Issue #2801: non-CA subsystems to automatically get the CA information when kra-user-cert-add is used with serial number - dogtagpki

dogtagpki

#2801 non-CA subsystems to automatically get the CA information when kra-user-cert-add is used with serial number

Closed: migrated 3 years ago by dmoluguw. Opened 6 years ago by mharmsen.

non-CA subsystems to automatically get the CA information when kra-user-cert-add is used with serial number

Steps to Reproduce:

[root@auto-hv-01-guest01 certdb]# pki -p 20080 cert-show 0x5a --output /tmp/testagent.pem
------------------
Certificate "0x5a"
------------------
  Serial Number: 0x5a
  Issuer: CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org
  Subject: UID=testAgent,E=testAgent@example.org,CN=testAgent,OU=IDMQE,C=US
  Status: VALID
  Not Before: Thu Jul 13 13:54:40 EDT 2017
  Not After: Tue Jan 09 13:54:40 EST 2018


[root@auto-hv-01-guest01 certdb]# pki -d /root/multihost_tests/certdb/ -n KRA_AdminV -c Secret123 -h pki1.example.com -p 21080 kra-user-cert-add testAgentUser --input /tmp/testagent.pem 
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Added certificate "2;90;CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org;UID=testAgent,E=testAgent@example.org,CN=testAgent,OU=IDMQE,C=US"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------

[root@auto-hv-01-guest01 certdb]# pki -d /root/multihost_tests/certdb/ -n KRA_AdminV -c Secret123 -h pki1.example.com -p 21080 kra-user-cert-del testAgentUser "2;90;CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org;UID=testAgent,E=testAgent@example.org,CN=testAgent,OU=IDMQE,C=US"
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
Deleted certificate "2;90;CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org;UID=testAgent,E=testAgent@example.org,CN=testAgent,OU=IDMQE,C=US"
----------------------------------------------------------------------------------------------------------------------------------------------------------------------
[root@auto-hv-01-guest01 certdb]# pki -d /root/multihost_tests/certdb/ -n KRA_AdminV -c Secret123 -h pki1.example.com -p 21080 kra-user-cert-add testAgentUser --serial 0x5a
Error: CA subsystem not available
CA server URI [http://pki1.example.com:21080]: http://pki1.example.com:20080
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Added certificate "2;90;CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org;UID=testAgent,E=testAgent@example.org,CN=testAgent,OU=IDMQE,C=US"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
  Cert ID: 2;90;CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org;UID=testAgent,E=testAgent@example.org,CN=testAgent,OU=IDMQE,C=US
  Version: 2
  Serial Number: 0x5a
  Issuer: CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org
  Subject: UID=testAgent,E=testAgent@example.org,CN=testAgent,OU=IDMQE,C=US

Expected results:

pki -d /root/multihost_tests/certdb/ -n KRA_AdminV -c Secret123 -h pki1.example.com -p 21080 kra-user-cert-add testAgentUser --serial 0x5a should not prompt for CA information, instead should get the CA information automatically.

Metadata Update from @mharmsen:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1470833
- Custom field type adjusted to None
- Custom field version adjusted to None
- Issue priority set to: major
- Issue set to the milestone: FUTURE

6 years ago

mharmsen commented 5 years ago

Per 10.5.x/10.6 Triage: FUTURE

edewata: unimplemented feature. there's a workaround.

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2921

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

FUTURE

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1470833

type

None

version

None

keywords

None

estimate

None

feature

None

origin

None

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

None

proposedmilestone

None

dogtagpki

Source Code

#2801 non-CA subsystems to automatically get the CA information when kra-user-cert-add is used with serial number Closed: migrated 3 years ago by dmoluguw. Opened 6 years ago by mharmsen.

Metadata

#2801 non-CA subsystems to automatically get the CA information when kra-user-cert-add is used with serial number

Closed: migrated 3 years ago by dmoluguw. Opened 6 years ago by mharmsen.