RE_Enroll operation does not revoke the original certificates on the token

[pki-bot]

This issue was migrated from Pagure Issue #2487. Originally filed by rpattath (@rpattath) on 2016-09-28 00:57:47:

• Closed as Invalid
• Assigned to nobody
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1379813

---

RE_Enroll operation does not revoke the original certificates on the token

Steps to Reproduce:

1. Enroll a token of userKey token type.
2. Edit the token policy using the Web UI with RE_ENROLL=YES
3. Enroll the token again
4. Default TPS CS.cfg was used which has op.format.userKey.revokeCert=true

Actual results:

Original certificates are not revoked

Expected results:

Original certificates are expected to be revoked.

Additional info:

attaching the tps debug log

Created attachment 1205287
TPS re-enroll debug log

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-10-11 23:27:13

CLOSING AS WORKSFORME:

Christina Fu 2016-10-07 14:04:38 EDT

I cannot reproduce.  It works for me.
Did you literally enter (delimited by ';')?
FORCE_FORMAT=YES;RE_ENROLL=YES

Roshni 2016-10-07 14:45:20 EDT

With fresh TPS instance the original certs were revoked during re-enrollment
when FORCE_FORMAT=YES;RE_ENROLL=YES was set for the token.

[pki-bot]

Comment from rpattath (@rpattath) at 2017-02-27 14:11:35

Metadata Update from @rpattath:

• Issue set to the milestone: 10.3.6