#712 pki cert-find --revocationReason 1 finds certs expired for reason 1 and reason 10
Closed: Fixed None Opened 10 years ago by nkinder.

Running ipa cert-find --revocation-reason=1 returns certs expired for reason 1
and reason 10.

Steps to Reproduce:
1. create csr with openssl req -new -nodes -out /tmp/new.csr
2. ipa cert-request --add --principal=REASON1/ipaqavmg.testrelm.com
/tmp/new.csr
3. ipa cert-request --add --principal=REASON10/ipaqavmg.testrelm.com
/tmp/new.csr
4. ipa cert-revoke --revocation-reason=1 <ID of first cert>
5. ipa cert-revoke --revocation-reason=10 <ID of second cert>
6. ipa cert-find --revocation-reason=1

It appears that "pki cert-find --revocationReason 1" does find certs expired for reason 1 and reason 10.

[root@ipaqa64vmd ~]# ipa cert-revoke --revocation-reason=1 26
Revoked: True
[root@ipaqa64vmd ~]# ipa cert-revoke --revocation-reason=10 27
Revoked: True
[root@ipaqa64vmd ~]# pki cert-find --revocationReason 1


2 certificate(s) found

Serial Number: 0x1a
Subject DN: CN=ipaqa64vmd.testrelm.com,O=TESTRELM.COM
Status: REVOKED
Type: X.509 version 3
Key Algorithm: PKCS #1 RSA with 2048-bit key
Not Valid Before: Wed Aug 21 13:59:48 EDT 2013
Not Valid After: Sat Aug 22 13:59:48 EDT 2015
Issued On: Wed Aug 21 13:59:48 EDT 2013
Issued By: ipara

Serial Number: 0x1b
Subject DN: CN=ipaqa64vmd.testrelm.com,O=TESTRELM.COM
Status: REVOKED
Type: X.509 version 3
Key Algorithm: PKCS #1 RSA with 2048-bit key
Not Valid Before: Wed Aug 21 14:00:46 EDT 2013
Not Valid After: Sat Aug 22 14:00:46 EDT 2015
Issued On: Wed Aug 21 14:00:46 EDT 2013
Issued By: ipara


Number of entries returned 2


Fixed:

To ssh://vakwetu@git.fedorahosted.org/git/pki.git
27ed263..a90518e master -> master

To ssh://vakwetu@git.fedorahosted.org/git/pki.git
f27f8a5..92c7895 DOGTAG_10_0_BRANCH -> DOGTAG_10_0_BRANCH

Metadata Update from @nkinder:
- Issue assigned to vakwetu
- Issue set to the milestone: 10.0.5

7 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1281

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Login to comment on this ticket.

Metadata