<html> <head> <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1"> </head> <body bgcolor="#FFFFFF" text="#000000"> Please review the attached patch which has been revised to address the following PKI issue: <ul> <li>TRAC Ticket #488 - Dogtag 10: Fix cli 'cert-find' clientAuth issue</li> </ul> This revised patch was tested with the following results: <ul> <li>script -c "pkispawn -s CA -f /tmp/pki/cs.cfg -vvv"</li> <ul> <li>successfully installed and configured with no ERRORs/WARNINGs, enrolled for a certificate, and approved a certificate</li> </ul> <li>pki -h foobar -P https -p 8443 cert-find WARNING: BAD_CERT_DOMAIN encountered on 'CN=foobar.example.com,O=example.com Security Domain' indicates a common-name mismatch WARNING: UNTRUSTED ISSUER encountered on 'CN=foobar.example.com,O=example.com Security Domain' indicates a non-trusted CA cert ------------------------ 7 certificate(s) matched ------------------------ Serial Number: 0x1 Subject DN: CN=CA Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x2 Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x3 Subject DN: CN=foobar.example.com,O=example.com Security Domain Status: VALID Serial Number: 0x4 Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x5 Subject DN: CN=CA Audit Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x6 Subject DN: CN=PKI Administrator,<a class="moz-txt-link-abbreviated" href="mailto:E=caadmin@example.com,O=example.com">E=caadmin@example.com,O=example.com</a> Security Domain Status: VALID Serial Number: 0x7 Subject DN: UID=test Status: VALID ---------------------------- Number of entries returned 7 ----------------------------</li> <li>pki -h foobar.example.com -P https -p 8443 cert-find WARNING: UNTRUSTED ISSUER encountered on 'CN=foobar.example.com,O=example.com Security Domain' indicates a non-trusted CA cert ------------------------ 7 certificate(s) matched ------------------------ Serial Number: 0x1 Subject DN: CN=CA Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x2 Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x3 Subject DN: CN=foobar.example.com,O=example.com Security Domain Status: VALID Serial Number: 0x4 Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x5 Subject DN: CN=CA Audit Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x6 Subject DN: CN=PKI Administrator,<a class="moz-txt-link-abbreviated" href="mailto:E=caadmin@example.com,O=example.com">E=caadmin@example.com,O=example.com</a> Security Domain Status: VALID Serial Number: 0x7 Subject DN: UID=test Status: VALID ---------------------------- Number of entries returned 7 ----------------------------</li> <li>pki -h foobar -P https -p 8443 -n "PKI Administrator for example.com" -w XXXXXXXX -d . cert-find WARNING: BAD_CERT_DOMAIN encountered on 'CN=foobar.example.com,O=example.com Security Domain' indicates a common-name mismatch WARNING: BAD_CERT_DOMAIN encountered on 'CN=foobar.example.com,O=example.com Security Domain' indicates a common-name mismatch ------------------------ 7 certificate(s) matched ------------------------ Serial Number: 0x1 Subject DN: CN=CA Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x2 Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x3 Subject DN: CN=foobar.example.com,O=example.com Security Domain Status: VALID Serial Number: 0x4 Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x5 Subject DN: CN=CA Audit Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x6 Subject DN: CN=PKI Administrator,<a class="moz-txt-link-abbreviated" href="mailto:E=caadmin@example.com,O=example.com">E=caadmin@example.com,O=example.com</a> Security Domain Status: VALID Serial Number: 0x7 Subject DN: UID=test Status: VALID ---------------------------- Number of entries returned 7 ----------------------------</li> <li>pki -h foobar.example.com -P https -p 8443 -n "PKI Administrator for example.com" -w XXXXXXXX -d . cert-find ------------------------ 7 certificate(s) matched ------------------------ Serial Number: 0x1 Subject DN: CN=CA Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x2 Subject DN: CN=CA OCSP Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x3 Subject DN: CN=foobar.example.com,O=example.com Security Domain Status: VALID Serial Number: 0x4 Subject DN: CN=CA Subsystem Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x5 Subject DN: CN=CA Audit Signing Certificate,O=example.com Security Domain Status: VALID Serial Number: 0x6 Subject DN: CN=PKI Administrator,<a class="moz-txt-link-abbreviated" href="mailto:E=caadmin@example.com,O=example.com">E=caadmin@example.com,O=example.com</a> Security Domain Status: VALID Serial Number: 0x7 Subject DN: UID=test Status: VALID ---------------------------- Number of entries returned 7 ---------------------------- </li> </ul> </body> </html>