Hide Forgot
Created attachment 516187 [details] error message Description of problem: After updated to the latest good ipa build. Can no longer Get or View a host's certificate. Clicking on either of these buttons results in error "unknown command u'show'". See attached screen shot. I am able to run this from the command-line, Show host to get serial number : # ipa host-show --all myhost.qe.lab.ipa dn: fqdn=myhost.qe.lab.ipa,cn=computers,cn=accounts,dc=qe,dc=lab,dc=ipa Host name: myhost.qe.lab.ipa Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5MQUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAxMTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRowGAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WVChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZDMwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCBiTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8NRos6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCVYACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVGaL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl Principal name: host/myhost.qe.lab.ipa@QE.LAB.IPA Keytab: False Managed by: myhost.qe.lab.ipa Managing: myhost.qe.lab.ipa Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA Serial Number: 68 Issuer: CN=Certificate Authority,O=QE.LAB.IPA Not Before: Mon Aug 01 17:53:34 2011 UTC Not After: Sat Jan 28 17:53:34 2012 UTC Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20 Fingerprint (SHA1): 33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01 cn: myhost.qe.lab.ipa ipauniqueid: 2a54cdc6-bc67-11e0-bb7c-0015172f2b30 objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice, krbprincipalaux, krbprincipal, top serverhostname: myhost show the certificate ... # ipa cert-show 68 Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5M QUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAx MTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRow GAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw gYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WV ChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZD MwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCB iTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1 MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2Nh L29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG SIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT 75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8N Ros6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk 8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCV YACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVG aL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA Issuer: CN=Certificate Authority,O=QE.LAB.IPA Not Before: Mon Aug 01 17:53:34 2011 UTC Not After: Sat Jan 28 17:53:34 2012 UTC Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20 Fingerprint (SHA1): 33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01 Serial number: 68 Version-Release number of selected component (if applicable): Name : ipa-server Relocations: (not relocatable) Version : 2.0.99 Vendor: (none) Release : 5.20110729T0519zgit51cd0c9.el6 Build Date: Fri 29 Jul 2011 01:32:08 AM EDT Install Date: Fri 29 Jul 2011 04:53:56 PM EDT Build Host: goofy-vm16.dsdev.sjc.redhat.com Group : System Environment/Base Source RPM: ipa-2.0.99-5.20110729T0519zgit51cd0c9.el6.src.rpm Size : 3261447 License: GPLv3+ Signature : (none) URL : http://www.freeipa.org/ Summary : The IPA authentication server Description : IPA is an integrated solution to provide centrally managed Identity (machine, user, virtual machines, groups, authentication credentials), Policy (configuration settings, access control information) and Audit (events, logs, analysis thereof). If you are installing an IPA server you need to install this package (in other words, most people should NOT install this package). How reproducible: Steps to Reproduce: 1. generate a host CSR (I used certutil) 2. add a new ipa host 3. submit the CSR for signing 4. edit the host and try to view or get the host's certificate Actual results: Expected results: Additional info:
https://fedorahosted.org/freeipa/ticket/1556
master: 4c9359ab625c700f150cfd8191e7181542089633
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Cause: Trying to view the certificate of a host would return the error "unknown command u'show'" Consequence: User would have to use the command-line to view host certificates. Fix: The certificate buttons including Get, View, Revoke and Restore for hosts and services have been fixed to use the correct entity name. Result: Viewing certificates works.
Verified using ipa-server-2.1.3-8.el6.x86_64 Can issue, get and view cert for host
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHSA-2011-1533.html