tedge cert create-csr c8y --profile <profile> doesn't use the CN of the certificate of the cloud profile #3315
Description
Describe the bug
tedge cert create-csr c8y --profile <profile> tries to use the CN of the main device certificate and private key instead of the ones from the cloud profile.
From the code, the behavour is obvious (wrong).
thin-edge.io/crates/core/tedge/src/cli/certificate/cli.rs
Lines 97 to 100 in 91c4cb5
To Reproduce
Create a main device certificate.
tedge cert create --device-id aaa111
Create another device certificate for cloud profile, then create csr.
tedge config set c8y.device.cert_path --profile second /etc/tedge/device-certs/tedge@second-certificate.pem
tedge config set c8y.device.key_path --profile second /etc/tedge/device-certs/tedge@second-key.pem
tedge cert create --device-id bbb222 c8y --profile second
tedge cert create-csr c8y --profile second
Run
openssl req -noout -subject -in /etc/tedge/device-certs/tedge.csr
Then the output has the CN of the mail device certificate, not the one from the cloud profile. It should be bbb222.
subject=CN = aaa111, O = Thin Edge, OU = Test Device
Also, if the main device certificate and private key don't exist, it returns an error.
root@0042c94c79fa:/setup# tedge cert remove
Certificate was successfully removed
root@0042c94c79fa:/setup# tedge cert create-csr c8y --profile second
Error: missing configuration parameter
Caused by:
Config value device.id, cannot be read: The device id is read from the device certificate.
To set 'device.id' to some <id>, you can use `tedge cert create --device-id <id>`.
Expected behavior
tedge cert create-csr c8y --profile <profile> should consume the certificate and private key from the profiled config.
Screenshots
Environment (please complete the following information):
- OS [incl. version]
- Hardware [incl. revision]
- System-Architecture [e.g. result of "uname -a"]
- thin-edge.io version [1.4.1]
Additional context