Closed SilleBille closed 4 years ago
This issue was migrated from Pagure Issue #3002.Originally filed by mharmsen on 2018-04-26
Refer Document: http://pki.fedoraproject.org/wiki/Certificate_Key_Archival This doc uses -m -n -u -r all in one cli.
CRMFPopClient -v -d test -p SECret.123 -n CN=testuser -f caSigningUserCert -b transport.pem -m $HOSTNAME:8080 -u testuser23 -r testuser23
In runtime, it fails with error:
Request ID: 157 Request Status: rejected Reason: Request 157 Rejected - Subject Name Not Matched UID=testuser23
-- If we test the same with caUserCert , which uses subject dn format as uid=*.
CRMFPopClient -v -d test -p SECret.123 -n UID=testuser00 -f caDualCert -b transport.pem -m $HOSTNAME:8080 -u testuser23 -r testuser23
It works and a request gets created with CA Agent page but that request has subject dn as:
Certificate Pretty Print
Certificate: Data: Version: v3 Serial Number: 0xCDB6EED Signature Algorithm: SHA512withRSA - 1.2.840.113549.1.1.13 Issuer: CN=CA Signing Certificate,OU=pki-ca-Mar8,O=Example-rhcs92-CA Validity: Not Before: Monday, March 19, 2018 1:10:49 PM EDT America/New_York Not After: Saturday, September 15, 2018 1:10:49 PM EDT America/New_York Subject: UID=testuser23
==> Ideally it should be "UID=testuser00" i.e input provided to option -n
Steps to Reproduce:
Use this document and follow the process http://pki.fedoraproject.org/wiki/Certificate_Key_Archival
Actual results:
failure.
Expected results:
It should work
Posted by mharmsen on 2018-04-26:
Per 10.5.x/10.6 Triage: 10.5.x
This issue was migrated from Pagure Issue #3002.Originally filed by mharmsen on 2018-04-26
Refer Document: http://pki.fedoraproject.org/wiki/Certificate_Key_Archival This doc uses -m -n -u -r all in one cli.
CRMFPopClient -v -d test -p SECret.123 -n CN=testuser -f caSigningUserCert -b transport.pem -m $HOSTNAME:8080 -u testuser23 -r testuser23
In runtime, it fails with error:
Request ID: 157 Request Status: rejected Reason: Request 157 Rejected - Subject Name Not Matched UID=testuser23
-- If we test the same with caUserCert , which uses subject dn format as uid=*.
CRMFPopClient -v -d test -p SECret.123 -n UID=testuser00 -f caDualCert -b transport.pem -m $HOSTNAME:8080 -u testuser23 -r testuser23
It works and a request gets created with CA Agent page but that request has subject dn as:
Certificate Pretty Print
==> Ideally it should be "UID=testuser00" i.e input provided to option -n
Steps to Reproduce:
Actual results:
Expected results: