Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

'pki cert-request-review' --output creates a file only when --action attribute is not present #1155

Closed
pki-bot opened this issue Oct 2, 2020 · 3 comments
Closed

'pki cert-request-review' --output creates a file only when --action attribute is not present #1155

pki-bot opened this issue Oct 2, 2020 · 3 comments
Labels
Closed: Fixed
Milestone
10.2 - 04/14 (April)

Comments

@pki-bot
Copy link

pki-bot commented Oct 2, 2020

This issue was migrated from Pagure Issue #585. Originally filed by aakkiang (@aakkiang) on 2013-04-11 18:33:10:

pki cert-request-review when --action and --output parameters present doesn't create a file:

[root@server pki-cert-cli]# pki -d /tmp/tmp.dgbQzdVJEX/nssdb                    -n "PKI Administrator for example.com"                    -w Password                    -t ca                     cert-request-review --action=validate --output=/tmp/tmp.dgbQzdVJEX/certapprove_001.out  24
WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch
WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch
--------------------------------
Validated certificate request 24
--------------------------------
[root@iota pki-cert-cli]# cat /tmp/tmp.dgbQzdVJEX/certapprove_001.out
cat: /tmp/tmp.dgbQzdVJEX/certapprove_001.out: No such file or directory

When --action parameter not present and --output is present, pki cert-request-review cli requests the user to enter a Action (approve/reject/cancel/update/validate/assign/unassign) and creates a output file if --output param is present

[root@server pki-cert-cli]# pki -d /tmp/tmp.dgbQzdVJEX/nssdb                    -n "PKI Administrator for example.com"                    -w Password                    -t ca                     cert-request-review  --output=/tmp/tmp.dgbQzdVJEX/certapprove_001.out  24
WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch
WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch
--------------------------------
Retrieved certificate request 24
--------------------------------
  Request ID: 24
  Profile: Manual User Dual-Use Certificate Enrollment
  Type: enrollment
  Status: pending
  Filename: /tmp/tmp.dgbQzdVJEX/certapprove_001.out

Action (approve/reject/cancel/update/validate/assign/unassign): validate
--------------------------------
Validated certificate request 24
--------------------------------

**The presence of --action parameter doesn't create a output file should be documented.

Another issue I noticed is, the following error message is "Error: Missing output file name" when --action and --output is not present. Should this message be "Error: Missing output file name or action"? If --action is present the query executes successfully.

[root@server pki-cert-cli]# pki -d /tmp/tmp.dgbQzdVJEX/nssdb                    -n "PKI Administrator for example.com"                    -w Password                    -t ca                     cert-request-review   25
WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch
WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch
Error: Missing output file name.
usage: cert-request-review <Request ID> [OPTIONS...]
    --action <action>     Action: approve, reject, cancel, update,
                          validate, assign, unassign
    --output <filename>   Output filename
[root@server pki-cert-cli]# pki -d /tmp/tmp.dgbQzdVJEX/nssdb                    -n "PKI Administrator for example.com"                    -w Password                    -t ca                     cert-request-review  --action=approve  25
WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch
WARNING: BAD_CERT_DOMAIN encountered on 'CN=server.example.com,O=example.com Security Domain' indicates a common-name mismatch
-------------------------------
Approved certificate request 25
-------------------------------
@pki-bot pki-bot added this to the 10.2 - 04/14 (April) milestone Oct 2, 2020
@pki-bot pki-bot closed this as completed Oct 2, 2020
@pki-bot
Copy link
Author

pki-bot commented Oct 2, 2020

Comment from mharmsen (@mharmsen) at 2014-04-29 20:41:42

Since this ticket was originally filed, the command-line options to 'pki' have been changed:

# pki --help
usage: pki [OPTIONS..] <command> [ARGS..]
 -c <password>                    Security database password
 -d <database>                    Security database location (default:
                                  ~/.dogtag/nssdb)
 -h <hostname>                    Hostname (default:
                                  pkilinux.sjc.redhat.com)
    --help                        Help
    --ignore-cert-status <list>   Comma-separated list of ignored
                                  certificate validity statuses
    --message-format <format>     Message format: xml (default), json
 -n <nickname>                    Certificate nickname
    --output <folder>             Folder to store HTTP messages
 -P <protocol>                    Protocol (default: http)
 -p <port>                        Port (default: 8080)
    --reject-cert-status <list>   Comma-separated list of rejected
                                  certificate validity statuses
 -t <type>                        Subsystem type
 -U <uri>                         Server URI
 -u <username>                    Username
 -v                               Verbose
    --version                     Version
 -w <password>                    Password

Commands:
 help                    Help messages
 client                  Client management commands
 cert                    Certificate management commands
 group                   Group management commands
 key                     Key management commands
 securitydomain          Security domain commands
 user                    User management commands
 ca                      CA management commands
 kra                     KRA management commands
 ocsp                    OCSP management commands
 tks                     TKS management commands
 tps                     TPS management commands

The --output option is associated with the master pki command, and refers to a folder used to store HTTP messages.

Similarly, the command-line options to the cert-request-review command have been changed:

# pki cert-request-review --help
usage: cert-request-review <Request ID> [OPTIONS...]
    --action <action>   Action: approve, reject, cancel, update, validate,
                        assign, unassign
    --file <filename>   File to store the certificate request
    --help              Show help options

The --file option replaced the original --output option referenced in this ticket, and refers to the file used to store the certificate request.

@pki-bot
Copy link
Author

pki-bot commented Oct 2, 2020

Comment from mharmsen (@mharmsen) at 2014-05-01 00:56:55

Checked into 'master':

@pki-bot
Copy link
Author

pki-bot commented Oct 2, 2020

Comment from aakkiang (@aakkiang) at 2017-02-27 14:00:40

Metadata Update from @aakkiang:

  • Issue assigned to mharmsen
  • Issue set to the milestone: 10.2 - 04/14 (April)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Closed: Fixed
Projects
None yet
Milestone
10.2 - 04/14 (April)
Development

No branches or pull requests
1 participant
@pki-bot