RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 727282 - [ipa webui] Can not get or view host certificate - Regression
Summary: [ipa webui] Can not get or view host certificate - Regression
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ipa
Version: 6.1
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Rob Crittenden
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-01 18:01 UTC by Jenny Severance
Modified: 2015-01-04 23:50 UTC (History)
3 users (show)

Fixed In Version: ipa-2.1.0-1.el6
Doc Type: Bug Fix
Doc Text:
Cause: Trying to view the certificate of a host would return the error "unknown command u'show'" Consequence: User would have to use the command-line to view host certificates. Fix: The certificate buttons including Get, View, Revoke and Restore for hosts and services have been fixed to use the correct entity name. Result: Viewing certificates works.
Clone Of:
Environment:
Last Closed: 2011-12-06 18:29:17 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
error message (63.69 KB, image/png)
2011-08-01 18:01 UTC, Jenny Severance 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2011:1533 0 normal SHIPPED_LIVE Moderate: ipa security and bug fix update 2011-12-06 01:23:31 UTC

Description Jenny Severance 2011-08-01 18:01:43 UTC 
Created attachment 516187 [details]
error message

Description of problem:
After updated to the latest good ipa build.  Can no longer Get or View a host's certificate.  Clicking on either of these buttons results in error "unknown command u'show'".  See attached screen shot.

I am able to run this from the command-line,

Show host to get serial number :

# ipa host-show --all myhost.qe.lab.ipa
  dn: fqdn=myhost.qe.lab.ipa,cn=computers,cn=accounts,dc=qe,dc=lab,dc=ipa
  Host name: myhost.qe.lab.ipa
  Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5MQUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAxMTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRowGAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WVChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZDMwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCBiTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8NRos6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCVYACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVGaL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl
  Principal name: host/myhost.qe.lab.ipa.IPA
  Keytab: False
  Managed by: myhost.qe.lab.ipa
  Managing: myhost.qe.lab.ipa
  Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA
  Serial Number: 68
  Issuer: CN=Certificate Authority,O=QE.LAB.IPA
  Not Before: Mon Aug 01 17:53:34 2011 UTC
  Not After: Sat Jan 28 17:53:34 2012 UTC
  Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20
  Fingerprint (SHA1): 33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01
  cn: myhost.qe.lab.ipa
  ipauniqueid: 2a54cdc6-bc67-11e0-bb7c-0015172f2b30
  objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, top
  serverhostname: myhost


show the certificate ...

# ipa cert-show 68
  Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5M
QUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAx
MTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRow
GAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WV
ChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZD
MwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCB
iTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1
MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2Nh
L29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG
SIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT
75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8N
Ros6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk
8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCV
YACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVG
aL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl
  Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA
  Issuer: CN=Certificate Authority,O=QE.LAB.IPA
  Not Before: Mon Aug 01 17:53:34 2011 UTC
  Not After: Sat Jan 28 17:53:34 2012 UTC
  Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20
  Fingerprint (SHA1): 33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01
  Serial number: 68


Version-Release number of selected component (if applicable):
Name        : ipa-server                   Relocations: (not relocatable)
Version     : 2.0.99                            Vendor: (none)
Release     : 5.20110729T0519zgit51cd0c9.el6   Build Date: Fri 29 Jul 2011 01:32:08 AM EDT
Install Date: Fri 29 Jul 2011 04:53:56 PM EDT      Build Host: goofy-vm16.dsdev.sjc.redhat.com
Group       : System Environment/Base       Source RPM: ipa-2.0.99-5.20110729T0519zgit51cd0c9.el6.src.rpm
Size        : 3261447                          License: GPLv3+
Signature   : (none)
URL         : http://www.freeipa.org/
Summary     : The IPA authentication server
Description :
IPA is an integrated solution to provide centrally managed Identity (machine,
user, virtual machines, groups, authentication credentials), Policy
(configuration settings, access control information) and Audit (events,
logs, analysis thereof). If you are installing an IPA server you need
to install this package (in other words, most people should NOT install
this package).


How reproducible:


Steps to Reproduce:
1. generate a host CSR (I used certutil)
2. add a new ipa host
3. submit the CSR for signing
4. edit the host and try to view or get the host's certificate
  
Actual results:


Expected results:


Additional info:
Comment 2 Rob Crittenden 2011-08-02 12:49:32 UTC 
https://fedorahosted.org/freeipa/ticket/1556
Comment 3 Rob Crittenden 2011-08-16 13:53:38 UTC 
master: 4c9359ab625c700f150cfd8191e7181542089633
Comment 5 Rob Crittenden 2011-11-01 01:06:27 UTC 
    Technical note added. If any revisions are required, please edit the "Technical Notes" field
    accordingly. All revisions will be proofread by the Engineering Content Services team.
    
    New Contents:
Cause: Trying to view the certificate of a host would return the error "unknown command u'show'"
Consequence: User would have to use the command-line to view host certificates.
Fix: The certificate buttons including Get, View, Revoke and Restore for hosts and services have been fixed to use the correct entity name.
Result: Viewing certificates works.
Comment 6 Namita Soman 2011-11-05 20:19:10 UTC 
Verified using ipa-server-2.1.3-8.el6.x86_64
Can issue, get and view cert for host
Comment 7 errata-xmlrpc 2011-12-06 18:29:17 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHSA-2011-1533.html
Note You need to log in before you can comment on or make changes to this bug.