certmonger

certmonger is a service which attempts to simplify interaction with certifying authorities (CAs) on networks which use public-key infrastructure (PKI).

#85 start-tracking: principal name is not added to tracking request

Created 2 months ago by ftweedal
Modified 2 months ago

I created a new tracking request using getcert start-stracking, and included the
-K PRINC_NAME option:

[f27-2:~/dev/freeipa] [ master ] ftweedal% sudo getcert start-tracking -d /etc/httpd/alias -n 'CN=alt-f27-2.ipa.local,O=Example Organization' -p /etc/httpd/alias/pwdfile.txt -c IPA -D 'f27-2.ipa.local' -K 'HTTP/f27-2.ipa.local@IPA.LOCAL' -C /usr/libexec/ipa/certmonger/restart_httpd                                                                                
New tracking request "20171121073608" added. 

Unfortunatley the new tracking request did not have a principal option:

[root@f27-2 ~]# getcert list -i 20171121073608                                            
Number of certificates and requests being tracked: 7.                                     
Request ID '20171121073608':                                                                                                                                                                 status: MONITORING                   
        stuck: no                                                                                                                                                                    
        key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='CN=alt-f27-2.ipa.local,O=Example Organization',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfil
e.txt'                                       
        certificate: type=NSSDB,location='/etc/httpd/alias',nickname='CN=alt-f27-2.ipa.local,O=Example Organization',token='NSS Certificate DB'                                      
        CA: IPA                              
        issuer: CN=CA,O=Example Organization 
        subject: CN=alt-f27-2.ipa.local,O=Example Organization                            
        expires: 2018-09-20 18:05:31 AEST                                                 
        dns: f27-2.ipa.local                 
        pre-save command:                    
        post-save command: /usr/libexec/ipa/certmonger/restart_httpd                      
        track: yes
        auto-renew: yes

The principal name template value should be remembered.

2 months ago

Metadata Update from @rcritten:
- Issue assigned to rcritten

I can't reproduce this in rawhide with certmonger-0.79.5-2.fc28.x86_64

What version of certmonger is this?

On Wed, Nov 22, 2017 at 02:15:51PM +0000, Rob Crittenden wrote:

rcritten added a new comment to an issue you are following:
``
I can't reproduce this in rawhide with certmonger-0.79.5-2.fc28.x86_64

What version of certmonger is this?
``

It was certmonger-0.79.5-2.fc27.x86_64. I'll try and repro again
and provide more info. Stay tuned.

Yeah I can't repro either. Must have stuffed something up. Sorry for the noise.

2 months ago

Metadata Update from @ftweedal:
- Issue close_status updated to: worksforme

Login to comment on this ticket.

cancel