Hide Forgot
Description of problem: certmonger does not generates certificate on providing correct PIN with 'getcert resubmit'. Version-Release number of selected component (if applicable): certmonger-0.40-1.el6.x86_64 How reproducible: first try to issue a certificate request with incorrect NSS database PIN and then provide correct PIN with 'getcert resubmit'. Steps to Reproduce: 1.install certmonger. 2.start certmonger service. 3.Change NSS database password to some string from default(null) one. [root@mars ~]# certutil -W -d /tmp/kaleem/ . Enter Password or Pin for "NSS Certificate DB": Enter a password which will be used to encrypt your keys. The password should be at least 8 characters long, and should contain at least one non-alphabetic character. Enter new password: Re-enter password: Password changed successfully. [root@mars ~]# 4.issue a certificate request with incorrect pin of NSS database. [root@mars ~]# getcert request -d /tmp/kaleem/ -n test -c SelfSign -P "incorrect" New signing request "20110406040229" added. [root@mars ~]# getcert list Number of certificates and requests being tracked: 1. Request ID '20110406040229': status: NEWLY_ADDED_NEED_KEYI_READ_PIN stuck: yes key pair storage: type=NSSDB,location='/tmp/kaleem',nickname=test,pin=incorrect certificate: type=NSSDB,location='/tmp/kaleem',nickname=test CA: SelfSign issuer: subject: expires: unknown track: yes auto-renew: yes [root@mars ~]# 5.resubmit the request of step 3 with correct NSS database PIN. [root@mars ~]# getcert resubmit -d /tmp/kaleem/ -n test -c SelfSign -P "temp123#" Resubmitting "20110406040229" to "SelfSign". [root@mars ~]# getcert list Number of certificates and requests being tracked: 1. Request ID '20110406040229': status: NEED_CSR stuck: no key pair storage: type=NSSDB,location='/tmp/kaleem',nickname=test,pin=temp123# certificate: type=NSSDB,location='/tmp/kaleem',nickname=test CA: SelfSign issuer: subject: expires: unknown track: yes auto-renew: yes [root@mars ~]# Status is now "NEED_CSR". Actual results: Request status is shown as "NEED_CSR" Expected results: Request status should be "MONITORING" which means certificate should have been generated.
Since RHEL 6.1 External Beta has begun, and this bug remains unresolved, it has been rejected as it is not proposed as exception or blocker. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux.
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: As a workaround, certmonger can be told to stop attempting to do anything with the key and certificate by using the "getcert stop-tracking" command to remove the request, and then by using the "getcert request" command to re-add it with the correct PIN value.