pki cert-request-review when --action and --output parameters present doesn't create a file:
[root@server pki-cert-cli]# pki -d /tmp/tmp.dgbQzdVJEX/nssdb -n "PKI Administrator for example.com" -w Password -t ca cert-request-review --action=validate --output=/tmp/tmp.dgbQzdVJEX/certapprove_001.out 24 WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch -------------------------------- Validated certificate request 24 -------------------------------- [root@iota pki-cert-cli]# cat /tmp/tmp.dgbQzdVJEX/certapprove_001.out cat: /tmp/tmp.dgbQzdVJEX/certapprove_001.out: No such file or directory
When --action parameter not present and --output is present, pki cert-request-review cli requests the user to enter a Action (approve/reject/cancel/update/validate/assign/unassign) and creates a output file if --output param is present
[root@server pki-cert-cli]# pki -d /tmp/tmp.dgbQzdVJEX/nssdb -n "PKI Administrator for example.com" -w Password -t ca cert-request-review --output=/tmp/tmp.dgbQzdVJEX/certapprove_001.out 24 WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch -------------------------------- Retrieved certificate request 24 -------------------------------- Request ID: 24 Profile: Manual User Dual-Use Certificate Enrollment Type: enrollment Status: pending Filename: /tmp/tmp.dgbQzdVJEX/certapprove_001.out Action (approve/reject/cancel/update/validate/assign/unassign): validate -------------------------------- Validated certificate request 24 --------------------------------
**The presence of --action parameter doesn't create a output file should be documented.
Another issue I noticed is, the following error message is "Error: Missing output file name" when --action and --output is not present. Should this message be "Error: Missing output file name or action"? If --action is present the query executes successfully.
[root@server pki-cert-cli]# pki -d /tmp/tmp.dgbQzdVJEX/nssdb -n "PKI Administrator for example.com" -w Password -t ca cert-request-review 25 WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch Error: Missing output file name. usage: cert-request-review <Request ID> [OPTIONS...] --action <action> Action: approve, reject, cancel, update, validate, assign, unassign --output <filename> Output filename [root@server pki-cert-cli]# pki -d /tmp/tmp.dgbQzdVJEX/nssdb -n "PKI Administrator for example.com" -w Password -t ca cert-request-review --action=approve 25 WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch ------------------------------- Approved certificate request 25 -------------------------------
Since this ticket was originally filed, the command-line options to 'pki' have been changed:
# pki --help usage: pki [OPTIONS..] <command> [ARGS..] -c <password> Security database password -d <database> Security database location (default: ~/.dogtag/nssdb) -h <hostname> Hostname (default: pkilinux.sjc.redhat.com) --help Help --ignore-cert-status <list> Comma-separated list of ignored certificate validity statuses --message-format <format> Message format: xml (default), json -n <nickname> Certificate nickname --output <folder> Folder to store HTTP messages -P <protocol> Protocol (default: http) -p <port> Port (default: 8080) --reject-cert-status <list> Comma-separated list of rejected certificate validity statuses -t <type> Subsystem type -U <uri> Server URI -u <username> Username -v Verbose --version Version -w <password> Password Commands: help Help messages client Client management commands cert Certificate management commands group Group management commands key Key management commands securitydomain Security domain commands user User management commands ca CA management commands kra KRA management commands ocsp OCSP management commands tks TKS management commands tps TPS management commands
The --output <folder> option is associated with the master pki command, and refers to a folder used to store HTTP messages.
Similarly, the command-line options to the cert-request-review command have been changed:
# pki cert-request-review --help usage: cert-request-review <Request ID> [OPTIONS...] --action <action> Action: approve, reject, cancel, update, validate, assign, unassign --file <filename> File to store the certificate request --help Show help options
The --file <filename> option replaced the original --output <filename> option referenced in this ticket, and refers to the file used to store the certificate request.
Checked into 'master':
Metadata Update from @aakkiang: - Issue assigned to mharmsen - Issue set to the milestone: 10.2 - 04/14 (April)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1155
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.