CRMFPopClient ignores -n option

[SilleBille]

This issue was migrated from Pagure Issue #3002.Originally filed by mharmsen on 2018-04-26

Refer Document: http://pki.fedoraproject.org/wiki/Certificate_Key_Archival This doc uses -m -n -u -r all in one cli.

CRMFPopClient -v -d test -p SECret.123 -n CN=testuser -f caSigningUserCert -b transport.pem -m $HOSTNAME:8080 -u testuser23 -r testuser23

In runtime, it fails with error:

Request ID: 157 Request Status: rejected Reason: Request 157 Rejected - Subject Name Not Matched UID=testuser23

-- If we test the same with caUserCert , which uses subject dn format as uid=*.

CRMFPopClient -v -d test -p SECret.123 -n UID=testuser00 -f caDualCert -b transport.pem -m $HOSTNAME:8080 -u testuser23 -r testuser23

It works and a request gets created with CA Agent page but that request has subject dn as:

Certificate Pretty Print

Certificate: 
    Data: 
        Version:  v3
        Serial Number: 0xCDB6EED
        Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13
        Issuer: CN=CA Signing Certificate,OU=pki-ca-Mar8,O=Example-rhcs92-CA
        Validity: 
            Not Before: Monday, March 19, 2018 1:10:49 PM EDT America/New_York
            Not  After: Saturday, September 15, 2018 1:10:49 PM EDT America/New_York
        Subject: UID=testuser23

==> Ideally it should be "UID=testuser00" i.e input provided to option -n

Steps to Reproduce:

Use this document and follow the process http://pki.fedoraproject.org/wiki/Certificate_Key_Archival

Actual results:

failure.

Expected results:

It should work

[SilleBille]

Posted by mharmsen on 2018-04-26:

Per 10.5.x/10.6 Triage: 10.5.x