#1556 Can not get or view host certificate
Closed: Fixed None Opened 10 years ago by rcritten.

https://bugzilla.redhat.com/show_bug.cgi?id=727282

After updated to the latest good ipa build. Can no longer Get or View a host's
certificate. Clicking on either of these buttons results in error "unknown
command u'show'". See attached screen shot.

I am able to run this from the command-line,

Show host to get serial number :

# ipa host-show --all myhost.qe.lab.ipa
  dn: fqdn=myhost.qe.lab.ipa,cn=computers,cn=accounts,dc=qe,dc=lab,dc=ipa
  Host name: myhost.qe.lab.ipa
  Certificate:
MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5MQUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAxMTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRowGAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WVChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZDMwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCBiTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2NhL29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8NRos6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCVYACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVGaL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl
  Principal name: host/myhost.qe.lab.ipa@QE.LAB.IPA
  Keytab: False
  Managed by: myhost.qe.lab.ipa
  Managing: myhost.qe.lab.ipa
  Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA
  Serial Number: 68
  Issuer: CN=Certificate Authority,O=QE.LAB.IPA
  Not Before: Mon Aug 01 17:53:34 2011 UTC
  Not After: Sat Jan 28 17:53:34 2012 UTC
  Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20
  Fingerprint (SHA1):
33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01
  cn: myhost.qe.lab.ipa
  ipauniqueid: 2a54cdc6-bc67-11e0-bb7c-0015172f2b30
  objectclass: ipaobject, nshost, ipahost, pkiuser, ipaservice,
krbprincipalaux, krbprincipal, top
  serverhostname: myhost

show the certificate ...

# ipa cert-show 68
  Certificate: MIIC6jCCAdKgAwIBAgIBRDANBgkqhkiG9w0BAQsFADA1MRMwEQYDVQQKEwpRRS5M
QUIuSVBBMR4wHAYDVQQDExVDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTEwODAx
MTc1MzM0WhcNMTIwMTI4MTc1MzM0WjAxMRMwEQYDVQQKEwpRRS5MQUIuSVBBMRow
GAYDVQQDExFteWhvc3QucWUubGFiLmlwYTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
gYkCgYEA4lXS4N0rlvJOwhv7eZdWLoaH5BwNoNgBObTAde4MYRejx75f3Ovo+8WV
ChRs/xDemDPGfWj09BW4BDXpX0Vaa3N4akIfKoxDnYckZlifuHxbyrZB9XX8eAZD
MwtBzi30elEp5Cf5SWMJ9WBOoXu/YCC58aegXKJjPXLlzvrIoEsCAwEAAaOBjDCB
iTAfBgNVHSMEGDAWgBQOE0CtRxnD/GRREIMw+fOSNxcamTBBBggrBgEFBQcBAQQ1
MDMwMQYIKwYBBQUHMAGGJWh0dHA6Ly9hcG9sbG8ucWUubGFiLmlwYTo5MTgwL2Nh
L29jc3AwDgYDVR0PAQH/BAQDAgTwMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqG
SIb3DQEBCwUAA4IBAQC/ybICb78OIhjbzVBIYpwQKZ6PZcPiaHouTIugD59XScYT
75VZf31w5AHjPOkyHZMjV6ZgavLDK+kUpm9CigA6/wVZ/UZm/fZwELjMOBw6Ex8N
Ros6fHPHVc1tzyKRfvriXnOmQCF1eduR3Gyeav9xw1GEyXDbbyCJDRMv8hIQ8JFk
8oBUNDGVhsIZ35xP3x8jET3PXxyhYwso7VJph9gKYUwkWXsXASthUnpKJmFSOhCV
YACIY0450GwOOZ8oC3J4vABhSCScZE39eTV3PLVLefRklbsPDem6ztO0yDkGKxVG
aL+WU3Tf0pHkx4Cyp3y/qolyCGDAGP3qmMY1MEgl
  Subject: CN=myhost.qe.lab.ipa,O=QE.LAB.IPA
  Issuer: CN=Certificate Authority,O=QE.LAB.IPA
  Not Before: Mon Aug 01 17:53:34 2011 UTC
  Not After: Sat Jan 28 17:53:34 2012 UTC
  Fingerprint (MD5): 82:db:18:e5:ab:dc:73:40:f0:78:61:3f:58:6b:eb:20
  Fingerprint (SHA1):
33:63:28:08:71:b4:a5:d6:c9:bd:35:91:c4:dc:df:09:61:3d:24:01
  Serial number: 68


- generate a host CSR (I used certutil)
- add a new ipa host
- submit the CSR for signing
- edit the host and try to view or get the host's certificate

Metadata Update from @rcritten:
- Issue assigned to admiyo
- Issue set to the milestone: FreeIPA 2.1 - 2011/07

5 years ago

Login to comment on this ticket.

Metadata