[Pki-devel] [PATCH] TRAC Ticket #488 - Dogtag 10: Fix cli 'cert-find' clientAuth issue (REVISED)
Matthew Harmsen
mharmsen at redhat.com
Thu Jan 24 19:18:10 UTC 2013
Please review the attached patch which has been revised to address the
following PKI issue:
* TRAC Ticket #488 - Dogtag 10: Fix cli 'cert-find' clientAuth issue
This revised patch was tested with the following results:
* script -c "pkispawn -s CA -f /tmp/pki/cs.cfg -vvv"
o successfully installed and configured with no ERRORs/WARNINGs,
enrolled for a certificate, and approved a certificate
* pki -h foobar -P https -p 8443 cert-find
WARNING: BAD_CERT_DOMAIN encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates a
common-name mismatch
WARNING: UNTRUSTED ISSUER encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates a
non-trusted CA cert
------------------------
7 certificate(s) matched
------------------------
Serial Number: 0x1
Subject DN: CN=CA Signing Certificate,O=example.com Security Domain
Status: VALID
Serial Number: 0x2
Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security
Domain
Status: VALID
Serial Number: 0x3
Subject DN: CN=foobar.example.com,O=example.com Security Domain
Status: VALID
Serial Number: 0x4
Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain
Status: VALID
Serial Number: 0x5
Subject DN: CN=CA Audit Signing Certificate,O=example.com
Security Domain
Status: VALID
Serial Number: 0x6
Subject DN: CN=PKI
Administrator,E=caadmin at example.com,O=example.com Security Domain
Status: VALID
Serial Number: 0x7
Subject DN: UID=test
Status: VALID
----------------------------
Number of entries returned 7
----------------------------
* pki -h foobar.example.com -P https -p 8443 cert-find
WARNING: UNTRUSTED ISSUER encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates a
non-trusted CA cert
------------------------
7 certificate(s) matched
------------------------
Serial Number: 0x1
Subject DN: CN=CA Signing Certificate,O=example.com Security Domain
Status: VALID
Serial Number: 0x2
Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security
Domain
Status: VALID
Serial Number: 0x3
Subject DN: CN=foobar.example.com,O=example.com Security Domain
Status: VALID
Serial Number: 0x4
Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain
Status: VALID
Serial Number: 0x5
Subject DN: CN=CA Audit Signing Certificate,O=example.com
Security Domain
Status: VALID
Serial Number: 0x6
Subject DN: CN=PKI
Administrator,E=caadmin at example.com,O=example.com Security Domain
Status: VALID
Serial Number: 0x7
Subject DN: UID=test
Status: VALID
----------------------------
Number of entries returned 7
----------------------------
* pki -h foobar -P https -p 8443 -n "PKI Administrator for
example.com" -w XXXXXXXX -d . cert-find
WARNING: BAD_CERT_DOMAIN encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates a
common-name mismatch
WARNING: BAD_CERT_DOMAIN encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates a
common-name mismatch
------------------------
7 certificate(s) matched
------------------------
Serial Number: 0x1
Subject DN: CN=CA Signing Certificate,O=example.com Security Domain
Status: VALID
Serial Number: 0x2
Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security
Domain
Status: VALID
Serial Number: 0x3
Subject DN: CN=foobar.example.com,O=example.com Security Domain
Status: VALID
Serial Number: 0x4
Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain
Status: VALID
Serial Number: 0x5
Subject DN: CN=CA Audit Signing Certificate,O=example.com
Security Domain
Status: VALID
Serial Number: 0x6
Subject DN: CN=PKI
Administrator,E=caadmin at example.com,O=example.com Security Domain
Status: VALID
Serial Number: 0x7
Subject DN: UID=test
Status: VALID
----------------------------
Number of entries returned 7
----------------------------
* pki -h foobar.example.com -P https -p 8443 -n "PKI Administrator for
example.com" -w XXXXXXXX -d . cert-find
------------------------
7 certificate(s) matched
------------------------
Serial Number: 0x1
Subject DN: CN=CA Signing Certificate,O=example.com Security Domain
Status: VALID
Serial Number: 0x2
Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security
Domain
Status: VALID
Serial Number: 0x3
Subject DN: CN=foobar.example.com,O=example.com Security Domain
Status: VALID
Serial Number: 0x4
Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain
Status: VALID
Serial Number: 0x5
Subject DN: CN=CA Audit Signing Certificate,O=example.com
Security Domain
Status: VALID
Serial Number: 0x6
Subject DN: CN=PKI
Administrator,E=caadmin at example.com,O=example.com Security Domain
Status: VALID
Serial Number: 0x7
Subject DN: UID=test
Status: VALID
----------------------------
Number of entries returned 7
----------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130124/ca6b398a/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20130124-Fixed-CLI-cert-find-clientAuth-FQDN-hostname-issue.patch
Type: text/x-patch
Size: 9432 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20130124/ca6b398a/attachment.bin>
More information about the Pki-devel
mailing list