Currently pki cert-find provides the switches revokedOnFrom and revokedOnTo which allows users to find certs which have been revoked from on To a particular date. But the result displayed doesn't display the date on which it has been revoked.
Example:
Serial Number: 0x18a Subject DN: UID=pkiuser85321,E=pkiuser85321@example.org,CN=pkiuser85321,OU=Engineering,O=Example.Inc,C=US Status: REVOKED Type: X.509 version 3 Key Algorithm: PKCS #1 RSA with 2048-bit key Not Valid Before: Tue Jun 24 14:47:47 EDT 2014 Not Valid After: Sun Dec 21 13:47:47 EST 2014 Issued On: Tue Jun 24 14:47:50 EDT 2014 Issued By: CA_agentV
As you can see there is no way to verify the certificate that is being displayed is revoked on 2014-06-21
Same is the case with pki cert-show
Serial Number: 0x18a Issuer: CN=CA Signing Certificate,O=lab.eng.pnq.redhat.com Security Domain Subject: UID=pkiuser85321,E=pkiuser85321@example.org,CN=pkiuser85321,OU=Engineering,O=Example.Inc,C=US Status: REVOKED Not Before: Tue Jun 24 14:47:47 EDT 2014 Not After: Sun Dec 21 13:47:47 EST 2014 [root@dhcp207-176 dogtag]#
Requesting to also add the date on which cert was revoked to the above outputs.
Forgot to submit the description with wiki formatting, Submitting the report with proper formatting.
[root@dhcp207-176 dogtag]# pki cert-find --revokedOnFrom 2014-06-21 --size 1 ----------------- 152 entries found ----------------- Serial Number: 0x18a Subject DN: UID=pkiuser85321,E=pkiuser85321@example.org,CN=pkiuser85321,OU=Engineering,O=Example.Inc,C=US Status: REVOKED Type: X.509 version 3 Key Algorithm: PKCS #1 RSA with 2048-bit key Not Valid Before: Tue Jun 24 14:47:47 EDT 2014 Not Valid After: Sun Dec 21 13:47:47 EST 2014 Issued On: Tue Jun 24 14:47:50 EDT 2014 Issued By: CA_agentV ---------------------------- Number of entries returned 1 ----------------------------
[root@dhcp207-176 dogtag]# pki cert-show 0x18a ------------------- Certificate "0x18a" ------------------- Serial Number: 0x18a Issuer: CN=CA Signing Certificate,O=lab.eng.pnq.redhat.com Security Domain Subject: UID=pkiuser85321,E=pkiuser85321@example.org,CN=pkiuser85321,OU=Engineering,O=Example.Inc,C=US Status: REVOKED Not Before: Tue Jun 24 14:47:47 EDT 2014 Not After: Sun Dec 21 13:47:47 EST 2014
Per CS/DS meeting of 06/30/2014, proposed Milestone: Dogtag 10.3
Per Bug Triage of 05/05/2016: 10.3.1
commit 4bf6c1abb6159c795493991c31f7f3ef24d7c5a6 Author: Ade Lee alee@redhat.com Date: Thu May 19 11:56:26 2016 -0400
Add revocation information to pki CLI output. The date on which the certificate is revoked and the agent that revoked it is displayed now in cert-find and cert-show output. Ticket 1055
Metadata Update from @mrniranjan: - Issue assigned to vakwetu - Issue set to the milestone: 10.3.2
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1620
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.