-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-8.8.0
-
Yes
-
None
-
rhel-sst-idm-cs
-
ssg_idm
-
None
-
False
-
-
None
-
None
-
None
-
None
-
If docs needed, set a value
-
-
Unspecified
-
None
+++ This bug was initially created as a clone of Bug #2168550 +++
Description of problem:
pki-healthcheck fails with Traceback error when Bogus certificate added to CS.cfg for 'CADogtagCertsConfigCheck' check
Version-Release number of selected component (if applicable):
pki-core-11.3.0-1.el9.src.rpm
jss-5.3.0-0.3.beta2.el9.src.rpm
Steps to Reproduce:
1. Install CA
2. Add Bogus certificate to CA's CS.cfg file:
- grep ca.signing.nickname= /var/lib/pki/pki-tomcat/ca/conf/CS.cfg
ca.signing.nickname=Bogus caSigningCert cert-pki-tomcat CA
3. Run pki-healthcheck with --failures-only flag:
- pki-healthcheck --failures-only
Actual results:
Failing with traceback error:
- pki-healthcheck --failures-only
Unable to retrieve cert: Bogus caSigningCert cert-pki-tomcat CA
[
Unknown macro: { "source"},
Unknown macro: { "source"},
Unknown macro: { "source"}]
Failing at RHEL92 CTC2 pipeline job:
https://gitlab.cee.redhat.com/idm/pki-pytest-ansible/-/jobs/9942870
Expected results:
- pki-healthcheck --failures-only should result the ERROR for 'CADogtagCertsConfigCheck' check for specific directive i.e ca.signing.cert with a proper ERROR message.
Additional info:
It worked previously with RHEL92 CTC1 bits as below:
pki-core-11.3.0-0.2.beta1.el9.src.rpm
jss-5.3.0-0.3.beta2.el9.src.rpm
- pki-healthcheck --failures-only
Unable to retrieve cert: Bogus caSigningCert cert-pki-tomcat CA
[
Unknown macro: { "source"},
Unknown macro: { "source"},
Unknown macro: { "source"}]
- is blocked by
-
-
- Release Pending
-
- external trackers
