A better error message is required when a renewal request made to a certificate outside renewal grace period.
Steps to Reproduce: 1. caUserCert profile has this renewal policy:
policyset.userCertSet.list=1,10,2,3,4,5,6,7,8,9 policyset.userCertSet.10.constraint.class_id=renewGracePeriodConstraintImpl policyset.userCertSet.10.constraint.name=Renewal Grace Period Constraint policyset.userCertSet.10.constraint.params.renewal.graceBefore=30 policyset.userCertSet.10.constraint.params.renewal.graceAfter=30 policyset.userCertSet.10.default.class_id=noDefaultImpl policyset.userCertSet.10.default.name=No Default
Create a certificate that expires in 31 days using profile caUserCert.
From CA EE page select Renewal:Renew certificate to be manually approved by agents and provide serial number in decimal and click submit.
Actual results:
Sorry, your request has been rejected. The reason is "Request rejected - {0}"
Expected results:
Sorry, your request has been rejected. The reason is "Request rejected - Outside of Renewal Grace Period: 30 days before and 30 days after original expiration date.". (Message that's displayed in CS 8.1 environment)
Per Bug Triage of 05/05/2016: 10.3.1
NOTE: See if fixing this bug also fixes [Bugzilla Bug #1249400 - CA EE: Submit caUserCert request without uid does not show proper error message] and by association, https://fedorahosted.org/pki/ticket/1536 PKI TRAC Ticket #1536 - CA EE: Submit caUserCert request without uid does not show proper error message
This should be fixed by the fix in :
commit 65c7652926aedfd88b80386a9059b46e7e9e5af9 Author: Ade Lee alee@redhat.com Date: Sat May 7 00:06:08 2016 -0400
Fix error output when request is rejected With this fix, error messages are returned to the user when a request is rejected - either in the UI or from the pki CLI. Trac Ticket 1247 (amongst others)
Rejected requests should now show a proper error message.
Metadata Update from @mharmsen: - Issue set to the milestone: 10.3.8
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1809
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.