#5991 Principal does not get created when I add a certificate with "Add principal" checkbox checked
Closed: Fixed None Opened 7 years ago by ofayans.

  1. In webUI go to Authentication -> Certificates -> Certificates
  2. Click "Issue"
  3. In the popup window check the "Add principal checkbox"
  4. Follow the steps described in the popup window to generate a cert request.
  5. Click "Issue"
    Expected results:[[BR]]
    Cert gets issued[[BR]]
    Actual results:[[BR]]
    The error is shown: "The principal for this request doesn't exist."

Oleg, could you add what exact values have you tried. From this description it is unclear for what kind(user/host/service) of principal you've been issuing the cert.

I created a user and was able to issue a certificate for him:

# certutil -d certs -R -s "CN=testuser" -o test.csr -z /etc/group -f certs/pwd -a
# ipa cert-request test.csr --principal=testuser --profile-id=caIPAuserCert

But when I repeat the same actions for a user that was not yet created, with the '--add' option of 'ipa cert-request' the command fails with "The principal for this request doesn't exist."

#certutil -d certs -R -s "CN=otheruser" -o otheruser.csr -z /etc/group -f certs/pwd -a
# ipa cert-request otheruser.csr --principal=otheruser --profile-id=caIPAuserCert --add
ipa: ERROR: The principal for this request doesn't exist.

Currently principal auto-creation is only supported for hosts and services.

IMO the scope of this ticket is to give a better error message
if --add is attempted for a user.

patch on the list, moving to 4.4

master:

  • 3fab1b6 cert-request: better error msg when 'add' not supported

Metadata Update from @ofayans:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Login to comment on this ticket.

Metadata