727282 – [ipa webui] Can not get or view host certificate - Regression

Bug 727282 - [ipa webui] Can not get or view host certificate - Regression

Summary: [ipa webui] Can not get or view host certificate - Regression

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 6
Classification:	Red Hat
Component:	ipa
Sub Component:
Version:	6.1
Hardware:	Unspecified
OS:	Unspecified
Priority:	high
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Rob Crittenden
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-08-01 18:01 UTC by Jenny Severance
Modified:	2015-01-04 23:50 UTC (History)
CC List:	3 users (show)
Fixed In Version:	ipa-2.1.0-1.el6
Doc Type:	Bug Fix
Doc Text:	Cause: Trying to view the certificate of a host would return the error "unknown command u'show'" Consequence: User would have to use the command-line to view host certificates. Fix: The certificate buttons including Get, View, Revoke and Restore for hosts and services have been fixed to use the correct entity name. Result: Viewing certificates works.
Clone Of:
Environment:
Last Closed:	2011-12-06 18:29:17 UTC
Target Upstream Version:

Attachments	(Terms of Use)
error message (63.69 KB, image/png) 2011-08-01 18:01 UTC, Jenny Severance	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Links
System	ID	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2011:1533	normal	SHIPPED_LIVE	Moderate: ipa security and bug fix update	2011-12-06 01:23:31 UTC

Description Jenny Severance 2011-08-01 18:01:43 UTC

Created attachment 516187 [details]
error message

Description of problem:
After updated to the latest good ipa build.  Can no longer Get or View a host's certificate.  Clicking on either of these buttons results in error "unknown command u'show'".  See attached screen shot.

I am able to run this from the command-line,

Show host to get serial number :

# ipa host-show --all myhost.qe.lab.ipa
  dn: fqdn=myhost.qe.lab.ipa,cn=computers,cn=accounts,dc=qe,dc=lab,dc=ipa
  Host name: myhost.qe.lab.ipa
  Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5MQUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAxMTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRowGAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WVChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZDMwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCBiTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8NRos6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCVYACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVGaL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl
  Principal name: host/myhost.qe.lab.ipa@QE.LAB.IPA
  Keytab: False
  Managed by: myhost.qe.lab.ipa
  Managing: myhost.qe.lab.ipa
  Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA
  Serial Number: 68
  Issuer: CN=Certificate Authority,O=QE.LAB.IPA
  Not Before: Mon Aug 01 17:53:34 2011 UTC
  Not After: Sat Jan 28 17:53:34 2012 UTC
  Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20
  Fingerprint (SHA1): 33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01
  cn: myhost.qe.lab.ipa
  ipauniqueid: 2a54cdc6-bc67-11e0-bb7c-0015172f2b30
  objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, top
  serverhostname: myhost


show the certificate ...

# ipa cert-show 68
  Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5M
QUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAx
MTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRow
GAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WV
ChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZD
MwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCB
iTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1
MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2Nh
L29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG
SIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT
75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8N
Ros6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk
8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCV
YACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVG
aL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl
  Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA
  Issuer: CN=Certificate Authority,O=QE.LAB.IPA
  Not Before: Mon Aug 01 17:53:34 2011 UTC
  Not After: Sat Jan 28 17:53:34 2012 UTC
  Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20
  Fingerprint (SHA1): 33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01
  Serial number: 68


Version-Release number of selected component (if applicable):
Name        : ipa-server                   Relocations: (not relocatable)
Version     : 2.0.99                            Vendor: (none)
Release     : 5.20110729T0519zgit51cd0c9.el6   Build Date: Fri 29 Jul 2011 01:32:08 AM EDT
Install Date: Fri 29 Jul 2011 04:53:56 PM EDT      Build Host: goofy-vm16.dsdev.sjc.redhat.com
Group       : System Environment/Base       Source RPM: ipa-2.0.99-5.20110729T0519zgit51cd0c9.el6.src.rpm
Size        : 3261447                          License: GPLv3+
Signature   : (none)
URL         : http://www.freeipa.org/
Summary     : The IPA authentication server
Description :
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are installing an IPA server you need
to install this package (in other words, most people should NOT install
this package).


How reproducible:


Steps to Reproduce:
1. generate a host CSR (I used certutil)
2. add a new ipa host
3. submit the CSR for signing
4. edit the host and try to view or get the host's certificate
  
Actual results:


Expected results:


Additional info:

Comment 2 Rob Crittenden 2011-08-02 12:49:32 UTC

https://fedorahosted.org/freeipa/ticket/1556

Comment 3 Rob Crittenden 2011-08-16 13:53:38 UTC

master: 4c9359ab625c700f150cfd8191e7181542089633

Comment 5 Rob Crittenden 2011-11-01 01:06:27 UTC

    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Trying to view the certificate of a host would return the error "unknown command u'show'"
Consequence: User would have to use the command-line to view host certificates.
Fix: The certificate buttons including Get, View, Revoke and Restore for hosts and services have been fixed to use the correct entity name.
Result: Viewing certificates works.

Comment 6 Namita Soman 2011-11-05 20:19:10 UTC

Verified using ipa-server-2.1.3-8.el6.x86_64
Can issue, get and view cert for host

Comment 7 errata-xmlrpc 2011-12-06 18:29:17 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html

Note You need to log in before you can comment on or make changes to this bug.