The man pki-cert(1) says:
Then, fill in the values in the XML file and submit the request for review. This can be done without authentication. pki ca-cert-request-submit <request file>
Attempt to do that fails.
Steps to Reproduce:
1. Install and configure FreeIPA/IdM server. 2. Run pki ca-cert-request-profile-find 3. Run pki ca-cert-request-profile-show caInstallCACert --output template.xml 4. Run pki ca-cert-request-submit template.xml ; echo $?
Actual results:
UnauthorizedException: AuthCredentials.set() 255
Expected results:
No error, exit status 0, and the CSR submitted.
Additional Info:
Refer to https://bugzilla.redhat.com/show_bug.cgi?id=1316653 for more details.
Per CS Triage held on 4/19/2016: 10.3.0 or 10.3.1
The man page is inaccurate and should be fixed. Some profiles actually do require authentication: http://pki.fedoraproject.org/wiki/Certificate_Profiles
The caInstallCACert is an internal profile used during PKI server installation. Also, it requires token authentication which is currently not supported by the pki CLI. A more general profile for CA certificates is probably the caCACert which does not require authentication.
Moved to 10.3.2 with other man page tickets.
Per PKI Bug Council of 06/23/2016: 10.3.4
Per CS/DS Meeting of 08/08/2016: 10.3.6
Fixed in master:
Replying to [comment:12 edewata]:
Fixed in master: * 52694cd6acf81446623b6d24947d8d3afdc8536c
Cherry-picked to DOGTAG_10_3_BRANCH:
Metadata Update from @jpazdziora: - Issue assigned to edewata - Issue set to the milestone: 10.3.9
Metadata Update from @mharmsen: - Custom field feature adjusted to '' - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1316653,https://bugzilla.redhat.com/show_bug.cgi?id=1399862 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1316653, https://bugzilla.redhat.com/show_bug.cgi?id=1366361, https://bugzilla.redhat.com/show_bug.cgi?id=1399862) - Custom field version adjusted to '' - Issue close_status updated to: None (was: Fixed)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2409
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.