dogtagpki · edewata · Jan 28, 2025 · Jan 27, 2025
diff --git a/.github/workflows/ocsp-basic-test.yml b/.github/workflows/ocsp-basic-test.yml
@@ -56,7 +56,23 @@ jobs:
               -D pki_ds_url=ldap://ds.example.com:3389 \
               -v
 
+      - name: Check PKI system certs
+        run: |
           docker exec pki pki-server cert-find
+          docker exec pki pki-server cert-show ca_signing
+          docker exec pki pki-server cert-show ca_ocsp_signing
+          docker exec pki pki-server cert-show sslserver
+          docker exec pki pki-server cert-show subsystem
+          docker exec pki pki-server cert-show ca_audit_signing
+
+      - name: Check CA system certs
+        run: |
+          docker exec pki pki-server subsystem-cert-find ca
+          docker exec pki pki-server subsystem-cert-show ca signing
+          docker exec pki pki-server subsystem-cert-show ca ocsp_signing
+          docker exec pki pki-server subsystem-cert-show ca sslserver
+          docker exec pki pki-server subsystem-cert-show ca subsystem
+          docker exec pki pki-server subsystem-cert-show ca audit_signing
 
       - name: Check security domain config in CA
         run: |
@@ -107,6 +123,25 @@ jobs:
               -D pki_ds_url=ldap://ds.example.com:3389 \
               -v
 
+      - name: Check PKI system certs
+        run: |
+          docker exec pki pki-server cert-find
+          docker exec pki pki-server cert-show ca_signing
+          docker exec pki pki-server cert-show ca_ocsp_signing
+          docker exec pki pki-server cert-show sslserver
+          docker exec pki pki-server cert-show subsystem
+          docker exec pki pki-server cert-show ca_audit_signing
+          docker exec pki pki-server cert-show ocsp_signing
+          docker exec pki pki-server cert-show ocsp_audit_signing
+
+      - name: Check OCSP system certs
+        run: |
+          docker exec pki pki-server subsystem-cert-find ocsp
+          docker exec pki pki-server subsystem-cert-show ocsp signing
+          docker exec pki pki-server subsystem-cert-show ocsp sslserver
+          docker exec pki pki-server subsystem-cert-show ocsp subsystem
+          docker exec pki pki-server subsystem-cert-show ocsp audit_signing
+
       - name: Check PKI server base dir after installation
         run: |
           # check file types, owners, and permissions

diff --git a/base/server/python/pki/server/cli/subsystem.py b/base/server/python/pki/server/cli/subsystem.py
@@ -814,7 +814,7 @@ def print_subsystem_cert(cert, show_all=False):
 class SubsystemCertFindCLI(pki.cli.CLI):
 
     def __init__(self):
-        super().__init__('find', 'Find subsystem certificates')
+        super().__init__('find', 'Find subsystem certificates', deprecated=True)
 
     def create_parser(self, subparsers=None):
 
@@ -852,6 +852,10 @@ def print_help(self):
 
     def execute(self, argv, args=None):
 
+        logger.warning(
+            'The pki-server subsystem-cert-find has been deprecated. '
+            'Use pki-server cert-find instead.')
+
         if not args:
             args = self.parser.parse_args(args=argv)
 
@@ -905,7 +909,7 @@ def execute(self, argv, args=None):
 class SubsystemCertShowCLI(pki.cli.CLI):
 
     def __init__(self):
-        super().__init__('show', 'Show subsystem certificate')
+        super().__init__('show', 'Show subsystem certificate', deprecated=True)
 
     def create_parser(self, subparsers=None):
 
@@ -944,6 +948,10 @@ def usage(self):
 
     def execute(self, argv, args=None):
 
+        logger.warning(
+            'The pki-server subsystem-cert-show has been deprecated. '
+            'Use pki-server cert-show instead.')
+
         if not args:
             args = self.parser.parse_args(args=argv)
 

diff --git a/base/server/python/pki/server/subsystem.py b/base/server/python/pki/server/subsystem.py
@@ -355,12 +355,16 @@ def find_system_certs(self):
 
     def get_cert_infos(self):
 
+        cert_infos = []
+
         cert_list = self.config.get('%s.cert.list' % self.name)
         if not cert_list:
-            return []
+            return cert_infos
 
         for cert_tag in cert_list.split(','):
-            yield self.get_cert_info(cert_tag)
+            cert_infos.append(self.get_cert_info(cert_tag))
+
+        return cert_infos
 
     def get_subsystem_certs(self):
         certs = self.config.get('%s.cert.list' % self.name)

diff --git a/docs/changes/v11.6.0/Tools-Changes.adoc b/docs/changes/v11.6.0/Tools-Changes.adoc
@@ -66,9 +66,14 @@ The `pkispawn` command has been updated to include ACME and EST subsystem deploy
 
 The `pkidestroy` command has been updated to include ACME and EST subsystem removal.
 
-== Add pki-server pki-server password-set/unset ==
+== Add pki-server password-set/unset ==
 
 The `pki-server password-set/unset` commands have been added
 to replace `pki-server password-add/del`.
 
 The `pki-server password-add/del` commands have been deprecated.
+
+== Deprecate pki-server subsystem-cert-find/show ==
+
+The `pki-server subsystem-cert-find/show` commands have been deprecated.
+Use `pki-server cert-find/show` commands instead.