<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Please review the attached patch which has been revised to address
the following PKI issue:<br>
<ul>
<li>TRAC Ticket #488 - Dogtag 10: Fix cli 'cert-find' clientAuth
issue</li>
</ul>
This revised patch was tested with the following results:<br>
<ul>
<li>script -c "pkispawn -s CA -f /tmp/pki/cs.cfg -vvv"</li>
<ul>
<li>successfully installed and configured with no
ERRORs/WARNINGs, enrolled for a certificate, and approved a
certificate</li>
</ul>
<li>pki -h foobar -P https -p 8443 cert-find<br>
WARNING: BAD_CERT_DOMAIN encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates
a common-name mismatch<br>
WARNING: UNTRUSTED ISSUER encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates
a non-trusted CA cert<br>
------------------------<br>
7 certificate(s) matched<br>
------------------------<br>
Serial Number: 0x1<br>
Subject DN: CN=CA Signing Certificate,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x2<br>
Subject DN: CN=CA OCSP Signing Certificate,O=example.com
Security Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x3<br>
Subject DN: CN=foobar.example.com,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x4<br>
Subject DN: CN=CA Subsystem Certificate,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x5<br>
Subject DN: CN=CA Audit Signing Certificate,O=example.com
Security Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x6<br>
Subject DN: CN=PKI
Administrator,<a class="moz-txt-link-abbreviated" href="mailto:E=caadmin@example.com,O=example.com">E=caadmin@example.com,O=example.com</a> Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x7<br>
Subject DN: UID=test<br>
Status: VALID<br>
----------------------------<br>
Number of entries returned 7<br>
----------------------------</li>
<li>pki -h foobar.example.com -P https -p 8443 cert-find<br>
WARNING: UNTRUSTED ISSUER encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates
a non-trusted CA cert<br>
------------------------<br>
7 certificate(s) matched<br>
------------------------<br>
Serial Number: 0x1<br>
Subject DN: CN=CA Signing Certificate,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x2<br>
Subject DN: CN=CA OCSP Signing Certificate,O=example.com
Security Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x3<br>
Subject DN: CN=foobar.example.com,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x4<br>
Subject DN: CN=CA Subsystem Certificate,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x5<br>
Subject DN: CN=CA Audit Signing Certificate,O=example.com
Security Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x6<br>
Subject DN: CN=PKI
Administrator,<a class="moz-txt-link-abbreviated" href="mailto:E=caadmin@example.com,O=example.com">E=caadmin@example.com,O=example.com</a> Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x7<br>
Subject DN: UID=test<br>
Status: VALID<br>
----------------------------<br>
Number of entries returned 7<br>
----------------------------</li>
<li>pki -h foobar -P https -p 8443 -n "PKI Administrator for
example.com" -w XXXXXXXX -d . cert-find<br>
WARNING: BAD_CERT_DOMAIN encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates
a common-name mismatch<br>
WARNING: BAD_CERT_DOMAIN encountered on
'CN=foobar.example.com,O=example.com Security Domain' indicates
a common-name mismatch<br>
------------------------<br>
7 certificate(s) matched<br>
------------------------<br>
Serial Number: 0x1<br>
Subject DN: CN=CA Signing Certificate,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x2<br>
Subject DN: CN=CA OCSP Signing Certificate,O=example.com
Security Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x3<br>
Subject DN: CN=foobar.example.com,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x4<br>
Subject DN: CN=CA Subsystem Certificate,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x5<br>
Subject DN: CN=CA Audit Signing Certificate,O=example.com
Security Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x6<br>
Subject DN: CN=PKI
Administrator,<a class="moz-txt-link-abbreviated" href="mailto:E=caadmin@example.com,O=example.com">E=caadmin@example.com,O=example.com</a> Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x7<br>
Subject DN: UID=test<br>
Status: VALID<br>
----------------------------<br>
Number of entries returned 7<br>
----------------------------</li>
<li>pki -h foobar.example.com -P https -p 8443 -n "PKI
Administrator for example.com" -w XXXXXXXX -d . cert-find<br>
------------------------<br>
7 certificate(s) matched<br>
------------------------<br>
Serial Number: 0x1<br>
Subject DN: CN=CA Signing Certificate,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x2<br>
Subject DN: CN=CA OCSP Signing Certificate,O=example.com
Security Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x3<br>
Subject DN: CN=foobar.example.com,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x4<br>
Subject DN: CN=CA Subsystem Certificate,O=example.com Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x5<br>
Subject DN: CN=CA Audit Signing Certificate,O=example.com
Security Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x6<br>
Subject DN: CN=PKI
Administrator,<a class="moz-txt-link-abbreviated" href="mailto:E=caadmin@example.com,O=example.com">E=caadmin@example.com,O=example.com</a> Security
Domain<br>
Status: VALID<br>
<br>
Serial Number: 0x7<br>
Subject DN: UID=test<br>
Status: VALID<br>
----------------------------<br>
Number of entries returned 7<br>
----------------------------<br>
<br>
</li>
</ul>
</body>
</html>