pki cert-find cannot find certs with a specific revocation reason when revocation reason is passed instead of it's numeric code
Example:
[root@dhcp207-176 dogtag]# pki -d /opt/rhqa_pki/certs_db/ -n "PKI Administrator for lab.eng.pnq.redhat.com" -c redhat123 cert-find --revocationReason Key_Compromise --------------- 0 entries found --------------- [root@dhcp207-176 dogtag]# pki -d /opt/rhqa_pki/certs_db/ -n "PKI Administrator for lab.eng.pnq.redhat.com" -c redhat123 cert-find --revocationReason unspecified --------------- 0 entries found --------------- [root@dhcp207-176 dogtag]# pki -d /opt/rhqa_pki/certs_db/ -n "PKI Administrator for lab.eng.pnq.redhat.com" -c redhat123 cert-find --revocationReason 0 --------------- 3 entries found ---------------
it works when we provided Numeric codes for revocation reason.
[root@dhcp207-176 dogtag]# pki -d /opt/rhqa_pki/certs_db/ -n "PKI Administrator for lab.eng.pnq.redhat.com" -c redhat123 cert-find --revocationReason 0 --------------- 3 entries found --------------- Serial Number: 0xe Subject DN: UID=CA_adminR,E=CA_adminR@example.com,CN=CA_Admin_RevokedCert,OU=Engineering,O=Example,C=US Status: REVOKED Type: X.509 version 3 Key Algorithm: PKCS #1 RSA with 2048-bit key Not Valid Before: Thu Jun 19 07:34:07 EDT 2014 Not Valid After: Tue Dec 16 06:34:07 EST 2014 Issued On: Thu Jun 19 07:34:10 EDT 2014 Issued By: caadmin Serial Number: 0x11 Subject DN: UID=CA_agentR,E=CA_agentR@example.com,CN=CA_Agent_RevokedCert,OU=Engineering,O=Example,C=US Status: REVOKED Type: X.509 version 3 Key Algorithm: PKCS #1 RSA with 2048-bit key Not Valid Before: Thu Jun 19 07:35:57 EDT 2014 Not Valid After: Tue Dec 16 06:35:57 EST 2014 Issued On: Thu Jun 19 07:35:59 EDT 2014 Issued By: caadmin Serial Number: 0x18a Subject DN: UID=pkiuser85321,E=pkiuser85321@example.org,CN=pkiuser85321,OU=Engineering,O=Example.Inc,C=US Status: REVOKED Type: X.509 version 3 Key Algorithm: PKCS #1 RSA with 2048-bit key Not Valid Before: Tue Jun 24 14:47:47 EDT 2014 Not Valid After: Sun Dec 21 13:47:47 EST 2014 Issued On: Tue Jun 24 14:47:50 EDT 2014 Issued By: CA_agentV ---------------------------- Number of entries returned 3 ----------------------------
Per CS/DS meeting of 06/30/2014, proposed Milestone: Dogtag 10.3
NOTE: PKI TRAC Ticket #1059 - man page tweak - pki cert-find cannot find certs with a specific revocation reason when revocation reason is passed instead of it's numeric code was filed for Dogtag 10.2.1, and should be removed from the man page once this issue has been fixed.
Per Bug Triage of 05/05/2016: 10.3.1
commit 946f561285fe63154d35eb1c99f3d017df8db608 Author: Ade Lee alee@redhat.com Date: Thu May 19 10:49:59 2016 -0400
Allow cert-find using revocation reasons The REST API expects the integer revocation code to be passed in a certificate search. We have modified the client to allow the user to provide either a revocation code or a revocation reason as a search parameter. Ticket 1053
Metadata Update from @mrniranjan: - Issue assigned to vakwetu - Issue set to the milestone: 10.3.2
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1618
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.