
0.http-bio-20443-exec-14 - [30/Jan/2018:06:30:23 EST] [14] [6] [AuditEvent=CERT_STATUS_CHANGE_REQUEST_PROCESSED][SubjectID=<null>][Outcome=Failure][ReqID=<null>][CertSerialNum=17361974][RequestType=revoke][RevokeReasonNum=Unspecified][Approval=rejected] certificate status change request processed
0.http-bio-20443-exec-14 - [30/Jan/2018:06:30:23 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.12.28.208][ServerIP=10.12.28.208][SubjectID=UID=usercert,CN=usercert][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated
</snip1>


<snip2>

debug logs

[30/Jan/2018:06:11:04][http-bio-20443-exec-20]: SharedSecret.getSharedToken(BigInteger serial): shrTok not found in metaInfo
[30/Jan/2018:06:11:04][http-bio-20443-exec-20]: CMCOutputTemplate: createFullResponse: SharedSecret.getSharedToken(BigInteger serial): shrTok not found in metaInfo
[30/Jan/2018:06:11:04][http-bio-20443-exec-20]: CMSServlet: curDate=Tue Jan 30 06:11:04 EST 2018 id=caProfileSubmitCMCFull time=14


Audit logs:

0.http-bio-20443-exec-20 - [30/Jan/2018:06:11:04 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.12.28.208][ServerIP=10.12.28.208][SubjectID=UID=usercert,CN=usercert][Outcome=Success] access session establish success
0.http-bio-20443-exec-20 - [30/Jan/2018:06:11:04 EST] [14] [6] [AuditEvent=AUTHZ][SubjectID=$Unidentified$][Outcome=Success][aclResource=certServer.ee.profile][Op=submit] authorization success
0.http-bio-20443-exec-20 - [30/Jan/2018:06:11:04 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.12.28.208][ServerIP=10.12.28.208][SubjectID=UID=usercert,CN=usercert][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

</snip2>

Version-Release number of selected component (if applicable):

10.5

How reproducible:

always

Steps to Reproduce:
1. Provide incorrect shared secret .Follow procedure :  http://pki.fedoraproject.org/wiki/PKI_10.5_CMC_Shared_Token#Example_Enrollment_Procedure
2.
3.

Actual results:

No Audit events getting generated

Expected results:

for consistent behavior, all the success and failure events should be there. 

Additional info:

Comment 5 Geetika Kapoor 2018-02-15 11:13:15 UTC
Test Case 1: When revShrtok entry is not found with metainfo into ldap
-----------------------------------------------------------------------

Question: I don't see correct failure reason in audit logs?
===========================================================

CMCResponse:

Number of controls is 1
Control #0: CMCStatusInfoV2
   OID: {1 3 6 1 5 5 7 7 25}
   BodyList: 1 
   OtherInfo type: FAIL
     failInfo=bad identity
ERROR: CMC status for [1]: failed


Debug logs:

[15/Feb/2018:05:44:49][http-bio-25443-exec-3]: SharedSecret.getSharedToken(BigInteger serial): shrTok not found in metaInfo
[15/Feb/2018:05:44:49][http-bio-25443-exec-3]: CMCOutputTemplate: SharedSecret.getSharedToken(BigInteger serial): shrTok not found in metaInfo
[15/Feb/2018:05:44:49][http-bio-25443-exec-3]: CMCOutputTemplate: processRevokeRequestControl:  shared secret not found
[15/Feb/2018:05:44:49][http-bio-25443-exec-3]: SignedAuditLogger: event CERT_STATUS_CHANGE_REQUEST_PROCESSED
[15/Feb/2018:05:44:49][http-bio-25443-exec-3]: LogFile: event type not selected: CERT_STATUS_CHANGE_REQUEST_PROCESSED
[15/Feb/2018:05:44:49][http-bio-25443-exec-3]: CMCOutputTemplate: createFullResponse:  after new ResponseBody, respBody not null


===============================================================================================================

Audit logs:

0.http-bio-25443-exec-3 - [15/Feb/2018:05:44:49 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.12.28.208][ServerIP=10.12.28.208][SubjectID=UID=sslauth,OU=People][Outcome=Success] access session establish success
0.http-bio-25443-exec-3 - [15/Feb/2018:05:44:49 EST] [14] [6] [AuditEvent=AUTHZ][SubjectID=$Unidentified$][Outcome=Success][aclResource=certServer.ee.profile][Op=submit] authorization success
0.http-bio-25443-exec-3 - [15/Feb/2018:05:44:49 EST] [14] [6] [AuditEvent=CMC_REQUEST_RECEIVED][SubjectID=$Unidentified$][Outcome=Success][CMCRequest=MIG7BgkqhkiG9w0BBwGgga0EgaowgacwgZ4wgZsCAQEGCCsGAQUFBwcRMYGLMIGIMFYxFTATBgNVBAoMDFNFQ3VyZS1Ec09PTzEcMBoGA1UECwwTZ2thcG9vcl9SSENTXzc1X3NzbDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZQIECGnKhAoBBgQMd29uZGVyZnVsZGF5DBdnZWV0aWthIHRlc3QgcmV2b2NhdGlvbjAAMAAwAA==] CMC request received
0.http-bio-25443-exec-3 - [15/Feb/2018:05:44:49 EST] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=$Unidentified$][Outcome=Success][CMCResponse=MIIGPwYJKoZIhvcNAQcCoIIGMDCCBiwCAQMxDzANBglghkgBZQMEAgMFADA0BggrBgEFBQcMA6AoBCYwJDAeMBwCAQEGCCsGAQUFBwcZMQ0wCwIBAjADAgEBAgEHMAAwAKCCA+gwggPkMIICzKADAgECAgQM3QwgMA0GCSqGSIb3DQEBDQUAMFMxEjAQBgNVBAoMCVNFQ3VyZS1EczEcMBoGA1UECwwTZ2thcG9vcl9SSENTXzc1X3NzbDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTAeFw0xODAyMTExOTE4MjlaFw0zODAyMTExOTE4MjlaMFMxEjAQBgNVBAoMCVNFQ3VyZS1EczEcMBoGA1UECwwTZ2thcG9vcl9SSENTXzc1X3NzbDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJRuy2MpwSogHtg84aBToFzWzZmkqCdIlO363KqhGb9SDI7nYdJWfSuMW3sMpdxeP/E9DqaEgiTw1b3OBTxSojLHbcjzAiT4iRNv2kwZwMit7JmfemVWMHCwoGm80qrUwUoIcau/I86HXrGN6BjTzjHQJHMbefH+I2zqh0bXhcLCvfH/Vg4X39eQ1Fp/xtX2E8SvjgBagvFVMcUw9XCPk4Gn7i6TTY4fgqq7qqZqrsVNziA2NL07BqvX9joCI3RzJwnxzVP1r8fBA9sPLHrkYUxue/ObQo2uRL91OYdI3R4HLJilbrgYWrixziDXPr6UrbEsiEE+rSg4ff+0yBoGT78CAwEAAaOBvzCBvDAfBgNVHSMEGDAWgBRexDUJbLEkPOUGRug4ZhxMlYyjRjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBxjAdBgNVHQ4EFgQUXsQ1CWyxJDzlBkboOGYcTJWMo0YwWQYIKwYBBQUHAQEETTBLMEkGCCsGAQUFBzABhj1odHRwOi8vY3NxYTQtZ3Vlc3QwNC5pZG0ubGFiLmVuZy5yZHUucmVkaGF0LmNvbToyNTA4MC9jYS9vY3NwMA0GCSqGSIb3DQEBDQUAA4IBAQBV+JNL9Gpm88yTiWPdJgHpiXVQusKJIchrRBTFA1ZbBTFJTcsjv5XrdvEGS4X5PcO6xzWxFLKiiS7T6LA0g6ghVubwqcHo3tmj+xHxNhVopwa9TxvXEPNwfnBFluUwRMoDy1ULb4/ohplmeGVkEeNLfTyo0xtpBSMj92iy6ZwYw5dmE0ZFxfx6hzUnk65qn8H2mIdnWHiRjkwQGCdrq2oizcVM0OaX5rz0msgqSWFO85XjX/IxPVJJNNixSgSFIirVLToModCqX2puWn4wermn8INI3k8MMPOxpEK6L6IFEfGUqXEr/YnRgAGrPljw39p2wU/SCnp8P8CVzIssi/x0MYIB8jCCAe4CAQEwWzBTMRIwEAYDVQQKDAlTRUN1cmUtRHMxHDAaBgNVBAsME2drYXBvb3JfUkhDU183NV9zc2wxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUCBAzdDCAwDQYJYIZIAWUDBAIDBQCgajAXBgkqhkiG9w0BCQMxCgYIKwYBBQUHDAMwTwYJKoZIhvcNAQkEMUIEQEvv2Hre+zYecA1BQPgG1/2oiSly9W6NdK7+dN9RxLwLiAyPnTYH/6v+5z4bW4rdVvzS+N6RWR5fhCwr7OIr37EwDQYJKoZIhvcNAQENBQAEggEAK+9OkkkDSE+652cRCEQYBNwO6iLXbOGoVWas5ahTqvMLlSAYOTD8PVOrJvkTKcCyUQXMQc3SbGTurVFPL7o8PFwJ05jou0DmG3o4J6/Djbf+Gt0QVPW/tVwN4x49JrRB3LJXRv/EQU8EGn85/hYgcrLJMwUJzMnu5aeoilbotAItwzj6sFezHFCqTwu9aHWFYGlU07IAZJL/6LGX5q8V0iuU9eK92K2PuK3pH0Ya5KIWIWKg0igSgBZt6e4PkznU2ln7Am5hTrfM23EsvHOU7cBwIJHLVSotzj1fwkPO7rf7cOY1CCFjprjsJqj3qlhQN7WTpsPX1nPZkrmgVodYtg==] CMC response sent
0.http-bio-25443-exec-3 - [15/Feb/2018:05:44:49 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.12.28.208][ServerIP=10.12.28.208][SubjectID=UID=sslauth,OU=People][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated


Test case 2: Different issuer and revocation dn
------------------------------------------------

debug:

[15/Feb/2018:05:52:47][http-bio-25443-exec-4]: CMCOutputTemplate: processRevokeRequestControl:  Client and server shared secret are the same, can go ahead and revoke certificate.
[15/Feb/2018:05:52:47][http-bio-25443-exec-4]: In LdapBoundConnFactory::getConn()
[15/Feb/2018:05:52:47][http-bio-25443-exec-4]: masterConn is connected: true
[15/Feb/2018:05:52:47][http-bio-25443-exec-4]: getConn: conn is connected true
[15/Feb/2018:05:52:47][http-bio-25443-exec-4]: getConn: mNumConns now 2
[15/Feb/2018:05:52:47][http-bio-25443-exec-4]: returnConn: mNumConns now 3
[15/Feb/2018:05:52:47][http-bio-25443-exec-4]: CMCOutputTemplate: processRevokeRequestControl: shared secret revocation: checking issuer DN
[15/Feb/2018:05:52:47][http-bio-25443-exec-4]: CMCOutputTemplate: processRevokeRequestControl:  certificate issuer DN and revocation request issuer DN do not match

Audit:

0.http-bio-25443-exec-4 - [15/Feb/2018:05:52:47 EST] [14] [6] [AuditEvent=ACCESS_SESSION_ESTABLISH][ClientIP=10.12.28.208][ServerIP=10.12.28.208][SubjectID=UID=sslauth,OU=People][Outcome=Success] access session establish success
0.http-bio-25443-exec-4 - [15/Feb/2018:05:52:47 EST] [14] [6] [AuditEvent=AUTHZ][SubjectID=$Unidentified$][Outcome=Success][aclResource=certServer.ee.profile][Op=submit] authorization success
0.http-bio-25443-exec-4 - [15/Feb/2018:05:52:47 EST] [14] [6] [AuditEvent=CMC_REQUEST_RECEIVED][SubjectID=$Unidentified$][Outcome=Success][CMCRequest=MIG7BgkqhkiG9w0BBwGgga0EgaowgacwgZ4wgZsCAQEGCCsGAQUFBwcRMYGLMIGIMFYxFTATBgNVBAoMDFNFQ3VyZS1Ec09PTzEcMBoGA1UECwwTZ2thcG9vcl9SSENTXzc1X3NzbDEfMB0GA1UEAwwWQ0EgU2lnbmluZyBDZXJ0aWZpY2F0ZQIECGnKhAoBBgQMd29uZGVyZnVsZGF5DBdnZWV0aWthIHRlc3QgcmV2b2NhdGlvbjAAMAAwAA==] CMC request received
0.http-bio-25443-exec-4 - [15/Feb/2018:05:52:47 EST] [14] [6] [AuditEvent=CMC_RESPONSE_SENT][SubjectID=$Unidentified$][Outcome=Success][CMCResponse=MIIGhQYJKoZIhvcNAQcCoIIGdjCCBnICAQMxDzANBglghkgBZQMEAgMFADB6BggrBgEFBQcMA6BuBGwwajBkMGICAQEGCCsGAQUFBwcZMVMwUQIBAjADAgEBDEQgY2VydGlmaWNhdGUgaXNzdWVyIEROIGFuZCByZXZvY2F0aW9uIHJlcXVlc3QgaXNzdWVyIEROIGRvIG5vdCBtYXRjaAIBBzAAMACgggPoMIID5DCCAsygAwIBAgIEDN0MIDANBgkqhkiG9w0BAQ0FADBTMRIwEAYDVQQKDAlTRUN1cmUtRHMxHDAaBgNVBAsME2drYXBvb3JfUkhDU183NV9zc2wxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwHhcNMTgwMjExMTkxODI5WhcNMzgwMjExMTkxODI5WjBTMRIwEAYDVQQKDAlTRUN1cmUtRHMxHDAaBgNVBAsME2drYXBvb3JfUkhDU183NV9zc2wxHzAdBgNVBAMMFkNBIFNpZ25pbmcgQ2VydGlmaWNhdGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCUbstjKcEqIB7YPOGgU6Bc1s2ZpKgnSJTt+tyqoRm/UgyO52HSVn0rjFt7DKXcXj/xPQ6mhIIk8NW9zgU8UqIyx23I8wIk+IkTb9pMGcDIreyZn3plVjBwsKBpvNKq1MFKCHGrvyPOh16xjegY084x0CRzG3nx/iNs6odG14XCwr3x/1YOF9/XkNRaf8bV9hPEr44AWoLxVTHFMPVwj5OBp+4uk02OH4Kqu6qmaq7FTc4gNjS9Owar1/Y6AiN0cycJ8c1T9a/HwQPbDyx65GFMbnvzm0KNrkS/dTmHSN0eByyYpW64GFq4sc4g1z6+lK2xLIhBPq0oOH3/tMgaBk+/AgMBAAGjgb8wgbwwHwYDVR0jBBgwFoAUXsQ1CWyxJDzlBkboOGYcTJWMo0YwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAcYwHQYDVR0OBBYEFF7ENQlssSQ85QZG6DhmHEyVjKNGMFkGCCsGAQUFBwEBBE0wSzBJBggrBgEFBQcwAYY9aHR0cDovL2NzcWE0LWd1ZXN0MDQuaWRtLmxhYi5lbmcucmR1LnJlZGhhdC5jb206MjUwODAvY2Evb2NzcDANBgkqhkiG9w0BAQ0FAAOCAQEAVfiTS/RqZvPMk4lj3SYB6Yl1ULrCiSHIa0QUxQNWWwUxSU3LI7+V63bxBkuF+T3Dusc1sRSyooku0+iwNIOoIVbm8KnB6N7Zo/sR8TYVaKcGvU8b1xDzcH5wRZblMETKA8tVC2+P6IaZZnhlZBHjS308qNMbaQUjI/dosumcGMOXZhNGRcX8eoc1J5Ouap/B9piHZ1h4kY5MEBgna6tqIs3FTNDml+a89JrIKklhTvOV41/yMT1SSTTYsUoEhSIq1S06DKHQql9qblp+MHq5p/CDSN5PDDDzsaRCui+iBRHxlKlxK/2J0YABqz5Y8N/adsFP0gp6fD/AlcyLLIv8dDGCAfIwggHuAgEBMFswUzESMBAGA1UECgwJU0VDdXJlLURzMRwwGgYDVQQLDBNna2Fwb29yX1JIQ1NfNzVfc3NsMR8wHQYDVQQDDBZDQSBTaWduaW5nIENlcnRpZmljYXRlAgQM3QwgMA0GCWCGSAFlAwQCAwUAoGowFwYJKoZIhvcNAQkDMQoGCCsGAQUFBwwDME8GCSqGSIb3DQEJBDFCBEDe5AD14wrjjWfZryulqxF9NV6tzJYqBnmv68EAOx4ueEHBzHLUoMVyT4Ks3MqDAP8Vm7db1ZYqmU1s/vmoVdPvMA0GCSqGSIb3DQEBDQUABIIBAC8tr3wK1SEvx31QF8w6b03Mr6lJ/j/IjOS1Mvv1tvc+7aSYTqTMTB8W9rUtr5HHoBAeTwlPmLgEs7RoBDiLutUJWpEhYVGK3/uZzCMA20l1l+ATc2UhvZ2JgUHRek4yq0Ik1ZT3fT7FSeSN2i2BeiUdV7Z9V3jT3Dqx2jZS81OAJD7RRPprDXmTS0lcj+zIXXkBpgDT7EG0Ygap/cSE4mh2qNBkKl14ccRALmYlZxHd4mMOlkfZcnjoQ5XlDHiO+a/YhsTFipsVLgU/QRhOeadp+HuaGQdF2rlDhJhfCLZpjhmMBCw8FHmKwsY933oabgXH9PIrPGdjgCrfsCGOTLE=] CMC response sent
0.http-bio-25443-exec-4 - [15/Feb/2018:05:52:47 EST] [14] [6] [AuditEvent=ACCESS_SESSION_TERMINATED][ClientIP=10.12.28.208][ServerIP=10.12.28.208][SubjectID=UID=sslauth,OU=People][Outcome=Success][Info=CLOSE_NOTIFY] access session terminated

Comment 6 Christina Fu 2018-02-15 18:42:52 UTC
looks like the event is not enabled by default:
[15/Feb/2018:05:44:49][http-bio-25443-exec-3]: LogFile: event type not selected: CERT_STATUS_CHANGE_REQUEST_PROCESSED

I'll check with Endi (who has a wiki that tracks what need to be enabled) and see if we should enable that.

Comment 7 Christina Fu 2018-02-15 22:37:54 UTC
I did not find the CERT_STATUS_CHANGE_REQUEST_PROCESSED event in
http://pki.fedoraproject.org/wiki/PKI_Server_Audit_Events_Design

I also double-checked the PP and doesn't appear that status change is a required auditable event.

Comment 8 Geetika Kapoor 2018-02-16 17:57:03 UTC
Marking failedQA because failure logs are still not coming in Audit logs.

Comment 11 Geetika Kapoor 2018-02-23 20:18:20 UTC
There are few other issues observed during testing.Adding those also in this Bugzilla.

https://bugzilla.redhat.com/show_bug.cgi?id=1525306#c7
https://bugzilla.redhat.com/show_bug.cgi?id=1525306#c10

Comment 12 Geetika Kapoor 2018-02-23 20:20:47 UTC
Refer https://bugzilla.redhat.com/show_bug.cgi?id=1525306#c12

Comment 13 Matthew Harmsen 2018-04-17 01:00:43 UTC
Per RHEL 7.5.z/7.6/8.0 Triage:  10.5.z

cfu: re-opened due to errors

Comment 16 Matthew Harmsen 2018-05-05 00:28:48 UTC
Moving from ASSIGNED to NEW since this bug was kicked out of the RHEL 7.5 GA errata and will need to first be fixed in RHEL 7.6 before a RHEL 7.5.z bug can be generated.

Comment 17 Christina Fu 2018-06-22 00:56:02 UTC
commit 0bfc946c7b71973a38003d56c30052982b1f8030 (HEAD -> master, origin/master, origin/HEAD, ticket-2920-SharedTokenFailureAudit-master)
Author: Christina Fu <cfu@redhat.com>
Date:   Wed Jun 20 18:59:28 2018 -0700

    Ticket 2920 Part2 of SharedToken Audit
    
    This patch addresses the issue that the original audit message for failure
    got overwritten for SharedToken.
    
    fixes https://pagure.io/dogtagpki/issue/2920
    
    Change-Id: I0c09fbcc39135dc9aeee8a49a40772565af996c4

Comment 19 Matthew Harmsen 2018-06-26 01:47:55 UTC
QE Test Verification

https://bugzilla.redhat.com/show_bug.cgi?id=1594128#c3

Comment 21 Geetika Kapoor 2018-08-17 19:30:41 UTC
Test Env:

rpm -qa pki-ca
pki-ca-10.5.9-5.el7.noarch


Verification:

Verified all that is mentioned in 
https://bugzilla.redhat.com/show_bug.cgi?id=1594128#c3

Comment 23 errata-xmlrpc 2018-10-30 11:05:22 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3195


Note You need to log in before you can comment on or make changes to this bug.