Bug 845622 - If an idenity certificate has expired, there should be a friendly error message
If an idenity certificate has expired, there should be a friendly error message
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: subscription-manager (Show other bugs)
Unspecified Unspecified
unspecified Severity unspecified
: beta
: 5.10
Assigned To: William Poteat
Entitlement Bugs
Depends On:
Blocks: rhsm-rhel510 rhsm-2013
  Show dependency treegraph
Reported: 2012-08-03 11:32 EDT by Bryan Kearney
Modified: 2013-09-30 18:49 EDT (History)
8 users (show)

See Also:
Fixed In Version: 1.8.2
Doc Type: Bug Fix
Doc Text:
Cause: Unfriendly error messages being displayed to user. Consequence: The unfriendly error messages make it difficult to understand why something failed. Fix: Added verbiage to notify users that their identity certificate is expired. Result: Now users can see when their identity certificates are expired instead of trying to decipher a cryptic error message.
Story Points: ---
Clone Of:
Last Closed: 2013-09-30 18:49:36 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
jgalipea: needinfo+

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2013:1332 normal SHIPPED_LIVE subscription-manager bug fix and enhancement update 2013-09-30 18:49:24 EDT

  None (edit)
Description Bryan Kearney 2012-08-03 11:32:25 EDT
The error message shown to the users should be human readable.
Comment 1 gaoshang 2012-09-05 03:27:47 EDT
I would like to develop test case for the issue, but I can not get more detailed information over the issue, could you help provide the design details of it or detailed test steps on how to verify it?
Comment 2 Adrian Likins 2012-12-12 10:20:17 EST
What kind of use case are users seeing bad error messages?

For gui stuff at least, we seem to equate an expired cert as
an invalid one, and treat it as unregistered. 

Do we have a suggested path for consumers to take when they
have an expired id cert?
Comment 3 Michael Stead 2013-01-11 12:43:12 EST
Technically users shouldn't really see this that often since identity certs *should* get regenerated when the reach the expiry threshold.

I think the plan was to just clean up the error messages so that users were more aware as to why the SSL error happened.
Comment 4 William Poteat 2013-01-11 14:16:52 EST
Subscription Manager commit 8ff80d6e3e7c259e3e089ac8052e6f66dd9e4776
Python-rhsm commit 030d4a7aa3f93f5b2a1709a71170170db597c833

gaoshang: The way I tested this was to register the system, then set the clocks forward after the expiration on the certificate.

Adrian: The error was just generic. The only way this scenario occurs is for the machine or rhsmcertd to be off during the expiration time. The path to take is a clean and re-register.
Comment 5 Bryan Kearney 2013-02-08 12:18:14 EST
Fixed in the 1.8.2 version of subscription-manager or python-rhsm
Comment 6 RHEL Product and Program Management 2013-04-09 16:54:29 EDT
This request was evaluated by Red Hat Product Management for inclusion
in a Red Hat Enterprise Linux release.  Product Management has
requested further review of this request by Red Hat Engineering, for
potential inclusion in a Red Hat Enterprise Linux release for currently
deployed products.  This request is not yet committed for inclusion in
a release.
Comment 7 Sharath Dwaral 2013-04-30 09:58:26 EDT
# rpm -qa | egrep "subscription-manager|python-rhsm"

# date 
Tue Apr 30 9:40:13:80 EST 2013

# date 
Tue Apr 30 9:40:14:13 EST 2013

# subscription-manager register
Username: testuser1
Organization: admin
The system has been registered with ID: 53515d90-94c0-451e-975e-d1c95f1447bb

# date --set "20430501"              >> Advancing date by 30 years
Fri May  1 00:00:00 EST 2043

# date --set "20430501"              >> Advancing date by 30 years
Fri May  1 00:00:00 EDT 2043

# subscription-manager identity
Your identity certificate has expired

Comment 8 Bryan Kearney 2013-09-09 13:11:47 EDT
sorry.. I missed the needinfo. It is verified, so I am clearing it now.
Comment 10 errata-xmlrpc 2013-09-30 18:49:36 EDT
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.