Running ipa cert-find --revocation-reason=1 returns certs expired for reason 1 and reason 10.
Steps to Reproduce: 1. create csr with openssl req -new -nodes -out /tmp/new.csr 2. ipa cert-request --add --principal=REASON1/ipaqavmg.testrelm.com /tmp/new.csr 3. ipa cert-request --add --principal=REASON10/ipaqavmg.testrelm.com /tmp/new.csr 4. ipa cert-revoke --revocation-reason=1 <ID of first cert> 5. ipa cert-revoke --revocation-reason=10 <ID of second cert> 6. ipa cert-find --revocation-reason=1
It appears that "pki cert-find --revocationReason 1" does find certs expired for reason 1 and reason 10.
[root@ipaqa64vmd ~]# ipa cert-revoke --revocation-reason=1 26 Revoked: True [root@ipaqa64vmd ~]# ipa cert-revoke --revocation-reason=10 27 Revoked: True [root@ipaqa64vmd ~]# pki cert-find --revocationReason 1
Serial Number: 0x1a Subject DN: CN=ipaqa64vmd.testrelm.com,O=TESTRELM.COM Status: REVOKED Type: X.509 version 3 Key Algorithm: PKCS #1 RSA with 2048-bit key Not Valid Before: Wed Aug 21 13:59:48 EDT 2013 Not Valid After: Sat Aug 22 13:59:48 EDT 2015 Issued On: Wed Aug 21 13:59:48 EDT 2013 Issued By: ipara
Serial Number: 0x1b Subject DN: CN=ipaqa64vmd.testrelm.com,O=TESTRELM.COM Status: REVOKED Type: X.509 version 3 Key Algorithm: PKCS #1 RSA with 2048-bit key Not Valid Before: Wed Aug 21 14:00:46 EDT 2013 Not Valid After: Sat Aug 22 14:00:46 EDT 2015 Issued On: Wed Aug 21 14:00:46 EDT 2013 Issued By: ipara
Number of entries returned 2
Fixed:
To ssh://vakwetu@git.fedorahosted.org/git/pki.git 27ed263..a90518e master -> master
To ssh://vakwetu@git.fedorahosted.org/git/pki.git f27f8a5..92c7895 DOGTAG_10_0_BRANCH -> DOGTAG_10_0_BRANCH
Metadata Update from @nkinder: - Issue assigned to vakwetu - Issue set to the milestone: 10.0.5
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1281
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.