On 3/6/2013 9:51 AM, Petr Vobornik wrote:
1. As previously discussed, the cert-find is only available with Dogtag
CA, so the Certificates page should be disabled with self-signed CA. But
if self-signed CA is dropped, then it's not necessary to disable the
Certificates page. We may need to keep the ticket open until this is
resolved one way or another.

Seems that the drop will land in different release. I disabled it
similar way as in DNS. I didn't test it. Do you have installation
without dogtag?

Yes, the cert page now doesn't appear in the self-sign mode.

2. Right now the fields in the cert details page are editable although
there is no Update button. If you change the value an Undo button will
appear. If you try to leave the page it will show the Unsaved Changes
dialog. Since there's no cert-mod operation these fields should not be

The certificate field is still editable. There's an undo button and you'll get a 'page dirty' dialog. Could we make it read-only text field?

3. In the cert details page if you revoke the cert it will work but an
error will appear below the revocation reason field saying 'Must be an

#2, #3: I forget to tell you, that this patch also depends on my patch
#261 - Fix handling of no_update flag in Web UI. Sorry. It should fix
it. It was pushed to master today.

Everything else is fixed except for the certificate field above.

4. I think showing an empty revocation reason field on a valid cert is
kind of weird. It might be better to create a Status section with two
fields: status and revocation reason. If status is valid the revocation
reason will be empty or hidden. If revoked then the reason will appear
below the status.

Fixed it by hiding the row.

Showing the status is separate issue. I would like to avoid computing it
in web ui - IIUIC it depends also on valid-until and similar fields.
Cert-show command doesn't include the status.

OK, let's address this separately. The search page shows the status, so it would make sense if the details page also shows the status.

5. In host/service details page the View link can be changed to go to
the cert details page instead of showing a dialog box.

Do we want to do it?

That's probably a question for UXD whether we should stay in the host/service page or move to the cert page (and probably not having a link back to the host/service page). Also, in self-sign mode there won't be a cert page to link to. Let's leave it as is for now.

6. It would be better to organize the fields in the cert details page
like the cert view dialog in host/service details page.

Switched MD5fp. with SHA1fp.

Do you also want to split subject and issuer as in the dialog and moved
the fields to different sections?

Currently the order is the same as in dialog except serial numbers. I
kept them on top because issuer and subject may be very long and they
can clash with the action panel if placed on top.

I'm OK with the current page, but maybe UXD has a different opinion. This can be addressed separately.

7. Certificate can be added/revoked/restored via certificate pages and
host/service details pages. We need to make sure that if you do an
operation on one page, the other pages won't show outdated information.


I added a cert via host details page. When I go to the cert search page the new cert doesn't appear until I click Refresh. The revoke/restore works though, the status are updated automatically in all pages.

8. The revocation reason takes an integer. Probably the search field
should change into a drop down list showing all available reasons.

9. The date options take a certain format (YYYY-MM-DD), so we should
show the format probably as greyed text in the search field.

10. The current design only allows specifying one option at a time. Some
of these options are meant to be used as a pair because they represent a
range (min & max serial number). How about creating an Advanced Search
dialog that shows all search options in separate fields so they can be
combined? The basic search field can remain simple like the search field
in other entities and it will search the cert subject only.

8-10: I agree, but I don't want to complicate the patch. Originally this
patch shouldn't really exist. Original agreement was that the search
will be fixed to 'subject' field and that it should be replaced with
proper implementation of #191 later. I made this patch to give users at
least some options. Main obstacle is that there are more pressing issues
for April release.

OK, let leave it as is for now, but some people might be reporting usability issue.

11. The list of search options is a drop down list, but it's surrounded
by a rounded box like the text field next to it. This might be just a
personal preference but I'm not sure if it's an appropriate look for a
drop down list.

It's just border radius. When I disable it it looks kinda inconsistent,

OK, this is fine.

So the remaining issues are #2 and #7. Other than that it's ACKed. Feel free to fix and push.

Endi S. Dewata

Freeipa-devel mailing list

Reply via email to