dogtagpki

Clone
Source Code
GIT

#2578 Recovered valid cert on a userKey token has a status "revoked" after recovering a revoked cert on the token
Closed: migrated 3 years ago by dmoluguw. Opened 7 years ago by rpattath.

Closed: migrated
Reopen Issue

Recovered valid cert on a userKey token has a status "revoked" after recovering
a revoked cert on the token

Steps to Reproduce:

1. TPS CS .cfg has externalReg enabled
2. Enroll the following user using a smartcard
[root@tigger ~]# cat externalReg-userkey-user.ldif
dn: uid=pkiuser3,ou=People,dc=pki-tps
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
objectClass: top
objectClass: extensibleobject
cn: pkiuser3
sn: pkiuser3
uid: pkiuser3
givenName: pkiuser3
mail: pkiuser3@example.org
firstname: pkiuser3
userPassword: redhat
tokenType: userKey
certsToAdd: 22,ca1,1,kra1

22 is the serial number of a valid encryption cert

3. TPS UI shows 3 certiicate under the token and the recovered enc cert has a
status "active"

4. Make the following changes to the user

dn: uid=pkiuser3,ou=People,dc=pki-tps
changetype: modify
replace: certsToAdd
certsToAdd: 22,ca1
certsToAdd: 24,ca1,2,kra1

24 is the serial number of a revoked encryption cert.

5. Enroll the smartcard again with the same user

Actual results:

TPS UI shows 4 certs, certs 22 and 24 have status "revoked"

Expected results:

cert 22 should have status "active" and 24 should have status "revoked"

Additional info:

Attatching debug log to associated bug

Metadata Update from @rpattath:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE
7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: None
- Issue priority set to: 3
- Issue set to the milestone: 10.4 (was: 0.0 NEEDS_TRIAGE)
7 years ago

Per CS/DS Meeting of August 7, 2017, it was determined to move this issue from 10.4 ==> FUTURE.

Metadata Update from @mharmsen:
- Issue set to the milestone: FUTURE (was: 10.4)
6 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2698

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
major
None
None
defect
''
None
None
None
''
QE
''
None
None
None
None
''
TPS
''
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.