Issue #46: ipa-getcert: misleading error message with -D option - certmonger

certmonger

#46 ipa-getcert: misleading error message with -D option

Opened Apr 13, 2016 by cheimes. Modified Feb 21, 2017

ipa-getcert shows a misleading error message when a certificate is
requested with the -D option but without -K option.

{{{
# ipa-getcert request -d /etc/httpd/alias -n 'Server-Cert' -t 'NSS
Certificate DB' -T caIPAserviceCert -D fileserver.ipa.example -C
/usr/libexec/ipa/certmonger/restart_httpd
The IPA backend requires the use of the -K option (principal name) when
the -N option (subject name) is used.
}}}

A better error message would be:
{{{
The IPA backend requires the use of the -K option (principal name) when
the -N option (subject name) or -D option (DNS name) is used.
}}}

akasurde commented Aug 3, 2016

Commandline does provide this information,

https://git.fedorahosted.org/cgit/certmonger.git/tree/src/getcert.c#n1114

nalin commented Aug 4, 2016

Right, this is fixed by 7f573058953ad39fc282473e6bc1584d5ba2dca5, but I hadn't noted it here yet.

Metadata Update from @nalin:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

Feb 21, 2017

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

Highest

type

defect

component

CLI

certmonger

#46 ipa-getcert: misleading error message with -D option Opened Apr 13, 2016 by cheimes. Modified Feb 21, 2017

Metadata

#46 ipa-getcert: misleading error message with -D option

Opened Apr 13, 2016 by cheimes. Modified Feb 21, 2017