Bug 1549585
| Summary: | Document owner and permission parameters to getcert | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Johan Swensson <jswensso> |
| Component: | certmonger | Assignee: | Rob Crittenden <rcritten> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 7.4 | CC: | myusuf, nalin, ndehadra, pvoborni |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | certmonger-0.78.4-12.el7 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-03-31 19:44:23 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
version: certmonger-0.78.4-12.el7.x86_64 [root@master ~]# ipa-getcert request --help ipa-getcert - client certificate enrollment tool Usage: ipa-getcert request [options] Required arguments: * If using an NSS database for storage: -d DIR NSS database for key and cert -n NAME nickname for NSS-based storage (only valid with -d) -t NAME optional token name for NSS-based storage (only valid with -d) * If using files for storage: -k FILE PEM file for private key -f FILE PEM file for certificate (only valid with -k) * If keys are to be encrypted: -p FILE file which holds the encryption PIN -P PIN PIN value Optional arguments: * Certificate handling settings: -I NAME nickname to assign to the request -G TYPE type of key to be generated if one is not already in place -g SIZE size of key to be generated if one is not already in place -r attempt to renew the certificate when expiration nears (default) -R don't attempt to renew the certificate when expiration nears -T PROFILE ask the CA to process the request using the named profile or template --ms-template-spec SPEC include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION]) -X ISSUER ask the CA to process the request using the named issuer * Parameters for the signing request: -N NAME set requested subject name (default: CN=<hostname>) -U EXTUSAGE set requested extended key usage OID -u KEYUSAGE set requested key usage value -K NAME set requested principal name -D DNSNAME set requested DNS name -E EMAIL set requested email address -A ADDRESS set requested IP address -l FILE file which holds an optional challenge password -L PASSWORD an optional challenge password value * Bus options: -S connect to the certmonger service on the system bus -s connect to the certmonger service on the session bus * Other options: -B command to run before saving the certificate -C command to run after saving the certificate -F file in which to store the CA's certificates -a NSS database in which to store the CA's certificates -w try to wait for the certificate to be issued -v report all details of errors -o OWNER owner information for private key -m MODE file permissions for private key -O OWNER owner information for certificate -M MODE file permissions for certificate [root@master ~]# getcert request --help getcert - client certificate enrollment tool Usage: getcert request [options] Required arguments: * If using an NSS database for storage: -d DIR NSS database for key and cert -n NAME nickname for NSS-based storage (only valid with -d) -t NAME optional token name for NSS-based storage (only valid with -d) * If using files for storage: -k FILE PEM file for private key -f FILE PEM file for certificate (only valid with -k) * If keys are to be encrypted: -p FILE file which holds the encryption PIN -P PIN PIN value Optional arguments: * Certificate handling settings: -I NAME nickname to assign to the request -G TYPE type of key to be generated if one is not already in place -g SIZE size of key to be generated if one is not already in place -r attempt to renew the certificate when expiration nears (default) -R don't attempt to renew the certificate when expiration nears -c CA use the specified CA rather than the default -T PROFILE ask the CA to process the request using the named profile or template --ms-template-spec SPEC include V2 template specifier in CSR (format: OID:MAJOR-VERSION[:MINOR-VERSION]) -X ISSUER ask the CA to process the request using the named issuer * Parameters for the signing request: -N NAME set requested subject name (default: CN=<hostname>) -U EXTUSAGE set requested extended key usage OID -u KEYUSAGE set requested key usage value -K NAME set requested principal name -D DNSNAME set requested DNS name -E EMAIL set requested email address -A ADDRESS set requested IP address -l FILE file which holds an optional challenge password -L PASSWORD an optional challenge password value * Bus options: -S connect to the certmonger service on the system bus -s connect to the certmonger service on the session bus * Other options: -B command to run before saving the certificate -C command to run after saving the certificate -F file in which to store the CA's certificates -a NSS database in which to store the CA's certificates -w try to wait for the certificate to be issued -v report all details of errors -o OWNER owner information for private key -m MODE file permissions for private key -O OWNER owner information for certificate -M MODE file permissions for certificate parameters can be seen in the help menu. Hence marking the verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2020:1052 |
Description of problem: The following parameters are not documented in getcert request --help {"key-owner", 'o', POPT_ARG_STRING, NULL, 'o', _("owner information for private key"), HELP_TYPE_USER}, {"key-perms", 'm', POPT_ARG_STRING, NULL, 'm', _("file permissions for private key"), HELP_TYPE_MODE}, {"cert-owner", 'O', POPT_ARG_STRING, NULL, 'O', _("owner information for certificate"), HELP_TYPE_USER}, {"cert-perms", 'M', POPT_ARG_STRING, NULL, 'M', _("file permissions for certificate"), HELP_TYPE_MODE}, Version-Release number of selected component (if applicable): certmonger-0.78.4-3 How reproducible: getcert request --help or ipa-getcert request --help Steps to Reproduce: 1. getcert request --help or ipa-getcert request --help 2. 3. Actual results: The help nor man pages does not mention the the parameters. Expected results: Help and and man pages should mention all available parameters.