-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
rhel-7.6
Description of problem:
An IdM object can contain more than one certificate. When you use 'ipa service-show <principal> or 'ipa service-find', both certificates are displayed, but the 'serial' and 'expiry' date shows the data from the old rather than the renewed certificate. This is very confusing.
I suppose the same is also true for host and user objects, but I didn't verify this.
Version-Release number of selected component (if applicable):
ipa-server-4.6.4-10.1ts.el7.x86_64
How reproducible:
Always
Steps to Reproduce:
1.Renew any service certificate
2.Make sure the service entry has more than one certificate attached
3.Call 'ipa service-show <service-principal>
Actual results:
The output shows data that belongs to the old certificate.
Expected results:
The output should show data that belongs to the new certificate.
Additional info: