dogtagpki

Clone
Source Code
GIT

#2289 [MAN] pki ca-cert-request-submit fails presumably because of missing authentication even if it should not require any
Closed None Opened 8 years ago by jpazdziora.

Closed
Reopen Issue

The man pki-cert(1) says:

   Then, fill in the values in the XML file and  submit  the
   request  for review.  This can be done without authentication.

   pki ca-cert-request-submit <request file>

Attempt to do that fails.

Steps to Reproduce:

1. Install and configure FreeIPA/IdM server.
2. Run pki ca-cert-request-profile-find
3. Run pki ca-cert-request-profile-show caInstallCACert --output template.xml
4. Run pki ca-cert-request-submit template.xml ; echo $?

Actual results:

UnauthorizedException: AuthCredentials.set()
255

Expected results:

No error, exit status 0, and the CSR submitted.

Additional Info:

Refer to https://bugzilla.redhat.com/show_bug.cgi?id=1316653 for more details.

Per CS Triage held on 4/19/2016: 10.3.0 or 10.3.1

The man page is inaccurate and should be fixed. Some profiles actually do require authentication:
http://pki.fedoraproject.org/wiki/Certificate_Profiles

The caInstallCACert is an internal profile used during PKI server installation. Also, it requires token authentication which is currently not supported by the pki CLI. A more general profile for CA certificates is probably the caCACert which does not require authentication.

Moved to 10.3.2 with other man page tickets.

Per PKI Bug Council of 06/23/2016: 10.3.4

Per CS/DS Meeting of 08/08/2016: 10.3.6

Fixed in master:

  • 52694cd6acf81446623b6d24947d8d3afdc8536c

Replying to [comment:12 edewata]:

Fixed in master:
* 52694cd6acf81446623b6d24947d8d3afdc8536c

Cherry-picked to DOGTAG_10_3_BRANCH:

  • b99469a9805df722a58fe20ca7160de706b69e7c

Metadata Update from @jpazdziora:
- Issue assigned to edewata
- Issue set to the milestone: 10.3.9
7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1316653,https://bugzilla.redhat.com/show_bug.cgi?id=1399862 (was: https://bugzilla.redhat.com/show_bug.cgi?id=1316653, https://bugzilla.redhat.com/show_bug.cgi?id=1366361, https://bugzilla.redhat.com/show_bug.cgi?id=1399862)
- Custom field version adjusted to ''
- Issue close_status updated to: None (was: Fixed)
6 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2409

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata
None
None
None
minor
None
None
defect
''
None
None
None
''
IPA
''
https://koji.fedoraproject.org/koji/buildinfo?buildID=825551
None
None
None
''
Documentation
''
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.