Uploaded image for project: 'Dogtag PKI'
  1. Dogtag PKI
  2. DOGTAG-4089

pki-serever cli commands fail where certutil works ...both should work

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • None
    • certsys-10.4
    • CA
    • None
    • rhel-idm-cs
    • rc
    • None
    • False
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • 42

      Description of problem:
      When running the pkiserver CLI command for RHCS 10.4/RHEL 8.6 user is prompted for a internal password and still fails when all known passwords provided

      pki-server cert-show --instance rhcs10-RSA-RootCA --pretty-print ca_signing
      keyctl_search: Required key not available
      Enter password for internal:

      Version-Release number of selected component (if applicable):
      RHCS 10.4/RHEL 8.6

      How reproducible:
      Always

      Steps to Reproduce:
      1. Configure RHCS 10.4 with its subsystems as needed
      2. Run the command below and observe that the command fails
      pki-server cert-show --instance rhcs10-RSA-RootCA --pretty-print ca_signing
      keyctl_search: Required key not available

      3. Repeat similar CLI request using certutil command:
      certutil -L -d /var/lib/pki/rhcs10-RSA-RootCA/alias/ -n 'caSigningCert cert-rhcs10-RSA-RootCA CA'

      SUCCESS

      Actual results:
      pki-server cert-show --instance rhcs10-RSA-RootCA --pretty-print ca_signing
      keyctl_search: Required key not available
      Enter password for internal:

      Enter password for internal:
      ERROR: 'hardware-NHSM-CONN-XC'
      Traceback (most recent call last):
      File "/usr/lib/python3.6/site-packages/pki/server/pkiserver.py", line 41, in <module>
      cli.execute(sys.argv)
      File "/usr/lib/python3.6/site-packages/pki/server/cli/_init_.py", line 147, in execute
      super(PKIServerCLI, self).execute(args)
      File "/usr/lib/python3.6/site-packages/pki/cli/_init_.py", line 217, in execute
      module.execute(module_args)
      File "/usr/lib/python3.6/site-packages/pki/cli/_init_.py", line 217, in execute
      module.execute(module_args)
      File "/usr/lib/python3.6/site-packages/pki/server/cli/cert.py", line 277, in execute
      cert = subsystem.get_subsystem_cert(cert_tag)
      File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 168, in get_subsystem_cert
      cert_info = self.get_nssdb_cert_info(cert_id)
      File "/usr/lib/python3.6/site-packages/pki/server/subsystem.py", line 204, in get_nssdb_cert_info
      return nssdb.get_cert_info(nickname, token=token)
      File "/usr/lib/python3.6/site-packages/pki/nssdb.py", line 1391, in get_cert_info
      cert_pem = self.get_cert(nickname=nickname, token=token)
      File "/usr/lib/python3.6/site-packages/pki/nssdb.py", line 1328, in get_cert
      password_file = self.get_password_file(tmpdir, token)
      File "/usr/lib/python3.6/site-packages/pki/nssdb.py", line 284, in get_password_file
      password = self.passwords[token]
      KeyError: 'hardware-NHSM-CONN-XC'

      Expected results:
      Expected that the command would work for pki-server and certutil

      Additional info:

              jira-bugzilla-migration RH Bugzilla Integration
              gkimetto@redhat.com Gilbert Kimetto
              RH Bugzilla Integration RH Bugzilla Integration
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: