#7549 [RFE] ipa cert-find cannot exclude revoked certificates
Opened 5 years ago by ftweedal. Modified 4 years ago

Request for enhancement

IPA cert request has no way to restrict a search to non-revoked certificates.
We can search for revoked certificates that have a particular revocation reason
or were revoked at a particular time, but there is no way to limit a search to certificates
that are currently within their validity period and not revoked.

Desired behavior

There should be a cert-find option to filter based on status, e.g. --status={VALID,REVOKED,EXPIRED,REVOKED_EXPIRED}.


Metadata Update from @rcritten:
- Issue priority set to: normal
- Issue set to the milestone: FreeIPA 4.7 backlog

5 years ago

From what I can tell the dogtag interface accepts only a single value for status. It isn't possible to mix and match types, e.g.

pki ca-cert-find--status=REVOKED_EXPIRED --status=REVOKED

Will return only REVOKED_EXPIRED certs.

I filed a Dogtag ticket: https://pagure.io/dogtagpki/issue/3109.
This ticket is blocked until that ticket is fixed.

Metadata Update from @ftweedal:
- Custom field blockedby adjusted to https://pagure.io/dogtagpki/issue/3109

4 years ago

Login to comment on this ticket.

Metadata