You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
rhcs81 caManualRenewal with original profile modified for empty params.name
creates root CA subject DN
Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 5.9 (Tikanga)
redhat-ds-base-8.2.11-5.el5dsrv
pki-ca-8.1.5-1.el5pki
How reproducible:
always
Steps to Reproduce:
1.have user directory
2.have CA
3.duplicate profile caDirUserCert
4. modify subjectNameConstraintImpl to add a params:
policyset.set1.1.constraint.class_id=subjectNameConstraintImpl
policyset.set1.1.constraint.name=Subject Name Constraint
policyset.set1.1.constraint.params.pattern=.*
policyset.set1.1.default.class_id=subjectNameDefaultImpl
policyset.set1.1.default.name=Subject Name Default
policyset.set1.1.default.params.name=$request.auth_token.tokenCertSubject$
enroll
stop CA and modify the custom profile to remove the variable
policyset.set1.1.default.params.name=
start CA
This issue was migrated from Pagure Issue #822. Originally filed by nkinder (@nkinder) on 2014-01-13 19:48:13:
rhcs81 caManualRenewal with original profile modified for empty params.name
creates root CA subject DN
Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux Server release 5.9 (Tikanga)
redhat-ds-base-8.2.11-5.el5dsrv
pki-ca-8.1.5-1.el5pki
How reproducible:
always
Steps to Reproduce:
1.have user directory
2.have CA
3.duplicate profile caDirUserCert
4. modify subjectNameConstraintImpl to add a params:
policyset.set1.1.constraint.class_id=subjectNameConstraintImpl
policyset.set1.1.constraint.name=Subject Name Constraint
policyset.set1.1.constraint.params.pattern=.*
policyset.set1.1.default.class_id=subjectNameDefaultImpl
policyset.set1.1.default.name=Subject Name Default
policyset.set1.1.default.params.name=$request.auth_token.tokenCertSubject$
policyset.set1.1.default.params.name=
start CA
http://ca1.example.com:9180/ca/ee/ca/profileSelect?profileId=caManualRenewal
Actual results:
a certificate is issued
but the subject DN is unexpected, it is the root CA (!)
The text was updated successfully, but these errors were encountered: