Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Minor
Fix Version/s: rhel-9.6
Affects Version/s: rhel-9.2.0
Component/s: pki-core
Labels:
- MigratedToJIRA
- Regression

Fixed in Build:
pki-core-11.6.0-0.3.alpha2.el9
Regression:
Yes
Severity:
Low

Pool Team:

rhel-sst-idm-cs
Sub-System Group:

ssg_idm

Story Points:
0
ACKs Check:

Dev ack
Target Version:

rhel-9.2.0
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Preliminary Testing:
Pass
Testable Builds:

Hide
# rpm -qa | grep -e pki -e ldapjdk -e jss -e healthcheck | sort
idm-jss-5.6.0-0.1.alpha1.el9.x86_64
idm-jss-tomcat-5.6.0-0.1.alpha1.el9.x86_64
idm-ldapjdk-5.6.0-0.2.alpha1.el9.noarch
idm-pki-base-11.6.0-0.3.alpha2.el9.noarch
idm-pki-ca-11.6.0-0.3.alpha2.el9.noarch
idm-pki-java-11.6.0-0.3.alpha2.el9.noarch
idm-pki-kra-11.6.0-0.3.alpha2.el9.noarch
idm-pki-server-11.6.0-0.3.alpha2.el9.noarch
idm-pki-tools-11.6.0-0.3.alpha2.el9.x86_64
ipa-healthcheck-core-0.16-4.el9.noarch
pki-jackson-annotations-2.14.1-1.el9.noarch
pki-jackson-core-2.14.1-2.el9.noarch
pki-jackson-databind-2.14.1-2.el9.noarch
pki-jackson-jaxrs-json-provider-2.14.1-2.el9.noarch
pki-jackson-jaxrs-providers-2.14.1-2.el9.noarch
pki-jackson-module-jaxb-annotations-2.14.1-2.el9.noarch
pki-resteasy-client-3.0.26-19.el9.noarch
pki-resteasy-core-3.0.26-19.el9.noarch
pki-resteasy-jackson2-provider-3.0.26-19.el9.noarch
pki-resteasy-servlet-initializer-3.0.26-19.el9.noarch
python3-idm-pki-11.6.0-0.3.alpha2.el9.noarch

Show
# rpm -qa | grep -e pki -e ldapjdk -e jss -e healthcheck | sort idm-jss-5.6.0-0.1.alpha1.el9.x86_64 idm-jss-tomcat-5.6.0-0.1.alpha1.el9.x86_64 idm-ldapjdk-5.6.0-0.2.alpha1.el9.noarch idm-pki-base-11.6.0-0.3.alpha2.el9.noarch idm-pki-ca-11.6.0-0.3.alpha2.el9.noarch idm-pki-java-11.6.0-0.3.alpha2.el9.noarch idm-pki-kra-11.6.0-0.3.alpha2.el9.noarch idm-pki-server-11.6.0-0.3.alpha2.el9.noarch idm-pki-tools-11.6.0-0.3.alpha2.el9.x86_64 ipa-healthcheck-core-0.16-4.el9.noarch pki-jackson-annotations-2.14.1-1.el9.noarch pki-jackson-core-2.14.1-2.el9.noarch pki-jackson-databind-2.14.1-2.el9.noarch pki-jackson-jaxrs-json-provider-2.14.1-2.el9.noarch pki-jackson-jaxrs-providers-2.14.1-2.el9.noarch pki-jackson-module-jaxb-annotations-2.14.1-2.el9.noarch pki-resteasy-client-3.0.26-19.el9.noarch pki-resteasy-core-3.0.26-19.el9.noarch pki-resteasy-jackson2-provider-3.0.26-19.el9.noarch pki-resteasy-servlet-initializer-3.0.26-19.el9.noarch python3-idm-pki-11.6.0-0.3.alpha2.el9.noarch
Errata Link:
https://errata.engineering.redhat.com/advisory/144001
Test Coverage:

Automated

Release Note Type:
If docs needed, set a value

Experience:
Architecture:

Unspecified
Bugzilla Bug:
RHBZ: 2168550

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description of problem:
pki-healthcheck fails with Traceback error when Bogus certificate added to CS.cfg for 'CADogtagCertsConfigCheck' check

Version-Release number of selected component (if applicable):
pki-core-11.3.0-1.el9.src.rpm
jss-5.3.0-0.3.beta2.el9.src.rpm

Steps to Reproduce:
1. Install CA
2. Add Bogus certificate to CA's CS.cfg file:

grep ca.signing.nickname= /var/lib/pki/pki-tomcat/ca/conf/CS.cfg
ca.signing.nickname=Bogus caSigningCert cert-pki-tomcat CA

3. Run pki-healthcheck with --failures-only flag:

pki-healthcheck --failures-only

Actual results:

Failing with traceback error:

pki-healthcheck --failures-only
Unable to retrieve cert: Bogus caSigningCert cert-pki-tomcat CA
[

Unknown macro: { "source"}

,

Unknown macro: { "source"}

,

Unknown macro: { "source"}

]

Failing at RHEL92 CTC2 pipeline job:
https://gitlab.cee.redhat.com/idm/pki-pytest-ansible/-/jobs/9942870

Expected results:

pki-healthcheck --failures-only should result the ERROR for 'CADogtagCertsConfigCheck' check for specific directive i.e ca.signing.cert with a proper ERROR message.

Additional info:

It worked previously with RHEL92 CTC1 bits as below:

pki-core-11.3.0-0.2.beta1.el9.src.rpm
jss-5.3.0-0.3.beta2.el9.src.rpm

pki-healthcheck --failures-only
Unable to retrieve cert: Bogus caSigningCert cert-pki-tomcat CA
[

Unknown macro: { "source"}

,

Unknown macro: { "source"}

,

Unknown macro: { "source"}

]

blocks

RHEL-13129 pki-healthcheck fails with Traceback error when Bogus certificate added to CS.cfg for 'CADogtagCertsConfigCheck' check

Planning

external trackers

Red Hat Issue Tracker RHELPLAN-148129

links to

RHBA-2024:144001 pki-core bug fix and enhancement update

Assignee:: Marco Fargetta

Reporter:: Pritam Singh

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2023/10/13 3:05 PM

Updated:: 2025/01/07 3:45 PM

Next Planned Release Date:: 2025/05/13

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates