-
Bug
-
Resolution: Unresolved
-
Undefined
-
rhel-10.0.beta
-
Yes
-
None
-
rhel-sst-idm-cs
-
ssg_idm
-
None
-
False
-
-
None
-
Certificate System
-
None
-
None
-
None
-
-
x86_64
-
None
What were you trying to do that didn't work?
Testing certificate pruning for complete request
Please provide the package NVR for which bug is seen:
idm-jss-tomcat-5.5.0-2.el10.x86_64.rpm
idm-pki-base-11.5.2-1.el10.noarch.rpm
idm-ldapjdk-5.5.0-2.el10.noarch.rpm
idm-jss-5.5.0-2.el10.x86_64.rpm
idm-pki-kra-11.5.2-1.el10.noarch.rpm
idm-pki-ca-11.5.2-1.el10.noarch.rpm
idm-pki-tools-11.5.2-1.el10.x86_64.rpm
idm-pki-java-11.5.2-1.el10.noarch.rpm
idm-pki-server-11.5.2-1.el10.noarch.rpm
How reproducible:
Always
Steps to reproduce
1. Issue a certificate against caUserCert profile modify profile to expire a cert in minute and issued a cert
- Set the cert validity for 1 minute
2. Wait for 1 minute to expire a certificate
3. Start the pruning job with 0 minute retention time
Expected results
1. Certificate should be created successfully validity of 1 minute
2. ca-job-start pruning command should successfully removed the certificate and its corresponding request
Actual results
After waiting beyond the 1 minute validity period cert status not changed to expired.
Still shows as VALID
- date
Fri Jul 19 11:38:31 AM EDT 2024
- pki -d /opt/pki/certdb -P https -p 8443 -h pki1.example.com -c SECret.123 -n "PKI CA Administrator for Example.Org" ca-cert-show 0x2f53655a2f8a5b0187a19f28024fffcd
Serial Number: 0x2f53655a2f8a5b0187a19f28024fffcd
Subject DN: UID=test
Issuer DN: CN=CA Signing Certificate,OU=pki-tomcat,O=topology-01_Foobarmaster.org
Status: VALID
Not Valid Before: Fri Jul 19 11:34:12 EDT 2024
Not Valid After: Fri Jul 19 11:35:12 EDT 2024
