diff --git a/.github/workflows/ipa-subca-test.yml b/.github/workflows/ipa-subca-test.yml index 83653289db7..de81d2c73d2 100644 --- a/.github/workflows/ipa-subca-test.yml +++ b/.github/workflows/ipa-subca-test.yml @@ -92,10 +92,19 @@ jobs: - name: Check Sub-CA admin run: | - docker exec ipa pki client-cert-import ca_signing --ca-cert root-ca_signing.crt + docker exec ipa pki nss-cert-import \ + --cert root-ca_signing.crt \ + --trust CT,C,C \ + root-ca_signing + + docker exec ipa pki nss-cert-import \ + --cert ipa.crt \ + ca_signing + docker exec ipa pki pkcs12-import \ --pkcs12 /root/ca-agent.p12 \ --pkcs12-password Secret.123 + docker exec ipa pki -n ipa-ca-agent ca-user-show admin - name: Gather artifacts diff --git a/.github/workflows/subca-basic-test.yml b/.github/workflows/subca-basic-test.yml index a2505d9f27c..1963acbace0 100644 --- a/.github/workflows/subca-basic-test.yml +++ b/.github/workflows/subca-basic-test.yml @@ -145,10 +145,19 @@ jobs: - name: Verify CA admin run: | - docker exec subordinate pki client-cert-import ca_signing --ca-cert ${SHARED}/root-ca_signing.crt + docker exec subordinate pki nss-cert-import \ + --cert $SHARED/root-ca_signing.crt \ + --trust CT,C,C \ + root-ca_signing + + docker exec subordinate pki nss-cert-import \ + --cert ca_signing.crt \ + ca_signing + docker exec subordinate pki pkcs12-import \ --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \ --pkcs12-password Secret.123 + docker exec subordinate pki -n caadmin --ignore-banner ca-user-show caadmin - name: Check cert requests in subordinate CA diff --git a/.github/workflows/subca-clone-hsm-test.yml b/.github/workflows/subca-clone-hsm-test.yml index f2e515b0537..4bd433ae6e0 100644 --- a/.github/workflows/subca-clone-hsm-test.yml +++ b/.github/workflows/subca-clone-hsm-test.yml @@ -280,6 +280,7 @@ jobs: docker exec primary-subca pki pkcs12-import \ --pkcs12 $SHARED/caadmin.p12 \ --pkcs12-password Secret.123 + docker exec primary-subca pki -n caadmin ca-user-show caadmin - name: Set up secondary DS container diff --git a/.github/workflows/subca-clone-test.yml b/.github/workflows/subca-clone-test.yml index c2a78206010..6151fb3f7bb 100644 --- a/.github/workflows/subca-clone-test.yml +++ b/.github/workflows/subca-clone-test.yml @@ -113,9 +113,15 @@ jobs: docker exec primary-subca pki client-cert-import \ --ca-cert $SHARED/root-ca_signing.crt \ root-ca_signing + + docker exec primary-subca pki nss-cert-import \ + --cert $SHARED/subca_signing.crt \ + ca_signing + docker exec primary-subca pki pkcs12-import \ --pkcs12 $SHARED/caadmin.p12 \ --pkcs12-password Secret.123 + docker exec primary-subca pki -n caadmin ca-user-show caadmin - name: Export primary sub-CA certs @@ -241,9 +247,15 @@ jobs: docker exec secondary-subca pki client-cert-import \ --ca-cert $SHARED/root-ca_signing.crt \ root-ca_signing + + docker exec secondary-subca pki nss-cert-import \ + --cert $SHARED/subca_signing.crt \ + ca_signing + docker exec secondary-subca pki pkcs12-import \ --pkcs12 $SHARED/caadmin.p12 \ --pkcs12-password Secret.123 + docker exec secondary-subca pki -n caadmin ca-user-show caadmin - name: Check users in primary sub-CA and secondary sub-CA diff --git a/.github/workflows/subca-cmc-test.yml b/.github/workflows/subca-cmc-test.yml index 42bc8beb22c..024a0dd0a80 100644 --- a/.github/workflows/subca-cmc-test.yml +++ b/.github/workflows/subca-cmc-test.yml @@ -182,10 +182,19 @@ jobs: - name: Verify subordinate CA admin cert run: | - docker exec subordinate pki client-cert-import ca_signing --ca-cert $SHARED/ca_signing.p7b + docker exec subordinate pki nss-cert-import \ + --cert $SHARED/root-ca_signing.crt \ + --trust CT,C,C \ + root-ca_signing + + docker exec subordinate pki nss-cert-import \ + --cert ca_signing.crt \ + ca_signing + docker exec subordinate pki pkcs12-import \ --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \ --pkcs12-password Secret.123 + docker exec subordinate pki -n caadmin ca-user-show caadmin - name: Check cert requests in subordinate CA diff --git a/.github/workflows/subca-external-test.yml b/.github/workflows/subca-external-test.yml index 501f5193c85..daad0adaeab 100644 --- a/.github/workflows/subca-external-test.yml +++ b/.github/workflows/subca-external-test.yml @@ -111,10 +111,19 @@ jobs: - name: Verify CA admin run: | - docker exec pki pki client-cert-import ca_signing --ca-cert root-ca_signing.crt + docker exec pki pki nss-cert-import \ + --cert root-ca_signing.crt \ + --trust CT,C,C \ + root-ca_signing + + docker exec pki pki nss-cert-import \ + --cert ca_signing.crt \ + ca_signing + docker exec pki pki pkcs12-import \ --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \ --pkcs12-password Secret.123 + docker exec pki pki -n caadmin ca-user-show caadmin - name: Check cert requests in CA diff --git a/.github/workflows/subca-hsm-test.yml b/.github/workflows/subca-hsm-test.yml index 75b03a5d3d2..4ddd3d9f566 100644 --- a/.github/workflows/subca-hsm-test.yml +++ b/.github/workflows/subca-hsm-test.yml @@ -267,6 +267,7 @@ jobs: docker exec pki pki pkcs12-import \ --pkcs12 /root/.dogtag/pki-tomcat/ca_admin_cert.p12 \ --pkcs12-password Secret.123 + docker exec pki pki -n caadmin ca-user-show caadmin - name: Check CA certs and requests