CA renewal manual, directory authenticated and

sslclient self renewal tests.
Subca usergroup tests and new tests added to
ca's usergroup.

8 files changed, 8973 insertions, 25 deletions

diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile
index 556b9b971..73fa2213f 100755
--- a/tests/dogtag/Makefile
+++ b/tests/dogtag/Makefile
@@ -259,11 +259,15 @@ build: $(BUILT_FILES)
 	chmod a+x ./acceptance/legacy/ca-tests/publishing/ca-admin-publishing.sh
 	chmod a+x ./acceptance/legacy/ca-tests/cert-enrollment/ca-ag-certificates.sh
 	chmod a+x ./acceptance/legacy/ca-tests/ocsp/ca-ee-ocsp.sh
+	chmod a+x ./acceptance/legacy/ca-tests/renewal/renew_manual.sh
+        chmod a+x ./acceptance/legacy/ca-tests/renewal/renew_DirAuthUserCert.sh
+        chmod a+x ./acceptance/legacy/ca-tests/renewal/renew_caSSLClientCert.sh
 	chmod a+x ./acceptance/legacy/drm-tests/acls/drm-ad-acls.sh
 	chmod a+x ./acceptance/legacy/drm-tests/agent/drm-ag-tests.sh
 	chmod a+x ./acceptance/legacy/drm-tests/internaldb/drm-ad-internaldb.sh
 	chmod a+x ./acceptance/legacy/drm-tests/usergroups/drm-ad-usergroups.sh	
 	chmod a+x ./acceptance/legacy/drm-tests/logs/drm-ad-logs.sh
+	chmod a+x ./acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh
 	chmod a+x ./acceptance/legacy/subca-tests/acls/subca-ad-acls.sh
 	chmod a+x ./acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh
 	chmod a+x ./acceptance/legacy/subca-tests/authplugin/subca-ad-authplugin.sh
diff --git a/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_DirAuthUserCert.sh b/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_DirAuthUserCert.sh
new file mode 100644
index 000000000..efb9964fa
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_DirAuthUserCert.sh
@@ -0,0 +1,2757 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/ca-tests/renewal
+#   Description: PKI CA certificate renewal of Directory Authenticated user certificates
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki commands needs to be tested:
+#  /ca/ee/ca/ProfileSubmit profile caDirUserRenewal
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Asha Akkiangady <aakkiang@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/env.sh
+
+run_pki-legacy-ca-renew_dir_auth_user_cert_tests()
+{
+	local subsystemType=$1
+        local csRole=$2
+
+        # Creating Temporary Directory for pki ca-renew-dir-auth-user-cert
+        rlPhaseStartSetup "pki ca renew directory auth user cert - Temporary Directory"
+        	rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+	        rlRun "pushd $TmpDir"
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+		#Forward the clock 40 days to test grace period
+		forward_system_clock 40
+        rlPhaseEnd
+
+        # Local Variables
+        get_topo_stack $csRole $TmpDir/topo_file
+        local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME)
+        local ca_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
+        local ca_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT)
+        local ca_host=$(eval echo \$${csRole})
+        local valid_agent_user=$CA_INST\_agentV
+        local valid_agent_user_password=$CA_INST\_agentV_password
+        local valid_admin_user=$CA_INST\_adminV
+        local valid_admin_user_password=$CA_INST\_adminV_password
+        local valid_audit_user=$CA_INST\_auditV
+        local valid_audit_user_password=$CA_INST\_auditV_password
+        local valid_operator_user=$CA_INST\_operatorV
+        local valid_operator_user_password=$CA_INST\_operatorV_password
+        local valid_agent_cert=$CA_INST\_agentV
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local ca_admin_user=$(eval echo \$${CA_INST}_ADMIN_USER)
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')
+	local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local ca_db_suffix=$(eval echo \$${CA_INST}_DB_SUFFIX)
+	local ldap_conn_port=$(eval echo \$${CA_INST}_LDAP_PORT)
+	local ldap_rootdn=$(eval echo $LDAP_ROOTDN)
+	local ldap_rootdn_password=$(eval echo $LDAP_ROOTDNPWD)
+	disable_ca_nonce $tomcat_name
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-001: Renew a directory user cert that expire in the renew grace period"
+		#Change caDirUserCert.cfg profile to have cert validity range to be 20 days
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+		local search_string="policyset.userCertSet.2.default.params.range=180"
+		local replace_string="policyset.userCertSet.2.default.params.range=20"
+		replace_string_in_a_file $profile_file $search_string $replace_string
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_001_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_001_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_001_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_001_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend1$rand
+		local ldap_user_password=rend1password
+		cat > $TmpDir/adduser1.ldif << adduser1.ldif_EOF
+
+version: 1
+
+ entry-id: 101
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser1.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser1.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_001_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_001_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_001_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_001_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_001_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_001_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_001_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_001_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_001_004.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_001_004_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_001_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_001_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_001_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_001_005.txt"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-002: Renew a directory user cert that expired and in the renew grace period"
+		#set system clock 20 days older
+		reverse_system_clock 20
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 10 days
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+		local search_string="policyset.userCertSet.2.default.params.range=180"
+		local replace_string="policyset.userCertSet.2.default.params.range=10"
+		replace_string_in_a_file $profile_file $search_string $replace_string
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_002_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_002_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_002_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_002_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend2$rand
+		local ldap_user_password=rend2password
+		cat > $TmpDir/adduser2.ldif << adduser2.ldif_EOF
+
+version: 1
+
+ entry-id: 102
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser2.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser2.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_002_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_002_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_002_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_002_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_002_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Set System Clock back to today
+		forward_system_clock 20
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_002_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_002_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_002_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_002_004.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_002_004_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_002_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_002_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_002_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_002_005.txt"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-003: Renew a directory user cert thats going to expire after the renew grace period BZ1182353"
+		#Change caDirUserCert.cfg profile to have cert validity range to be 31 days
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+		local search_string="policyset.userCertSet.2.default.params.range=180"
+		local replace_string="policyset.userCertSet.2.default.params.range=31"
+		replace_string_in_a_file $profile_file $search_string $replace_string
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_003_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_003_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_003_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_003_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend3$rand
+		local ldap_user_password=rend3password
+		cat > $TmpDir/adduser3.ldif << adduser3.ldif_EOF
+
+version: 1
+
+ entry-id: 103
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser3.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser3.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_003_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_003_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_003_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_003_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_003_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string $search_string
+		if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_003_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_003_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_003_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_003_004.txt"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_dir_auth_usercert_003_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_003_005.txt \
+                            -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_003_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_003_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_003_005.txt"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-004: Renew a directory user cert that expired and outside the renew grace period BZ1182353"
+		#set system clock 34 days older
+		reverse_system_clock 34
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 3 days
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+		local search_string="policyset.userCertSet.2.default.params.range=180"
+		local replace_string="policyset.userCertSet.2.default.params.range=3"
+		replace_string_in_a_file $profile_file $search_string $replace_string
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_004_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_004_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_004_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_004_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend2$rand
+		local ldap_user_password=rend4password
+		cat > $TmpDir/adduser4.ldif << adduser4.ldif_EOF
+
+version: 1
+
+ entry-id: 104
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser4.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser4.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_004_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_004_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_004_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_004_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_004_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Set System Clock back to today
+		forward_system_clock 34
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_004_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_004_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_004_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_004_004.txt"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_dir_auth_usercert_004_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_004_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_004_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_004_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_004_005.txt"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-005: Renew a directory user cert when userid is not provided"
+		#Change caDirUserCert.cfg profile to have cert validity range to be 20 days
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+		local search_string="policyset.userCertSet.2.default.params.range=180"
+		local replace_string="policyset.userCertSet.2.default.params.range=20"
+		replace_string_in_a_file $profile_file $search_string $replace_string
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_005_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                            -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_005_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_005_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_005_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend5$rand
+		local ldap_user_password=rend5password
+		cat > $TmpDir/adduser5.ldif << adduser5.ldif_EOF
+
+version: 1
+
+ entry-id: 105
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser5.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser5.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_005_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_005_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_005_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_005_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_005_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_005_004.txt \
+                             -d \"profileId=$renew_profile_id&uid= &pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_005_004.txt \
+                             -d \"profileId=$renew_profile_id&uid= &pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_005_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_005_004.txt"
+                rlAssertGrep "Invalid Credential" "$TmpDir/ca_renew_dir_auth_usercert_005_004_2.txt"
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_005_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_005_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_005_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_005_005.txt"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-006: Renew a directory user cert when certificate is a non directory usercert"
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_006_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_006_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local userid=rend6$rand
+                local password=password$userid
+		cat > $TmpDir/adduser6.ldif << adduser6.ldif_EOF
+
+version: 1
+
+ entry-id: 106
+dn: uid=$userid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $userid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$userid
+loginshell: /bin/bash
+userPassword: $password
+adduser6.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser6.ldif" 0
+
+		#user certificate enrollment using profile caUserCert
+                local fullname=$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_006_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_006_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_006_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+		rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_dir_auth_usercert_006_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_006_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_006_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"	
+		
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$userid&pwd=$password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$userid&pwd=$password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_006_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_006_004.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_006_004_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_006_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_006_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_006_005.txt"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-007: Renew a directory user cert when userid is a long string"
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_007_001.txt \
+                             -d \"profileId=$renew_profile_id&uid=rend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11user&pwd=rend7password&renewal=true&serial_num=2\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_007_001.txt \
+                             -d \"profileId=$renew_profile_id&uid=rend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11user&pwd=rend7password&renewal=true&serial_num=2\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_007_001_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_007_001.txt"
+                rlAssertGrep "Cannot load UserDirEnrollment" "$TmpDir/ca_renew_dir_auth_usercert_007_001_2.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-008: Renew a directory user cert when userpassword is a long string"
+                local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_008_001.txt \
+                             -d \"profileId=$renew_profile_id&uid=rend8&pwd=rend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11user&renewal=true&serial_num=2\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_008_001.txt \
+                             -d \"profileId=$renew_profile_id&uid=rend8&pwd=rend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11userrend11user&renewal=true&serial_num=2\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_008_001_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_008_001.txt"
+                rlAssertGrep "Cannot load UserDirEnrollment" "$TmpDir/ca_renew_dir_auth_usercert_008_001_2.txt"
+        rlPhaseEnd
+	
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-009: Renew a directory user cert when serial number field has a very long string"
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_009_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_009_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_009_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_009_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend9$rand
+		local ldap_user_password=rend9password
+		cat > $TmpDir/adduser1.ldif << adduser1.ldif_EOF
+
+version: 1
+
+ entry-id: 109
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser1.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser1.ldif" 0
+
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_009_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_009_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=12341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234123412341234\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_009_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_009_004.txt"
+                rlAssertGrep "Record not found" "$TmpDir/ca_renew_dir_auth_usercert_009_004_2.txt"
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_009_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_009_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_009_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_009_005.txt"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-010: Renew a directory user cert when grace period graceBefore value is a negative number"
+		#Change grace period graceBefore value to a negative number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=-10"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 20 days
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=20"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_010_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_010_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_010_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_010_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend10$rand
+		local ldap_user_password=rend10password
+		cat > $TmpDir/adduser10.ldif << adduser10.ldif_EOF
+
+version: 1
+
+ entry-id: 110
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser10.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser10.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_010_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_010_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_010_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_010_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_010_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string2 $search_string2
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_010_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_010_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_010_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_010_004.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_010_004_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_010_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_010_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_010_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_010_005.txt"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-011: Renew a directory user cert when grace period graceBefore value is a smaller number"
+		#Change grace period graceBefore value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=1"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 1 day
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=1"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_011_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                            -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_011_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_011_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_011_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend11$rand
+		local ldap_user_password=rend11password
+		cat > $TmpDir/adduser11.ldif << adduser11.ldif_EOF
+
+version: 1
+
+ entry-id: 111
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser11.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser11.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_011_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_011_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_011_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_011_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_011_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string2 $search_string2
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_011_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_011_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_011_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_011_004.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_011_004_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_011_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_011_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_011_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_011_005.txt"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-012: Renew a directory user cert outside renew grace period when grace period graceBefore value is a smaller number BZ1182353"
+		#Change grace period graceBefore value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=1"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 10 days
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=10"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_012_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_012_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_012_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_012_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend12$rand
+		local ldap_user_password=rend12password
+		cat > $TmpDir/adduser12.ldif << adduser12.ldif_EOF
+
+version: 1
+
+ entry-id: 112
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser12.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser12.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_012_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_012_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_012_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_012_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_012_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string2 $search_string2
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_012_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_012_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_012_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_012_004.txt"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_dir_auth_usercert_012_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_012_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_012_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_012_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_012_005.txt"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-013: Renew a directory user cert when grace period graceBefore value is a bigger number"
+		#Change grace period graceBefore value to a bigger number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=360"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 1 day
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=359"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_013_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_013_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_013_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_013_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend13$rand
+		local ldap_user_password=rend13password
+		cat > $TmpDir/adduser13.ldif << adduser13.ldif_EOF
+
+version: 1
+
+ entry-id: 113
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser13.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser13.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_013_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_013_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_013_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_013_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_013_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string2 $search_string2
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_013_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_013_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_013_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_013_004.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_013_004_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_013_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_013_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_013_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_013_005.txt"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-014: Renew a directory user cert outside renew grace period when grace period graceBefore value is a bigger number BZ1182353"
+		#Change grace period graceBefore value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceBefore=360"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 362 days
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=362"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_014_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_014_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_014_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_014_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend14$rand
+		local ldap_user_password=rend14password
+		cat > $TmpDir/adduser14.ldif << adduser14.ldif_EOF
+
+version: 1
+
+ entry-id: 114
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser14.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser14.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_014_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_014_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_014_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_014_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_014_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string2 $search_string2
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_014_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_014_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_014_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_014_004.txt"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_dir_auth_usercert_014_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_014_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_014_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_014_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_014_005.txt"
+        rlPhaseEnd
+
+	
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-015: Renew a directory user cert when grace period graceAfter value is a smaller number"
+		#set system clock 34 days older
+                reverse_system_clock 34
+
+		#Change grace period graceAfter value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceAfter=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceAfter=2"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 33 days
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=33"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_015_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_015_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_015_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_015_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend15$rand
+		local ldap_user_password=rend15password
+		cat > $TmpDir/adduser15.ldif << adduser15.ldif_EOF
+
+version: 1
+
+ entry-id: 115
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser15.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser15.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_015_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_015_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_015_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_015_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_015_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+		
+		#Set System Clock back to today
+                forward_system_clock 34
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string2 $search_string2
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_015_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_015_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_015_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_015_004.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_015_004_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Change grace period graceAfter value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_015_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_015_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_015_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_015_005.txt"
+        rlPhaseEnd
+
+	
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-016: Renew a directory user cert outside renew grace period when grace period graceAfter value is a smaller number BZ1182353"
+		#set system clock 34 days older
+                reverse_system_clock 34
+
+		#Change grace period graceAfter value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceAfter=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceAfter=2"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 31 days
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=31"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_016_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_016_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_016_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_016_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend16$rand
+		local ldap_user_password=rend16password
+		cat > $TmpDir/adduser16.ldif << adduser16.ldif_EOF
+
+version: 1
+
+ entry-id: 116
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser16.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser16.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_016_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_016_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_016_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_016_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_016_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+		
+		#Set System Clock back to today
+                forward_system_clock 34
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string2 $search_string2
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_016_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_016_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_016_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_016_004.txt"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_dir_auth_usercert_016_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Change grace period graceAfter value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_016_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_016_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_016_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_016_005.txt"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-017: Renew a directory user cert when grace period graceAfter value is a bigger number"
+		#set system clock 37 days older
+                reverse_system_clock 37
+
+		#Change grace period graceAfter value to a bigger number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceAfter=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceAfter=360"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 1 day
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=1"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_017_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_017_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_017_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_017_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend17$rand
+		local ldap_user_password=rend17password
+		cat > $TmpDir/adduser17.ldif << adduser17.ldif_EOF
+
+version: 1
+
+ entry-id: 117
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser17.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser17.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_017_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_017_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_017_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_017_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_017_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+		
+		#Set System Clock back to today
+                forward_system_clock 37
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string2 $search_string2
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_017_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_017_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_017_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_017_004.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_017_004_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Change grace period graceAfter value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_017_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_017_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_017_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_017_005.txt"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-018: Renew a directory user cert outside renew grace period when grace period graceAfter value is a bigger number BZ1182353"
+		#set system clock 37 days older
+                reverse_system_clock 37
+
+		#Change grace period graceAfter value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+                local search_string1="policyset.userCertSet.10.constraint.params.renewal.graceAfter=30"
+                local replace_string1="policyset.userCertSet.10.constraint.params.renewal.graceAfter=35"
+                replace_string_in_a_file $profile_file $search_string1 $replace_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi	
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 1 day
+		local search_string2="policyset.userCertSet.2.default.params.range=180"
+		local replace_string2="policyset.userCertSet.2.default.params.range=1"
+		replace_string_in_a_file $profile_file $search_string2 $replace_string2
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_018_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_018_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_018_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_018_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend18$rand
+		local ldap_user_password=rend18password
+		cat > $TmpDir/adduser18.ldif << adduser18.ldif_EOF
+
+version: 1
+
+ entry-id: 118
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser18.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser18.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_018_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_018_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_018_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_018_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_018_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+		
+		#Set System Clock back to today
+                forward_system_clock 37
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file  $replace_string2 $search_string2 
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_018_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_018_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_018_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_018_004.txt"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_dir_auth_usercert_018_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Change grace period graceAfter value to original value 30
+                replace_string_in_a_file $profile_file $replace_string1 $search_string1
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_018_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_018_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_018_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_018_005.txt"
+        rlPhaseEnd
+
+	
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-019: Renew a revoked directory user cert that epires in renew grace period - manually approved by a valid agent"
+		#Change caDirUserCert.cfg profile to have cert validity range to be 20 days
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+		local search_string="policyset.userCertSet.2.default.params.range=180"
+		local replace_string="policyset.userCertSet.2.default.params.range=20"
+		replace_string_in_a_file $profile_file $search_string $replace_string
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_019_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_019_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend19$rand
+		local ldap_user_password=rend19password
+		cat > $TmpDir/adduser19.ldif << adduser19.ldif_EOF
+
+version: 1
+
+ entry-id: 119
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser19.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser19.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_019_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_019_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_019_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+		
+		#Revoke the cert
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local invalidity_time=$(($(date +%s%N)/1000000))
+                serial_number_in_decimal=$((${serial_number}))
+                serial_number_only=${serial_number:2:$serial_length}
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_004.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_004.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/ca_renew_dir_auth_usercert_019_004_2.txt" 0 "Submit Certificate Revoke request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_019_004.txt"
+                rlAssertGrep "revoked = \"yes\"" "$TmpDir/ca_renew_dir_auth_usercert_019_004_2.txt"
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string $search_string 
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_019_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_019_004.txt"
+                rlAssertGrep "Cannot renew a revoked certificate" "$TmpDir/ca_renew_dir_auth_usercert_019_004_2.txt"
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_019_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_019_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_019_005.txt"
+        rlPhaseEnd
+
+	
+        rlPhaseStartTest "pki_ca_renew_dir_auth_usercert-020: Renew a revoked expired directory user cert"
+		#set system clock 37 days older
+                reverse_system_clock 37
+
+		#Change caDirUserCert.cfg profile to have cert validity range to be 1 day
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+		local search_string="policyset.userCertSet.2.default.params.range=180"
+		local replace_string="policyset.userCertSet.2.default.params.range=20"
+		replace_string_in_a_file $profile_file $search_string $replace_string
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth authentication plugin
+		local plugin_id="UserDirEnrollment"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=$plugin_id&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_020_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_020_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=rend20$rand
+		local ldap_user_password=rend20password
+		cat > $TmpDir/adduser20.ldif << adduser20.ldif_EOF
+
+version: 1
+
+ entry-id: 120
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser20.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser20.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_020_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_020_002.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_dir_auth_usercert_020_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+	
+		#Revoke the cert
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local invalidity_time=$(($(date +%s%N)/1000000))
+                serial_number_in_decimal=$((${serial_number}))
+                serial_number_only=${serial_number:2:$serial_length}
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_004.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_004.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/ca_renew_dir_auth_usercert_020_004_2.txt" 0 "Submit Certificate Revoke request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_020_004.txt"
+                rlAssertGrep "revoked = \"yes\"" "$TmpDir/ca_renew_dir_auth_usercert_020_004_2.txt"
+	
+		#Set System Clock back to today
+                forward_system_clock 37
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+                #Submit Renew certificate request
+		local renew_profile_id="caDirUserRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_004.txt \
+                             -d \"profileId=$renew_profile_id&uid=$ldap_uid&pwd=$ldap_user_password&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_dir_auth_usercert_020_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_020_004.txt"
+                rlAssertGrep "Cannot renew a revoked certificate" "$TmpDir/ca_renew_dir_auth_usercert_020_004_2.txt"
+
+		#Cleanup: Delete uidpwddirauth authentication plugin
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_dir_auth_usercert_020_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=instance&RS_ID=$plugin_id\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_dir_auth_usercert_020_005_2.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_dir_auth_usercert_020_005.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_dir_auth_usercert_cleanup: Enable nonce and delete temporary directory"
+		#set system clock 40 days older, backto today's datetime
+		reverse_system_clock 40
+		rlLog "tomcat name=$tomcat_name"
+                enable_ca_nonce $tomcat_name
+		#Delete temporary directory
+                rlRun "popd"
+                rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_caSSLClientCert.sh b/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_caSSLClientCert.sh
new file mode 100644
index 000000000..131608a58
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_caSSLClientCert.sh
@@ -0,0 +1,1560 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/ca-tests/renewal
+#   Description: Self renew user SSL client certificates
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki commands needs to be tested:
+#  /ca/ee/ca/ProfileSubmit profile caSSLClientSelfRenewal
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Asha Akkiangady <aakkiang@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/env.sh
+
+run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests()
+{
+	local subsystemType=$1
+        local csRole=$2
+
+        # Creating Temporary Directory for pki Self Renew ca_user_ssl_client_cert
+        rlPhaseStartSetup "pki ca self renew caSSLClient cert - Temporary Directory"
+        	rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+	        rlRun "pushd $TmpDir"
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+		#Forward the clock 40 days to test grace period
+	#	forward_system_clock 40
+        rlPhaseEnd
+
+        # Local Variables
+        get_topo_stack $csRole $TmpDir/topo_file
+        local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME)
+        local ca_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
+        local ca_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT)
+        local ca_host=$(eval echo \$${csRole})
+        local valid_agent_user=$CA_INST\_agentV
+        local valid_agent_user_password=$CA_INST\_agentV_password
+        local valid_admin_user=$CA_INST\_adminV
+        local valid_admin_user_password=$CA_INST\_adminV_password
+        local valid_audit_user=$CA_INST\_auditV
+        local valid_audit_user_password=$CA_INST\_auditV_password
+        local valid_operator_user=$CA_INST\_operatorV
+        local valid_operator_user_password=$CA_INST\_operatorV_password
+        local valid_agent_cert=$CA_INST\_agentV
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local ca_admin_user=$(eval echo \$${CA_INST}_ADMIN_USER)
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')
+	local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local ca_db_suffix=$(eval echo \$${CA_INST}_DB_SUFFIX)
+	local ldap_conn_port=$(eval echo \$${CA_INST}_LDAP_PORT)
+	local ldap_rootdn=$(eval echo $LDAP_ROOTDN)
+	local ldap_rootdn_password=$(eval echo $LDAP_ROOTDNPWD)
+	disable_ca_nonce $tomcat_name
+
+        rlPhaseStartTest "pki_ca_renew_self_sslclientcert-001: Self Renew a SSLClient cert that expires within the renew grace period"
+                local userid="rens1"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_001_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_001_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_001_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_001_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_001_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_001_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_001_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_001_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_001_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_001_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_001_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_001_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_001_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_001_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_001_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_001_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_001_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_001_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_001_005.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_001_005_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_001_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Make sure cerificate has 180 days validity
+		local notBefore=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_001_005_2.txt | grep 'Not Before' |  awk -F 'Not Before: ' '{print $2}' | awk -F"Not  After:" '{print $1}' |  awk '{$NF="";sub(/\n+$/,"")}1')
+		local notAfter=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_001_005_2.txt | grep 'Not  After' |  awk -F 'Not  After: ' '{print $2}'  | awk -F"Subject:" '{print $1}' | awk '{$NF="";sub(/\n+$/,"")}1')
+		rlLog "notBefore=$notBefore"
+		rlLog "notAfter=$notAfter"
+		local notBefore_date=$(date --utc --date "$notBefore" +%s)
+		local notAfter_date=$(date --utc --date "$notAfter" +%s)
+		local number_of_days=$(( ($notAfter_date-$notBefore_date)/(3600*24) ))
+		rlLog "Certificate serial number $serial_number valid for $number_of_days days"
+		local expected_number_of_days=180
+		if [ $number_of_days -ne $expected_number_of_days ] ; then
+                        rlFail "Certificate range is not valid, expected:$expected_number_of_days got:$number_of_days"
+                fi
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_self_sslclientcert-002: Self Renew a SSLClient cert that expires outside the renew grace period BZ1182353"
+                local userid="rens2"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_002_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_002_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_002_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_002_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_002_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #32 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+32 days' '+%Y')
+                local end_month=$(date -d '+32 days' '+%m')
+                local end_day=$(date -d '+32 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_002_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_002_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_002_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_002_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_002_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_002_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_002_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_002_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_002_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_002_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_002_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_002_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_002_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_002_005.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_002_005_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_self_sslclientcert_002_005_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_self_sslclientcert-003: Self Renew a server cert that expires within the renew grace period"
+                local userid="rens3"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caServerCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_003_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_003_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_003_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_003_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_003_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_003_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=CN=$userid.example.com&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid.example.com\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_003_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=CN=$userid.example.com&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid.example.com\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_003_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_003_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_003_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_003_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_003_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_003_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_003_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_003_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_003_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_003_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_003_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_003_005.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_003_005_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_003_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Make sure cerificate has 180 days validity
+		local notBefore=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_003_005_2.txt | grep 'Not Before' |  awk -F 'Not Before: ' '{print $2}' | awk -F"Not  After:" '{print $1}' |  awk '{$NF="";sub(/\n+$/,"")}1')
+		local notAfter=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_003_005_2.txt | grep 'Not  After' |  awk -F 'Not  After: ' '{print $2}'  | awk -F"Subject:" '{print $1}' | awk '{$NF="";sub(/\n+$/,"")}1')
+		rlLog "notBefore=$notBefore"
+		rlLog "notAfter=$notAfter"
+		local notBefore_date=$(date --utc --date "$notBefore" +%s)
+		local notAfter_date=$(date --utc --date "$notAfter" +%s)
+		local number_of_days=$(( ($notAfter_date-$notBefore_date)/(3600*24) ))
+		rlLog "Certificate serial number $serial_number valid for $number_of_days days"
+		local expected_number_of_days=720
+		if [ $number_of_days -ne $expected_number_of_days ] ; then
+                        rlFail "Certificate range is not valid, expected:$expected_number_of_days got:$number_of_days"
+                fi
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_self_sslclientcert-004: Self Renew when a cert does not exist in nss db"
+                local userid="rens4"
+
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_004_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_004_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_004_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_004_005.txt"
+                rlAssertGrep "You have no certificates to be renewed or the certificates are malformed." "$TmpDir/ca_renew_self_sslclientcert_004_005_2.txt"
+
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_self_sslclientcert-005: Self Renew when graceBefore value is a smaller number and cert is in the renew grace period"
+		#Change grace period graceBefore value to a smaller number
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=1"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+                local userid="rens5"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_005_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_005_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_005_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_005_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_005_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #1 day validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+1 day' '+%Y')
+                local end_month=$(date -d '+1 day' '+%m')
+                local end_day=$(date -d '+1 day'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_005_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_005_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_005_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_005_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_005_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_005_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_005_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_005_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_005_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_005_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_005_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_005_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_005_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_005_005.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_005_005_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_005_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Make sure cerificate has 180 days validity
+		local notBefore=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_005_005_2.txt | grep 'Not Before' |  awk -F 'Not Before: ' '{print $2}' | awk -F"Not  After:" '{print $1}' |  awk '{$NF="";sub(/\n+$/,"")}1')
+		local notAfter=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_005_005_2.txt | grep 'Not  After' |  awk -F 'Not  After: ' '{print $2}'  | awk -F"Subject:" '{print $1}' | awk '{$NF="";sub(/\n+$/,"")}1')
+		rlLog "notBefore=$notBefore"
+		rlLog "notAfter=$notAfter"
+		local notBefore_date=$(date --utc --date "$notBefore" +%s)
+		local notAfter_date=$(date --utc --date "$notAfter" +%s)
+		local number_of_days=$(( ($notAfter_date-$notBefore_date)/(3600*24) ))
+		rlLog "Certificate serial number $serial_number valid for $number_of_days days"
+		local expected_number_of_days=180
+		if [ $number_of_days -ne $expected_number_of_days ] ; then
+                        rlFail "Certificate range is not valid, expected:$expected_number_of_days got:$number_of_days"
+                fi
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+		if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_renew_self_sslclientcert-006: Self Renew when graceBefore value is a smaller number and cert is expiring outside the renew grace period BZ1182353"
+		#Change grace period graceBefore value to a smaller number
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=1"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+                local userid="rens6"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_006_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_006_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_006_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_006_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_006_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #5 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+5 days' '+%Y')
+                local end_month=$(date -d '+5 days' '+%m')
+                local end_day=$(date -d '+5 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_006_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_006_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_006_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_006_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_006_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_006_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_006_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_006_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_006_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_006_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_006_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_006_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_006_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_006_005.txt"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_self_sslclientcert_006_005_2.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_006_005_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+		if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+	
+	rlPhaseStartTest "pki_ca_renew_self_sslclientcert-007: Self Renew when graceBefore value is a bigger number and cert is in the renew grace period"
+		#Change grace period graceBefore value to a smaller number
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=364"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+                local userid="rens7"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_007_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_007_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_007_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_007_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_007_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #364 day validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+364 days' '+%Y')
+                local end_month=$(date -d '+364 days' '+%m')
+                local end_day=$(date -d '+364 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_007_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_007_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_007_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_007_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_007_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_007_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_007_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_007_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_007_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_007_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_007_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_007_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_007_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_007_005.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_007_005_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_007_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Make sure cerificate has 180 days validity
+		local notBefore=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_007_005_2.txt | grep 'Not Before' |  awk -F 'Not Before: ' '{print $2}' | awk -F"Not  After:" '{print $1}' |  awk '{$NF="";sub(/\n+$/,"")}1')
+		local notAfter=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_007_005_2.txt | grep 'Not  After' |  awk -F 'Not  After: ' '{print $2}'  | awk -F"Subject:" '{print $1}' | awk '{$NF="";sub(/\n+$/,"")}1')
+		rlLog "notBefore=$notBefore"
+		rlLog "notAfter=$notAfter"
+		local notBefore_date=$(date --utc --date "$notBefore" +%s)
+		local notAfter_date=$(date --utc --date "$notAfter" +%s)
+		local number_of_days=$(( ($notAfter_date-$notBefore_date)/(3600*24) ))
+		rlLog "Certificate serial number $serial_number valid for $number_of_days days"
+		local expected_number_of_days=180
+		if [ $number_of_days -ne $expected_number_of_days ] ; then
+                        rlFail "Certificate range is not valid, expected:$expected_number_of_days got:$number_of_days"
+                fi
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string 
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_renew_self_sslclientcert-008: Self Renew when graceBefore value is a bigger number and cert is expiring outside the renew grace period BZ1182353"
+		#Change grace period graceBefore value to a bigger number
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=363"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+                local userid="rens8"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_008_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_008_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_008_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_008_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_008_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #365 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+365 days' '+%Y')
+                local end_month=$(date -d '+365 days' '+%m')
+                local end_day=$(date -d '+365 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_008_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_008_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_008_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_008_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_008_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_008_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_008_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_008_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_008_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_008_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_008_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_008_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_008_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_008_005.txt"
+                rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_self_sslclientcert_008_005_2.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_008_005_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_renew_self_sslclientcert-009: Self Renew when graceBefore value is a negative number and cert is in the renew grace period"
+		#Change grace period graceBefore value to a smaller number
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=-10"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+                local userid="rens9"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_009_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_009_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_009_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_009_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_009_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #50 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+50 days' '+%Y')
+                local end_month=$(date -d '+50 days' '+%m')
+                local end_day=$(date -d '+50 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_009_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_009_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_009_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_009_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_009_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_009_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_009_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_009_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_009_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_009_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_009_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_009_005.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_009_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_009_005.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_009_005_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_009_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Make sure cerificate has 180 days validity
+		local notBefore=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_009_005_2.txt | grep 'Not Before' |  awk -F 'Not Before: ' '{print $2}' | awk -F"Not  After:" '{print $1}' |  awk '{$NF="";sub(/\n+$/,"")}1')
+		local notAfter=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_009_005_2.txt | grep 'Not  After' |  awk -F 'Not  After: ' '{print $2}'  | awk -F"Subject:" '{print $1}' | awk '{$NF="";sub(/\n+$/,"")}1')
+		rlLog "notBefore=$notBefore"
+		rlLog "notAfter=$notAfter"
+		local notBefore_date=$(date --utc --date "$notBefore" +%s)
+		local notAfter_date=$(date --utc --date "$notAfter" +%s)
+		local number_of_days=$(( ($notAfter_date-$notBefore_date)/(3600*24) ))
+		rlLog "Certificate serial number $serial_number valid for $number_of_days days"
+		local expected_number_of_days=180
+		if [ $number_of_days -ne $expected_number_of_days ] ; then
+                        rlFail "Certificate range is not valid, expected:$expected_number_of_days got:$number_of_days"
+                fi
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_ca_renew_self_sslclientcert-010: Self Renew a revoked SSLClient cert that expires within the renew grace period"
+                local userid="rens10"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_010_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_010_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_010_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #20 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+20 days' '+%Y')
+                local end_month=$(date -d '+20 days' '+%m')
+                local end_day=$(date -d '+20 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_010_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_010_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_010_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_010_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_010_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_010_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+		#Revoke the cert
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local invalidity_time=$(($(date +%s%N)/1000000))
+
+                serial_number_in_decimal=$((${serial_number}))
+                serial_number_only=${serial_number:2:$serial_length}
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/ca_renew_self_sslclientcert_010_005_2.txt" 0 "Submit Certificate Rovoke request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_010_005.txt"
+                rlAssertGrep "revoked = \"yes\"" "$TmpDir/ca_renew_self_sslclientcert_010_005_2.txt"
+
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_006.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_010_006.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_010_006_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_010_006.txt"
+                rlAssertGrep "Cannot renew a revoked certificate" "$TmpDir/ca_renew_self_sslclientcert_010_006_2.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_010_006_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_ca_renew_self_sslclientcert-011: Self Renew a revoked SSLClient cert when its outside the renew grace period"
+                local userid="rens11"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_011_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_011_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_011_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+		#Approve certificate request
+                #50 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+50 days' '+%Y')
+                local end_month=$(date -d '+50 days' '+%m')
+                local end_day=$(date -d '+50 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_self_sslclientcert_011_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_011_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_011_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Import the user certificate to a nssdb
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_004.txt \
+                             -d \"op=displayBySerial&serialNumber=$serial_number\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/displayBySerial\" > $TmpDir/ca_renew_self_sslclientcert_011_004_2.txt" 0 "Submit displayBySerial request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_011_004.txt"
+		local certificate_in_base64=$(cat -v $TmpDir/ca_renew_self_sslclientcert_011_004_2.txt |  grep 'header.certChainBase64' | awk -F 'header.certChainBase64 = "' '{print $2}' |  awk 'gsub("\";$","")' | sed 's/\\r\\n//g')
+		local certificate_header="-----BEGIN CERTIFICATE-----"
+		local certificate_footer="-----END CERTIFICATE-----"
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		local certificate_file=$TmpDir/ca_renew_self_sslclientcert_1.pem
+		echo "$certificate_header" > $certificate_file
+		echo "$certificate_in_base64" >> $certificate_file
+		echo "$certificate_footer" >> $certificate_file
+		install_and_trust_user_cert $certificate_file $userid $TEMP_NSS_DB
+		
+		#Revoke the cert
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local invalidity_time=$(($(date +%s%N)/1000000))
+
+                serial_number_in_decimal=$((${serial_number}))
+                serial_number_only=${serial_number:2:$serial_length}
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/ca_renew_self_sslclientcert_011_005_2.txt" 0 "Submit Certificate Rovoke request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_011_005.txt"
+                rlAssertGrep "revoked = \"yes\"" "$TmpDir/ca_renew_self_sslclientcert_011_005_2.txt"
+
+                #Submit Renew certificate request
+        	rlRun "export SSL_DIR=$TEMP_NSS_DB"
+                local renew_profile_id="caSSLClientSelfRenewal"
+                rlLog "curl  --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_006.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_self_sslclientcert_011_006.txt \
+			     -E $userid:$TEMP_NSS_DB_PWD \
+                             -d \"profileId=$renew_profile_id&renewal=true\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_self_sslclientcert_011_006_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_self_sslclientcert_011_006.txt"
+                rlAssertGrep "Cannot renew a revoked certificate" "$TmpDir/ca_renew_self_sslclientcert_011_006_2.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_self_sslclientcert_011_006_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Cleanup:
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_self_sslclientcert_cleanup: Enable nonce and delete temporary directory"
+		rlLog "tomcat name=$tomcat_name"
+                enable_ca_nonce $tomcat_name
+		#Delete temporary directory
+        	rlRun "popd"
+	        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_manual.sh b/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_manual.sh
new file mode 100644
index 000000000..c64fd0b85
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/ca-tests/renewal/renew_manual.sh
@@ -0,0 +1,3399 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/ca-tests
+#   Description: PKI CA certificate renewal manually approved by agents tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki commands needs to be tested:
+#  /ca/ee/ca/ProfileSubmit with profile id caManualRenewal
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Asha Akkiangady <aakkiang@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/env.sh
+
+run_pki-legacy-ca-renew_manual_tests()
+{
+	local subsystemType=$1
+        local csRole=$2
+
+        # Creating Temporary Directory for pki ca-renew-manual
+        rlPhaseStartSetup "pki ca renew manual Temporary Directory"
+        	rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+	        rlRun "pushd $TmpDir"
+        	rlRun "export SSL_DIR=$CERTDB_DIR"
+		#Forward the clock 40 days to test grace period
+		forward_system_clock 40
+        rlPhaseEnd
+
+        # Local Variables
+        get_topo_stack $csRole $TmpDir/topo_file
+        local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME)
+        local ca_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
+        local ca_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT)
+        local ca_host=$(eval echo \$${csRole})
+        local valid_agent_user=$CA_INST\_agentV
+        local valid_agent_user_password=$CA_INST\_agentV_password
+        local valid_admin_user=$CA_INST\_adminV
+        local valid_admin_user_password=$CA_INST\_adminV_password
+        local valid_audit_user=$CA_INST\_auditV
+        local valid_audit_user_password=$CA_INST\_auditV_password
+        local valid_operator_user=$CA_INST\_operatorV
+        local valid_operator_user_password=$CA_INST\_operatorV_password
+        local valid_agent_cert=$CA_INST\_agentV
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local ca_admin_user=$(eval echo \$${CA_INST}_ADMIN_USER)
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')
+	local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local ca_db_suffix=$(eval echo \$${CA_INST}_DB_SUFFIX)
+	local ldap_conn_port=$(eval echo \$${CA_INST}_LDAP_PORT)
+	local ldap_rootdn=$(eval echo $LDAP_ROOTDN)
+	local ldap_rootdn_password=$(eval echo $LDAP_ROOTDNPWD)
+	disable_ca_nonce $tomcat_name
+
+        rlPhaseStartTest "pki_ca_renew_manual-001: Renew a cert that expires with in the renew grace period - manually approved by a valid agent"
+		local userid="renm2"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+		#Create a certificate request 
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_001_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_001_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_001_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_001_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_001_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Approve certificate request
+		#10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+		local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_001_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_001_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_001_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_001_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_001_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+		serial_length=${#serial_number}
+		if [ $serial_length -le 0 ] ; then
+			rlFail "Certificate Serial Number is invalid : $serial_number"
+		fi
+	
+		serial_number_in_decimal=$((${serial_number}))
+		#Submit Renew certificate request
+		local renew_profile_id="caManualRenewal"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_001_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""	
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_001_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+	   		     -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_001_004_2.txt" 0 "Submit Certificate renew request"
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_001_004.txt"
+		request_id=$(cat -v  $TmpDir/ca_renew_manual_001_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Agent Approve renew request
+		#180 days validity for certs
+		local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+		local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_001_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_001_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_001_005_2.txt" 0 "Submit Certificate approve request"
+		lAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_001_005.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_001_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+		
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-002: Renew a cert that expired and with in the renew grace period - manually approved by a valid agent"
+		# Set System Clock 40 days older from today
+		reverse_system_clock 40
+
+		#user cert enrollment using profile
+		local userid="renm3"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_002_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_002_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_002_002_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_002_002.txt"
+		local request_id=$(cat -v  $TmpDir/ca_renew_manual_002_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Approve certificate request
+                #20 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+20 days' '+%Y')
+                local end_month=$(date -d '+20 days' '+%m')
+                local end_day=$(date -d '+20 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_002_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_002_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_002_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_002_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_002_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Set System Clock back to today
+		forward_system_clock 40
+
+		#Now the certificate is expired and in the renew grace period 30 days
+		#Renew certificate
+		serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_001_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_001_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_001_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_001_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_001_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Verify requestid
+		if [ $request_id -le 0 ] ; then
+                        rlFail "Request id not found."
+                fi
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_002_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_002_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_002_005_2.txt" 0 "Submit Certificate approve request"
+                lAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_002_005.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_002_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+		
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-003: Renew a cert that expires outside the renew grace period BZ1182353"
+		local userid="renm4"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_003_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_003_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_003_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_003_002.txt"
+		local request_id=$(cat -v  $TmpDir/ca_renew_manual_003_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #31 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+31 days' '+%Y')
+                local end_month=$(date -d '+31 days' '+%m')
+                local end_day=$(date -d '+31 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_003_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_003_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_003_003_2.txt" 0 "Submit Certificate approve request"
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_003_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_003_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Renew cert
+		serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_003_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_003_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_003_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_003_004.txt"
+		rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_manual_003_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-004: Renew a cert that expired and not with in the renew grace period BZ1182353"
+		#Set System Clock 40 days older from today
+		reverse_system_clock 40
+
+		#user cert enrollment using profile
+		local userid="renm5"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_004_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_004_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_004_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_004_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_004_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+		rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #6 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+6 days' '+%Y')
+                local end_month=$(date -d '+6 days' '+%m')
+                local end_day=$(date -d '+6 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_004_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_004_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_004_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_004_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_004_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Set System Clock back to today
+		forward_system_clock 40
+
+		#Now the certificate is expired and outside the renew grace period 30 days
+                #Renew certificate
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_004_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_004_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_004_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_004_004.txt"
+		rlAssertGrep "Request Rejected - Outside of Renewal Grace Period" "$TmpDir/ca_renew_manual_004_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+	rlPhaseEnd	
+
+	rlPhaseStartTest "pki_ca_renew_manual-005: Serial number provided for a renewal does not exist in the certificate system"
+		local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_005_001.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=123456789\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_005_001.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=123456789\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_005_001_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_005_001.txt"
+		rlAssertGrep "errorReason=\"Record not found\"" "$TmpDir/ca_renew_manual_005_001_2.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-006: Renew a dual cert that expires in the renew grace period - manually approved by a valid agent"
+		local request_type=crmfdual
+	        local request_key_type=rsa
+	        local request_key_size=2048
+        	local profile=caDualCert
+	        local userid="renm6"
+		local usercn="renm6User1"
+		local usermail="foo1@example.org"
+        	local test_out=ca-$profile-test1.txt
+	        rlRun "export SSL_DIR=$CERTDB_DIR"
+        	rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+
+	        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:true \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+
+	        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        	rlLog "cert_requestdn=$cert_requestdn"
+	        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        	rlLog "curl --basic --dump-header $TmpDir/ca_admin_out_1  \
+                	-d \"cert_request_type=$request_type&enckeyParam=$request_key_size&signKeyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&sn_uid=$userid&sn_e=$useremail&sn_cn=$usercn&sn_ou3=&sn_ou2=&sn_ou1=&sn_ou=IDM&sn_o=RedHat&sn_c=US&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+	                -k https://$ca_host:$ca_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        	rlRun "curl --basic --dump-header $TmpDir/ca_admin_out_1  \
+                	-d \"cert_request_type=$request_type&enckeyParam=$request_key_size&signKeyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&sn_uid=$userid&sn_e=$useremail&sn_cn=$usercn&sn_ou3=&sn_ou2=&sn_ou1=&sn_ou=IDM&sn_o=RedHat&sn_c=US&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput=false\"  \
+	                -k https://$ca_host:$ca_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        	rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_admin_out_1"
+	        rlAssertNotGrep "Sorry, your request has been rejected" "$TmpDir/ca_admin_out_1"
+        	local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+		local request_id1=$(echo $request_id | cut -d " " -f1)
+		local request_id2=$(echo $request_id | cut -d " " -f2)
+		rlLog "request_id1=$request_id1"
+		rlLog "request_id2=$request_id2"
+		#approve request id 1
+		rlLog "Approve $request_id1 using $valid_agent_cert"
+		# 10 days validity for certs
+		local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+10 days'  '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_006_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+			     -d \"requestId=$request_id1&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_006_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+			     -d \"requestId=$request_id1&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_006_005_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_006_005.txt"
+                local serial_number1=$(cat -v  $TmpDir/ca_renew_manual_006_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number1=$serial_number1"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number1}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number1"
+                fi
+
+		#Approve request_id2
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_006_006.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id2&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_006_006.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id2&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_006_006_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_006_006.txt"
+                local serial_number2=$(cat -v  $TmpDir/ca_renew_manual_006_006_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number2=$serial_number2"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number2}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number2"
+                fi
+
+		#Renew serial_number1
+		local renew_profile_id="caManualRenewal"
+		serial_number1_in_decimal=$((${serial_number1}))
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_006_007.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number1_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_006_007.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number1_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_006_007_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_006_007.txt"
+                request_id1=$(cat -v  $TmpDir/ca_renew_manual_006_007_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid1=$request_id1"
+
+                #Verify requestid
+                if [ $request_id1 -le 0 ] ; then
+                        rlFail "Request id not found."
+                fi
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_006_008.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+			     -d \"requestId=$request_id1&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_006_008.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+			     -d \"requestId=$request_id1&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_006_008_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_006_008.txt"
+                local serial_number1=$(cat -v  $TmpDir/ca_renew_manual_006_008_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number1"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number1}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number1"
+                fi
+
+
+		#Renew serial_number2
+		local renew_profile_id="caManualRenewal"
+		serial_number2_in_decimal=$((${serial_number2}))
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_006_009.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number2_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_006_009.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number2_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_006_009_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_006_009.txt"
+                request_id2=$(cat -v  $TmpDir/ca_renew_manual_006_009_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid2=$request_id2"
+
+                #Verify requestid
+                if [ $request_id2 -le 0 ] ; then
+                        rlFail "Request id not found."
+                fi
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_006_010.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id2&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_006_010.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id2&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_006_010_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_006_010.txt"
+                local serial_number2=$(cat -v  $TmpDir/ca_renew_manual_006_010_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number2=$serial_number2"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number2}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number2"
+                fi
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-007: Renew a dual cert that is expired and is in the renew grace period - manually approved by a valid agent"
+		# Set System Clock 40 days older from today
+		 reverse_system_clock 40
+
+		 local request_type=crmfdual
+                local request_key_type=rsa
+                local request_key_size=2048
+                local profile=caDualCert
+                local userid="renm7"
+                local usercn="renm7User1"
+                local usermail="renm7@example.org"
+                local test_out=ca-$profile-test1.txt
+                rlRun "export SSL_DIR=$CERTDB_DIR"
+                rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:true \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+
+                local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+                rlLog "cert_requestdn=$cert_requestdn"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic --dump-header $TmpDir/ca_admin_out_1  \
+                        -d \"cert_request_type=$request_type&enckeyParam=$request_key_size&signKeyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&sn_uid=$userid&sn_e=$useremail&sn_cn=$usercn&sn_ou3=&sn_ou2=&sn_ou1=&sn_ou=IDM&sn_o=RedHat&sn_c=US&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                        -k https://$ca_host:$ca_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+                rlRun "curl --basic --dump-header $TmpDir/ca_admin_out_1  \
+                        -d \"cert_request_type=$request_type&enckeyParam=$request_key_size&signKeyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&sn_uid=$userid&sn_e=$useremail&sn_cn=$usercn&sn_ou3=&sn_ou2=&sn_ou1=&sn_ou=IDM&sn_o=RedHat&sn_c=US&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                        -k https://$ca_host:$ca_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_admin_out_1"
+                rlAssertNotGrep "Sorry, your request has been rejected" "$TmpDir/ca_admin_out_1"
+                local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                local request_id1=$(echo $request_id | cut -d " " -f1)
+                local request_id2=$(echo $request_id | cut -d " " -f2)
+                rlLog "request_id1=$request_id1"
+                rlLog "request_id2=$request_id2"
+                #approve request id 1
+                rlLog "Approve $request_id1 using $valid_agent_cert"
+                # 10 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+10 days'  '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_007_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id1&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_007_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id1&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_007_005_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_007_005.txt"
+                local serial_number1=$(cat -v  $TmpDir/ca_renew_manual_007_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number1=$serial_number1"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number1}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number1"
+                fi
+
+                #Approve request_id2
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_007_006.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id2&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_007_006.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id2&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_007_006_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_007_006.txt"
+                local serial_number2=$(cat -v  $TmpDir/ca_renew_manual_007_006_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number2=$serial_number2"
+		
+		 #Verify length of the serial number
+                serial_length=${#serial_number2}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number2"
+                fi
+		
+		#Set System Clock back to today
+		forward_system_clock 40
+
+		#Renew serial_number1
+                local renew_profile_id="caManualRenewal"
+                serial_number1_in_decimal=$((${serial_number1}))
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_007_007.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number1_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_007_007.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number1_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_007_007_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_007_007.txt"
+                request_id1=$(cat -v  $TmpDir/ca_renew_manual_007_007_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid1=$request_id1"
+
+                #Verify requestid
+                if [ $request_id1 -le 0 ] ; then
+                        rlFail "Request id not found."
+                fi
+
+		 #Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_007_008.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id1&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_007_008.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id1&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=false&keyUsageNonRepudiation=false&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_007_008_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_007_008.txt"
+                local serial_number1=$(cat -v  $TmpDir/ca_renew_manual_007_008_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number1"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number1}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number1"
+                fi
+
+
+                #Renew serial_number2
+                local renew_profile_id="caManualRenewal"
+                serial_number2_in_decimal=$((${serial_number2}))
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_007_009.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number2_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_007_009.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number2_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_007_009_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_007_009.txt"
+                request_id2=$(cat -v  $TmpDir/ca_renew_manual_007_009_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid2=$request_id2"
+
+                #Verify requestid
+                if [ $request_id2 -le 0 ] ; then
+                        rlFail "Request id not found."
+                fi
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_007_010.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id2&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_007_010.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id2&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_007_010_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_007_010.txt"
+                local serial_number2=$(cat -v  $TmpDir/ca_renew_manual_007_010_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number2=$serial_number2"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number2}
+		if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number2"
+                fi	
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-008: Renew a directory user cert that is expired and is in the renew grace period - manually approved by a valid agent"
+		# Set System Clock 40 days older from today
+		 reverse_system_clock 40
+	
+		#Change caDirUserCert.cfg profile to have cert validity range to be 20 days
+		local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caDirUserCert.cfg"
+		local search_string="policyset.userCertSet.2.default.params.range=180"
+		local replace_string="policyset.userCertSet.2.default.params.range=20"
+		replace_string_in_a_file $profile_file $search_string $replace_string
+		if [ $? -eq 0 ] ; then
+			chown pkiuser:pkiuser $profile_file
+        	        rhcs_stop_instance $tomcat_name
+	                rhcs_start_instance $tomcat_name
+		fi
+
+		# setup uidpwddirauth
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_008_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=UserDirEnrollment&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_008_1.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=instance&RS_ID=UserDirEnrollment&implName=UidPwdDirAuth&RULENAME=UserDirEnrollment&ldap.ldapconn.host=$ca_host&dnpattern=UID=!attr.uid,OU=people,$ca_db_suffix&ldapStringAttributes=mail&ldap.ldapconn.version=3&ldap.ldapconn.port=$ldap_conn_port&ldap.maxConns=5&ldap.basedn=$ca_db_suffix&ldap.minConns=2&ldap.ldapconn.secureConn=false&ldapByteAttributes=mail\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/auths\" > $TmpDir/ca_renew_manual_008_2.txt" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_008_1.txt"
+	
+		#Add ldap user
+        	local rand=$RANDOM
+		local ldap_uid=renm8$rand
+		local ldap_user_password=renm8password
+		cat > $TmpDir/adduser1.ldif << adduser1.ldif_EOF
+
+version: 1
+
+ entry-id: 10
+dn: uid=$ldap_uid,ou=People,$ca_db_suffix
+passwordGraceUserTime: 0
+modifiersName: cn=Directory manager
+uidNumber: 1001
+gidNumber: 1001
+objectClass: top
+objectClass: person
+objectClass: posixAccount
+uid: $ldap_uid
+cn: Posix User1
+sn: User1
+homeDirectory: /home/$ldap_uid
+loginshell: /bin/bash
+userPassword: $ldap_user_password
+adduser1.ldif_EOF
+		
+		rlRun "/usr/bin/ldapmodify -a -x -h $ca_host -p $ldap_conn_port -D  \"$ldap_rootdn\" -w $ldap_rootdn_password -c -f $TmpDir/adduser1.ldif" 0
+
+		#userdir enrollment using profile
+		local profile_id="caDirUserCert"
+		local request_type="crmf"
+		local request_key_size=1024
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$ldap_uid \
+                subject_uid:$ldap_uid \
+                subject_email: \
+                subject_ou:  \
+                subject_organization:  \
+                subject_country:  \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+
+		#userdir enrollment using profile
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_008_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_008_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&uid=$ldap_uid&pwd=$ldap_user_password&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_008_002_2.txt" 0 "Submit Certificate directory user enrollment request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_008_002.txt"	
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_008_002_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+
+		#Set System Clock back to today
+		forward_system_clock 40
+
+		#Change caDirUserCert.cfg profile to have cert validity range default 180 days.
+                replace_string_in_a_file $profile_file $replace_string $search_string 
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#Renew cert
+		local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_008_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_008_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_008_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_008_004.txt"
+		request_id=$(cat -v  $TmpDir/ca_renew_manual_008_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Verify requestid
+                if [ $request_id -le 0 ] ; then
+                        rlFail "Request id not found."
+                fi
+
+                #Agent Approve renew request
+		#180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_008_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$ldap_uid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$ldap_uid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_008_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$ldap_uid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$ldap_uid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_008_005_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_008_005.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_008_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		#Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-009: Manually approved by agent -when agent rejects the request "
+		local userid="renm9"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_009_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_009_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_009_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_009_002.txt"
+		local request_id=$(cat -v  $TmpDir/ca_renew_manual_009_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_009_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_009_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_009_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_009_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_009_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_009_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_009_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_009_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_009_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_009_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_009_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=reject&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+			-k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_009_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=reject&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_009_005_2.txt" 0 "Submit Certificate reject request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_009_005.txt"
+                rlAssertGrep "requestStatus=\"rejected\"" "$TmpDir/ca_renew_manual_009_005_2.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-010: Manually approved by agent -when agent cancel the request"
+		local userid="renm10"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_010_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                            -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_010_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_010_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_010_002.txt"
+		local request_id=$(cat -v  $TmpDir/ca_renew_manual_010_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_010_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_010_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_010_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_010_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_010_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_010_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_010_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_010_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_010_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_010_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+		local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_010_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=cancel&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_010_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=cancel&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_010_005_2.txt" 0 "Submit Certificate cancel request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_010_005.txt"
+                rlAssertGrep "requestStatus=\"canceled\"" "$TmpDir/ca_renew_manual_010_005_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-011: Manually approved by agent -when agent assign the request"
+		local userid="renm11"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_011_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_011_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_011_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_011_002.txt"
+		local request_id=$(cat -v  $TmpDir/ca_renew_manual_011_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_011_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_011_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_011_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_011_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_011_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_011_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_011_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_011_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_011_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_011_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+		local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_011_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=assign&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_011_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=assign&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_011_005_2.txt" 0 "Submit Certificate assign request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_011_005.txt"
+                rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/ca_renew_manual_011_005_2.txt"
+        rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_renew_manual-012: Manually approved by agent -when agent unassign the request"
+		local userid="renm12"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_012_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_012_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_012_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_012_002.txt"
+		local request_id=$(cat -v  $TmpDir/ca_renew_manual_012_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_012_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_012_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_012_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_012_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_012_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_012_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_012_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_012_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_012_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_012_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+		local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_012_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=unassign&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_012_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=unassign&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_012_005_2.txt" 0 "Submit Certificate unassign request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_012_005.txt"
+                rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/ca_renew_manual_012_005_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-013: Manually approved by agent -when agent validate the request"
+		local userid="renm13"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_013_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_013_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_013_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_013_002.txt"
+		local request_id=$(cat -v  $TmpDir/ca_renew_manual_013_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_013_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_013_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_013_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_013_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_013_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_013_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_013_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_013_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_013_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_013_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+		local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_013_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=validate&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_013_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=validate&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_013_005_2.txt" 0 "Submit Certificate validate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_013_005.txt"
+                rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/ca_renew_manual_013_005_2.txt"
+        rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_renew_manual-014: Manually approved by agent -when agent update the request"
+		local userid="renm14"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_014_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_014_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_014_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_014_002.txt"
+		local request_id=$(cat -v  $TmpDir/ca_renew_manual_014_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_014_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_014_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_014_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_014_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_014_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+		 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_014_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_014_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_014_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_014_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_014_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+                #Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+		local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_014_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=update&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_014_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=update&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_014_005_2.txt" 0 "Submit Certificate update request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_014_005.txt"
+                rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/ca_renew_manual_014_005_2.txt"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_ca_renew_manual-015: Renew a cert when graceBefore value is a negative - manually approved by a valid agent"
+		#Change grace period graceBefore value to a negative number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=-10"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm15"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_015_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_015_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_015_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_015_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_015_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_015_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_015_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_015_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_015_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_015_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_015_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_015_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_015_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_015_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_015_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_015_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=update&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_015_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=update&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_015_005_2.txt" 0 "Submit Certificate update request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_015_005.txt"
+                rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/ca_renew_manual_015_005_2.txt"
+
+		#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+	
+	rlPhaseStartTest "pki_ca_renew_manual-016: Renew a cert when graceBefore value is a smaller number - manually approved by a valid agent"
+		
+		#Change grace period graceBefore value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=1"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm16"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_016_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_016_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_016_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_016_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_016_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #1 day validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+1 day' '+%Y')
+                local end_month=$(date -d '+1 day' '+%m')
+                local end_day=$(date -d '+1 day'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_016_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_016_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_016_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_016_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_016_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_016_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_016_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_016_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_016_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_016_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+		rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_016_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_016_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_016_005_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_016_005.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_016_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                #Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string 
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_renew_manual-017: Renew a cert when graceBefore value is a smaller number and cert is outside renew grace period BZ1182353"
+		
+		#Change grace period graceBefore value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=1"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm17"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_017_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_017_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_017_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_017_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_017_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_017_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_017_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_017_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_017_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_017_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_017_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_017_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_017_004_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_017_004.txt"
+		rlAssertGrep "Request Rejected - Outside of Renewal Grace Period"  "$TmpDir/ca_renew_manual_017_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+	 	#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+	
+	rlPhaseStartTest "pki_ca_renew_manual-018: Renew a cert when graceBefore value is a bigger number - manually approved by a valid agent"
+		
+		#Change grace period graceBefore value to a bigger number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=360"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm18"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_018_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_018_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_018_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_018_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_018_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #359 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+359 days' '+%Y')
+                local end_month=$(date -d '+359 days' '+%m')
+                local end_day=$(date -d '+359 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_018_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_018_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_018_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_018_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_018_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_018_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_018_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_018_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_018_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_018_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+		rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_018_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_018_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_018_005_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_018_005.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_018_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                #Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+		        rhcs_start_instance $tomcat_name
+                fi
+        rlPhaseEnd
+
+	
+	rlPhaseStartTest "pki_ca_renew_manual-019: Renew a cert when graceBefore value is a bigger number and cert is outside renew grace period BZ1182353"
+		
+		#Change grace period graceBefore value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceBefore=360"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm19"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_019_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_019_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_019_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_019_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_019_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #362 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+362 days' '+%Y')
+                local end_month=$(date -d '+362 days' '+%m')
+                local end_day=$(date -d '+362 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_019_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_019_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_019_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_019_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_019_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_019_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_019_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_019_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_019_004.txt"
+		rlAssertGrep "Request Rejected - Outside of Renewal Grace Period"  "$TmpDir/ca_renew_manual_019_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+	 	#Change grace period graceBefore value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-020: Renew a cert when graceAfter value is a smaller number - manually approved by a valid agent"
+	
+		# Set System Clock 40 days older from today
+		reverse_system_clock 40
+
+		#Change grace period graceAfter value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceAfter=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceAfter=2"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm20"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_020_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_020_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_020_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_020_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_020_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #39 day validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+39 days' '+%Y')
+                local end_month=$(date -d '+39 days' '+%m')
+                local end_day=$(date -d '+39 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_020_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_020_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_020_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_020_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_020_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                #Set System Clock back to today
+		forward_system_clock 40
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_020_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_020_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_020_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_020_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_020_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+		rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_020_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_020_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_020_005_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_020_005.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_020_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                #Change grace period graceAfter value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string 
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+        rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_renew_manual-021: Renew a cert when graceAfter value is a smaller number and cert is expired before renew grace period BZ1182353"
+		# Set System Clock 40 days older from today
+		reverse_system_clock 40
+
+		#Change grace period graceAfter value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceAfter=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceAfter=1"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm21"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_021_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_021_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_021_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_021_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_021_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #38 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+38 days' '+%Y')
+                local end_month=$(date -d '+38 days' '+%m')
+                local end_day=$(date -d '+38 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_021_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_021_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_021_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_021_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_021_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Set System Clock back to today
+		forward_system_clock 40
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_021_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_021_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_021_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_021_004.txt"
+		rlAssertGrep "Request Rejected - Outside of Renewal Grace Period"  "$TmpDir/ca_renew_manual_021_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+	 	#Change grace period graceAfter value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+		
+	rlPhaseStartTest "pki_ca_renew_manual-022: Renew a cert when graceAfter value is a bigger number - manually approved by a valid agent"
+	
+		# Set System Clock 40 days older from today
+		reverse_system_clock 40
+	
+		#Change grace period graceAfter value to a bigger number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceAfter=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceAfter=360"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm22"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_022_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_022_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_022_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_022_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_022_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #1 day validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+1 day' '+%Y')
+                local end_month=$(date -d '+1 day' '+%m')
+                local end_day=$(date -d '+1 day'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_022_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_022_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_022_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_022_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_022_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Set System Clock back to today
+		forward_system_clock 40
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_022_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_022_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_022_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_022_004.txt"
+                request_id=$(cat -v  $TmpDir/ca_renew_manual_022_004_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Agent Approve renew request
+                #180 days validity for certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                let end_year=$(date -d '+180 days'  '+%Y')
+                local end_month=$(date -d '+180 days' '+%m')
+                local end_day=$(date -d '+180 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+		rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_022_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                        -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_022_005.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_022_005_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_022_005.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_022_005_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+                #Change grace period graceAfter value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+		        rhcs_start_instance $tomcat_name
+                fi
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-023: Renew a cert when graceAfter value is a bigger number, cert is expired and outside renew grace period BZ1182353"
+		# Set System Clock 40 days older from today
+		reverse_system_clock 40
+
+		#Change grace period graceAfter value to a smaller number
+                local profile_file="/var/lib/pki/$tomcat_name/ca/profiles/ca/caUserCert.cfg"
+                local search_string="policyset.userCertSet.10.constraint.params.renewal.graceAfter=30"
+                local replace_string="policyset.userCertSet.10.constraint.params.renewal.graceAfter=38"
+                replace_string_in_a_file $profile_file $search_string $replace_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+
+		#user cert request using profile
+		local userid="renm23"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=1024
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_023_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_023_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_023_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_023_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_023_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+	
+		#Approve certificate request
+                #1 day validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+1 day' '+%Y')
+                local end_month=$(date -d '+1 day' '+%m')
+                local end_day=$(date -d '+1 day'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_023_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_023_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_023_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_023_003.txt"
+		local serial_number=$(cat -v  $TmpDir/ca_renew_manual_023_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                 #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+
+		#Set System Clock back to today
+		forward_system_clock 40
+
+                serial_number_in_decimal=$((${serial_number}))
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_023_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_023_004.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_023_004_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_023_004.txt"
+		rlAssertGrep "Request Rejected - Outside of Renewal Grace Period"  "$TmpDir/ca_renew_manual_023_004_2.txt"
+		rlLog "BZ1182353 - https://bugzilla.redhat.com/show_bug.cgi?id=1182353"
+
+	 	#Change grace period graceAfter value to original value 30
+                replace_string_in_a_file $profile_file $replace_string $search_string
+                if [ $? -eq 0 ] ; then
+                        chown pkiuser:pkiuser $profile_file
+                        rhcs_stop_instance $tomcat_name
+                        rhcs_start_instance $tomcat_name
+                fi
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual-024: Renew a revoked cert that expires in renew grace period - manually approved by a valid agent"
+                local userid="renm24"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_024_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_024_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_024_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_024_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_024_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_024_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_024_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_024_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_024_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_024_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+		
+		#Revoke the cert
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local invalidity_time=$(($(date +%s%N)/1000000))
+
+		serial_number_in_decimal=$((${serial_number}))
+		serial_number_only=${serial_number:2:$serial_length}
+		rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_024_004.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_024_004.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/ca_renew_manual_024_004_2.txt" 0 "Submit Certificate Rovoke request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_024_004.txt"
+                rlAssertGrep "revoked = \"yes\"" "$TmpDir/ca_renew_manual_024_004_2.txt"
+
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_024_005.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_024_005.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_024_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_024_005.txt"
+                rlAssertGrep "Cannot renew a revoked certificate"  "$TmpDir/ca_renew_manual_024_005_2.txt"
+        rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_renew_manual-025: Renew a expired revoked cert that is in renew grace period - manually approved by a valid agent"
+		# Set System Clock 40 days older from today
+		reverse_system_clock 40
+
+		#User cert request using profile
+                local userid="renm25"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+
+                #Create a certificate request
+                local profile_id="caUserCert"
+                local request_type="crmf"
+                local request_key_size=2048
+                local request_key_type="rsa"
+
+                rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+                rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_025_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_025_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_025_002_2.txt" 0 "Submit Certificate request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_025_002.txt"
+                local request_id=$(cat -v  $TmpDir/ca_renew_manual_025_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+                rlLog "requestid=$request_id"
+
+		#Approve certificate request
+                #10 days validity for the certs
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local start_year=$Year
+                local end_year=$(date -d '+10 days' '+%Y')
+                local end_month=$(date -d '+10 days' '+%m')
+                local end_day=$(date -d '+10 days'  '+%d')
+                local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+                local notAfter="$end_year-$end_month-$end_day $Hour:$Minute:$Second"
+                local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+                local cert_ext_subjAltNames="RFC822Name: "
+                rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_025_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_025_003.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/ca_renew_manual_025_003_2.txt" 0 "Submit Certificate approve request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_025_003.txt"
+                local serial_number=$(cat -v  $TmpDir/ca_renew_manual_025_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+                rlLog "serial_number=$serial_number"
+
+                #Verify length of the serial number
+                serial_length=${#serial_number}
+                if [ $serial_length -le 0 ] ; then
+                        rlFail "Certificate Serial Number is invalid : $serial_number"
+                fi
+		
+		#Revoke the cert
+                local Second=`date +'%S' -d now`
+                local Minute=`date +'%M' -d now`
+                local Hour=`date +'%H' -d now`
+                local Day=`date +'%d' -d now`
+                local Month=`date +'%m' -d now`
+                local Year=`date +'%Y' -d now`
+                local invalidity_time=$(($(date +%s%N)/1000000))
+		serial_number_in_decimal=$((${serial_number}))
+		serial_number_only=${serial_number:2:$serial_length}
+		rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/ca_renew_manual_025_004.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/ca_renew_manual_025_004.txt \
+                             -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"op=doRevoke&submit=submit&serialNumber=$serial_number_only&$serial_number_only=on&revocationReason=0&revokeAll=%28%7C%28certRecordId%3D$serial_number_in_decimal%29%29&invalidityDate=$invalidity_time&day=$Day&month=$Month&year=$Year&totalRecordCount=1&verifiedRecordCount=1&templateType=RevocationSuccess&csrRequestorComments=revokecerttest\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/ca_renew_manual_025_004_2.txt" 0 "Submit Certificate Revoke request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_025_004.txt"
+                rlAssertGrep "revoked = \"yes\"" "$TmpDir/ca_renew_manual_025_004_2.txt"
+
+		#Set System Clock back to today
+		forward_system_clock 40
+
+                #Submit Renew certificate request
+                local renew_profile_id="caManualRenewal"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_025_005.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_renew_manual_025_005.txt \
+                             -d \"profileId=$renew_profile_id&renewal=true&serial_num=$serial_number_in_decimal\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/ca_renew_manual_025_005_2.txt" 0 "Submit Certificate renew request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_renew_manual_025_005.txt"
+                rlAssertGrep "Cannot renew a revoked certificate"  "$TmpDir/ca_renew_manual_025_005_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_renew_manual_cleanup: Enable nonce and delete temporary directory"
+		#set system clock 40 days older, backto today's datetime
+		reverse_system_clock 40
+		rlLog "tomcat name=$tomcat_name"
+                enable_ca_nonce $tomcat_name
+		#Delete temporary directory
+                rlRun "popd"
+                rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/legacy/ca-tests/usergroups/pki-ca-usergroups.sh b/tests/dogtag/acceptance/legacy/ca-tests/usergroups/pki-ca-usergroups.sh
index 314f24d1c..4d2a3395b 100644
--- a/tests/dogtag/acceptance/legacy/ca-tests/usergroups/pki-ca-usergroups.sh
+++ b/tests/dogtag/acceptance/legacy/ca-tests/usergroups/pki-ca-usergroups.sh
@@ -2,7 +2,7 @@
 # vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 #
-#   runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/ca-tests
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/ca-tests/usergroups
 #   Description: PKI CA user and group tests 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # The following pki commands needs to be tested:
@@ -39,23 +39,20 @@
 
 run_pki-legacy-ca-usergroup_tests()
 {
-	local subsystemId=$1
-        local subsystemType=$2
-        local csRole=$3
-	local tomcat_name=$(eval echo \$${subsystemId}_TOMCAT_INSTANCE_NAME)
+	local subsystemType=$1
+        local csRole=$2
 
         # Creating Temporary Directory for pki ca-usergroup
-        rlPhaseStartSetup "pki ca usergroup Temporary Directory and disable nonce"
+        rlPhaseStartSetup "pki ca usergroup Temporary Directory"
         rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
         rlRun "pushd $TmpDir"
-	rlLog "tomcat name=$tomcat_name"
-	disable_ca_nonce $tomcat_name
 	rlRun "export SSL_DIR=$CERTDB_DIR"
         rlPhaseEnd
 
         # Local Variables
         get_topo_stack $csRole $TmpDir/topo_file
         local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+	local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME)
         local ca_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
         local ca_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT)
         local ca_host=$(eval echo \$${csRole})
@@ -70,11 +67,12 @@ run_pki-legacy-ca-usergroup_tests()
 	local valid_agent_cert=$CA_INST\_agentV
         local TEMP_NSS_DB="$TmpDir/nssdb"
         local TEMP_NSS_DB_PWD="redhat"
-        local ca_admin_user=$(eval echo \$${subsystemId}_ADMIN_USER)
+        local ca_admin_user=$(eval echo \$${CA_INST}_ADMIN_USER)
         local rand=$RANDOM
         local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')        
 	local TEMP_NSS_DB="$TmpDir/nssdb"
 	local TEMP_NSS_DB_PWD="redhat"
+	disable_ca_nonce $tomcat_name
 
         rlPhaseStartTest "pki_ca_usergroup-001: Valid CA admin add users"
 		local userid="ug02"
@@ -355,7 +353,7 @@ run_pki-legacy-ca-usergroup_tests()
                 rlAssertGrep "Trusted Managers" "$TmpDir/ca_usergroup_007_3.txt"	
 	rlPhaseEnd
 
-	rlPhaseStartTest "pki_ca_usergroup-008: Valid CA admin list groups"
+	rlPhaseStartTest "pki_ca_usergroup-008: Valid CA admin add a user to the group"
                 local userid="ug08"
                 local fullname=$userid
                 local password=password$userid
@@ -514,8 +512,303 @@ run_pki-legacy-ca-usergroup_tests()
                 rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_010_003.txt"
         rlPhaseEnd 
 
+	rlPhaseStartTest "pki_ca_usergroup-011: Valid CA agent cannot add new user"
+		local userid="ug11"
+                local fullname=$userid
+                local password="password$userid"
+                local email="$userid@redhat.com"
+                local phone="12345"
+                local state="CA"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_011.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_011.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_011_2.txt" 0 "Add user $userid to $CA_INST using a agent user"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_011.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_011_2.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_usergroup-012: CA Audit user cannot add new user"
+                local userid="ug12"
+                local fullname=$userid
+                local password="password$userid"
+                local email="$userid@redhat.com"
+                local phone="12345"
+                local state="CA"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_012.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_012.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_012_2.txt" 0 "Add user $userid to $CA_INST using a audit user"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_012.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_012_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_usergroup-013: CA Operator user cannot add new user"
+                local userid="ug13"
+                local fullname=$userid
+                local password="password$userid"
+                local email="$userid@redhat.com"
+                local phone="12345"
+                local state="CA"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_013.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_013.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_013_2.txt" 0 "Add user $userid to $CA_INST using a operator user"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_013.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_013_2.txt"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_ca_usergroup-014: CA audit user cannot add new group"
+		local groupid="group14"
+                local groupdesc="group14_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_014.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_014.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_014_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_014.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_014_2.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_usergroup-015: CA agent user cannot add new group"
+                local groupid="group15"
+                local groupdesc="group15_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_015.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_015.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_015_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_015.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_015_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_usergroup-016: CA operator user cannot add new group"
+                local groupid="group16"
+                local groupdesc="group16_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_016.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_016.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_016_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_016.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_016_2.txt"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_ca_usergroup-017: CA agent user cannot delete existing group"
+		local groupid="group17"
+                local groupdesc="group17_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_017.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_017.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_017_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_017.txt"
+                rlAssertNotGrep "Failed to add group" "$TmpDir/ca_usergroup_017_2.txt"
+                #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_017_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_017_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_017_002_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_017_002.txt"
+                rlRun "cat  $TmpDir/ca_usergroup_017_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/ca_usergroup_017_002_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/ca_usergroup_017_002_3.txt"
+                #Delete group using agent
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_017_003.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_017_003.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_017_003_2.txt" 0 "Delete group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_017_003.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_017_003_2.txt"
+		 #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_017_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_017_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_017_004_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_017_004.txt"
+                rlRun "cat  $TmpDir/ca_usergroup_017_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/ca_usergroup_017_004_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/ca_usergroup_017_004_3.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_ca_usergroup-018: CA Audit user cannot delete existing group"
+		local groupid="group18"
+                local groupdesc="group18_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_018.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_018.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_018_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_018.txt"
+                rlAssertNotGrep "Failed to add group" "$TmpDir/ca_usergroup_018_2.txt"
+                #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_018_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_018_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_018_002_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_018_002.txt"
+                rlRun "cat  $TmpDir/ca_usergroup_018_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/ca_usergroup_018_002_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/ca_usergroup_018_002_3.txt"
+                #Delete group using auditor
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_018_003.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_018_003.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_018_003_2.txt" 0 "Delete group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_018_003.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_018_003_2.txt"
+		 #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_018_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_018_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_018_004_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_018_004.txt"
+                rlRun "cat  $TmpDir/ca_usergroup_018_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/ca_usergroup_018_004_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/ca_usergroup_018_004_3.txt"
+	rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_ca_usergroup-019: CA Operator user cannot delete existing group"
+		local groupid="group19"
+                local groupdesc="group19_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_019.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_019.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_019_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_019.txt"
+                rlAssertNotGrep "Failed to add group" "$TmpDir/ca_usergroup_019_2.txt"
+                #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_019_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_019_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_019_002_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_019_002.txt"
+                rlRun "cat  $TmpDir/ca_usergroup_019_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/ca_usergroup_019_002_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/ca_usergroup_019_002_3.txt"
+                #Delete group using operator
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_019_003.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_019_003.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_019_003_2.txt" 0 "Delete group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_019_003.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/ca_usergroup_019_003_2.txt"
+		 #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_019_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_usergroup_019_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_019_004_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/ca_usergroup_019_004.txt"
+                rlRun "cat  $TmpDir/ca_usergroup_019_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/ca_usergroup_019_004_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/ca_usergroup_019_004_3.txt"
+	rlPhaseEnd
+
 	rlPhaseStartTest "pki_ca_usergroup_cleanup: Deleting users and groups"
-		local group=("group01" "group10")
+		local group=("group01" "group10" "group17" "group18" "group19")
                 i=0
                 while [ $i -lt ${#group[@]} ] ; do
                         groupid=${group[$i]}
@@ -524,7 +817,6 @@ run_pki-legacy-ca-usergroup_tests()
                              -u $valid_admin_user:$valid_admin_user_password \
                              -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
                              -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_group_cleanup_$i_2.txt" 0 "Delete group $groupid"
-                	rlAssertNotGrep "Failed to add group" "$TmpDir/ca_usergroup_009_2.txt"
                 let i=$i+1
                 done
 
@@ -539,7 +831,9 @@ run_pki-legacy-ca-usergroup_tests()
                              -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_usergroup_cleanup_$i_2.txt" 0 "Delete user $userid"
 		let i=$i+1
 		done
-
-	enable_ca_nonce $tomcat_name
+		enable_ca_nonce $tomcat_name
+		rlRun "popd"
+	        rlRun "rm -r $TmpDir" 0 "Removing temp directory"
 	rlPhaseEnd
 }
+
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh b/tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh
new file mode 100644
index 000000000..441dc0d60
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh
@@ -0,0 +1,842 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy-tests/subca-tests/usergroups
+#   Description: Subordinate CA user and group tests 
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki commands needs to be tested:
+#  Subordinate CA /ca/ug
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Asha Akkiangady <aakkiang@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/env.sh
+
+run_pki-legacy-subca-usergroup_tests()
+{
+	local subsystemType=$1
+        local csRole=$2
+
+        # Creating Temporary Directory for pki ca-usergroup
+        rlPhaseStartSetup "pki ca usergroup Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlPhaseEnd
+
+        # Local Variables
+        get_topo_stack $csRole $TmpDir/topo_file
+	if [ $cs_Role="MASTER" ]; then
+                 SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
+        elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then
+                SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        fi
+	local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME)
+        local ca_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local ca_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT)
+        local ca_host=$(eval echo \$${csRole})
+        local valid_agent_user=$SUBCA_INST\_agentV
+        local valid_agent_user_password=$SUBCA_INST\_agentV_password
+        local valid_admin_user=$SUBCA_INST\_adminV
+        local valid_admin_user_password=$SUBCA_INST\_adminV_password
+        local valid_audit_user=$SUBCA_INST\_auditV
+        local valid_audit_user_password=$SUBCA_INST\_auditV_password
+        local valid_operator_user=$SUBCA_INST\_operatorV
+        local valid_operator_user_password=$SUBCA_INST\_operatorV_password
+	local valid_agent_cert=$SUBCA_INST\_agentV
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local ca_admin_user=$(eval echo \$${SUBCA_INST}_ADMIN_USER)
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')        
+	local TEMP_NSS_DB="$TmpDir/nssdb"
+	local TEMP_NSS_DB_PWD="redhat"
+	disable_ca_nonce $tomcat_name
+
+        rlPhaseStartTest "pki_subca_usergroup-001: Valid SUBCA admin add users"
+		local userid="ug02"
+		local fullname=$userid
+		local password="password$userid"
+		local email="$userid@redhat.com"
+		local phone="12345"
+		local state="CA"
+		rlLog "curl --basic \
+			    --dump-header  $TmpDir/subca_usergroup_001.txt \
+	                     -u $valid_admin_user:$valid_admin_user_password \
+        	             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                	     -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+		rlRun "curl --basic \
+			    --dump-header  $TmpDir/subca_usergroup_001.txt \
+			     -u $valid_admin_user:$valid_admin_user_password \
+			     -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+			     -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_001_2.txt" 0 "Add user $userid to $CA_INST" 
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_001.txt"
+		rlAssertNotGrep "Fail" "$TmpDir/subca_usergroup_001_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-002: Valid CA admin list users"
+		local userid="ug02"
+		rlLog "curl --basic \
+        	            --dump-header  $TmpDir/subca_usergroup_002.txt \
+                	     -u $valid_admin_user:$valid_admin_user_password \
+	                     -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=users\" \
+        	             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+	        rlRun "curl --basic \
+        	            --dump-header  $TmpDir/subca_usergroup_002.txt \
+                	     -u $valid_admin_user:$valid_admin_user_password \
+	                     -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=users\" \
+        	             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_002_2.txt" 0 "List all CA user in $CA_INST"
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_002.txt"
+		rlAssertGrep "$userid" "$TmpDir/subca_usergroup_002_2.txt"
+	rlPhaseEnd
+	
+	rlPhaseStartTest "pki_subca_usergroup-003: Valid CA admin edit users"
+		local userid="ug04"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@redhat.com"
+                local phone="1234"
+                local state="CA"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_003_2.txt" 0 "Add user $userid to $CA_INST"
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_003.txt"
+		#Now edit user - phone number change
+                phone="4567"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_003_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_003_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_003_002_2.txt" 0 "Modify user $userid to have a new phone number $phone"
+		rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_003_002.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-004: Valid CA admin delete users"
+                local userid="ug05"
+                local fullname=$userid
+                local password="password$userid"
+                local email="$userid@redhat.com"
+                local phone="1234"
+                local state="CA"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_004_2.txt" 0 "Add user $userid to $CA_INST"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_004.txt"
+                rlAssertNotGrep "Failed to add user" "$TmpDir/subca_usergroup_004_2.txt"
+                #Now delete user
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_004_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=users&RS_ID=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_004_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=users&RS_ID=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_004_002_2.txt" 0 "Delete user $userid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_004_002.txt"
+		#Verify user is deleted
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_004_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=users\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_004_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=users\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_004_003_2.txt" 0 "List all CA user in $CA_INST"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_004_003.txt"
+                rlAssertNotGrep "$userid" "$TmpDir/subca_usergroup_004_003_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-005: Valid CA admin view certs of users"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$valid_admin_user\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$valid_admin_user\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_05_2.txt" 0 "View user $valid_admin_user certificate"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_005.txt"
+		rlRun "cat  $TmpDir/subca_usergroup_05_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_05_3.txt"
+		rlAssertGrep "BEGIN CERTIFICATE" "$TmpDir/subca_usergroup_05_3.txt"
+		rlAssertGrep "END CERTIFICATE" "$TmpDir/subca_usergroup_05_3.txt"
+		#view certificate of ca admin user
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_005_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$ca_admin_user\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_005_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$ca_admin_user\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_005_002_2.txt" 0 "View user $ca_admin_user certificate"
+		rlRun "cat  $TmpDir/subca_usergroup_005_002_2.txt  | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_005_002_3.txt"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_005_002.txt"
+		rlAssertGrep "BEGIN CERTIFICATE" "$TmpDir/subca_usergroup_005_002_3.txt"
+		rlAssertGrep "END CERTIFICATE" "$TmpDir/subca_usergroup_005_002_3.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-006: Valid CA admin import certs into users"
+		local userid="ug06"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@mail_domain.com"
+                local phone="1234"
+                local state="CA"
+		#Add a user
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_006.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=Administrators&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_006.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=Administrators&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_006_2.txt" 0 "Add user $userid to $CA_INST"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006.txt"
+                rlAssertNotGrep "Failed to add user" "$TmpDir/subca_usergroup_006_2.txt"
+		#Create a certificate request
+		local profile_id="caUserCert"
+		local request_type="crmf"
+		local request_key_size=2048
+		local request_key_type="rsa"
+
+		rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email:$email \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out"
+		rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_006_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\""
+		rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_006_002.txt \
+                             -d \"profileId=$profile_id&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$userid&sn_e=$userid&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$email&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/subca_usergroup_006_002_2.txt" 0 "Submit Certificare request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006_002.txt"
+		local request_id=$(cat -v  $TmpDir/subca_usergroup_006_002_2.txt | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+		rlLog "requestid=$request_id"
+		#Approve certificate request
+		local Second=`date +'%S' -d now`
+		local Minute=`date +'%M' -d now`
+		local Hour=`date +'%H' -d now`
+		local Day=`date +'%d' -d now`
+		local Month=`date +'%m' -d now`
+		local Year=`date +'%Y' -d now`
+		local start_year=$Year
+		let end_year=$Year+1
+		local end_day="1"
+		local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+		local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+		local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+		local cert_ext_subjAltNames="RFC822Name: "
+		rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                            --dump-header  $TmpDir/subca_usergroup_006_003.txt \
+			     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\""
+                rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                            --dump-header  $TmpDir/subca_usergroup_006_003.txt \
+		 	     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                             -d \"requestId=$request_id&op=approve&submit=submit&name=UID=$userid&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/subca_usergroup_006_003_2.txt" 0 "Submit Certificare request"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006_003.txt"
+		local serial_number=$(cat -v  $TmpDir/subca_usergroup_006_003_2.txt | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+		rlLog "serial_number=$serial_number"
+		local certificate_in_base64=$(cat -v $TmpDir/subca_usergroup_006_003_2.txt | grep 'outputList.outputVal' | awk -F 'outputList.outputVal=\"' '{print $2}'  | awk -F '-----BEGIN CERTIFICATE-----' '{print $2}' | sed '/^$/d' | sed 's/^\\n//'|sed -e 's/^/-----BEGIN CERTIFICATE-----/' | sed 's/-----END CERTIFICATE-----\\n\";/-----END CERTIFICATE-----/' | sed 's/\\r\\n//g')
+		rlLog "CERTIFICATE_IN_BASE64=$certificate_in_base64"
+		#Add certificate to user
+		rlLog "curl --basic \
+        	            --dump-header  $TmpDir/subca_usergroup_006_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             --data \"OP_TYPE=OP_ADD&OP_SCOPE=certs&RS_ID=$userid\" \
+                             --data-urlencode \"cert=$certificate_in_base64\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_006_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             --data \"OP_TYPE=OP_ADD&OP_SCOPE=certs&RS_ID=$userid\" \
+                             --data-urlencode \"cert=$certificate_in_base64\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_006_004_2.txt" 0 "Add certificate serial_number $serial_number to $userid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006_004.txt"	
+		#Make sure certificate got added to user
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_006_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_006_005.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_READ&OP_SCOPE=certs&RS_ID=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_006_005_2.txt" 0 "Read certificate of $userid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_006_005.txt"
+		rlRun "cat  $TmpDir/subca_usergroup_006_005_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_006_005_3.txt"
+                rlAssertGrep "-----BEGIN CERTIFICATE-----" "$TmpDir/subca_usergroup_006_005_3.txt"
+                rlAssertGrep "-----END CERTIFICATE-----" "$TmpDir/subca_usergroup_006_005_3.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-007: Valid CA admin list groups"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_007.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_007.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_007_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_007.txt"	
+		rlRun "cat  $TmpDir/subca_usergroup_007_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_007_3.txt"
+                rlAssertGrep "Administrators" "$TmpDir/subca_usergroup_007_3.txt"	
+                rlAssertGrep "Certificate Manager Agents" "$TmpDir/subca_usergroup_007_3.txt"
+                rlAssertGrep "Trusted Managers" "$TmpDir/subca_usergroup_007_3.txt"	
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-008: Valid CA admin add a user to the group"
+                local userid="ug08"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@redhat.com"
+                local phone="1234"
+                local state="CA"
+                local groupid="group01"
+                local groupdesc="group01_desc"
+		#Add user
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_008.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_008.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_008_2.txt" 0 "Add user $userid to $CA_INST"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_008.txt"
+                rlAssertNotGrep "Failed to add user" "$TmpDir/subca_usergroup_008_2.txt"
+                #Add user to group
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_008_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_008_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_008_002_2.txt" 0 "Add group $groupid"
+		
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_008_002.txt"
+		#List group
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_008_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_008_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_008_003_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_008_003.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_008_003_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_008_003_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_008_003_3.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-009: Valid CA admin delete group"
+                local groupid="group09"
+                local groupdesc="group09_desc"
+		#Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_009.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_009.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_009_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_009.txt"
+                rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_009_2.txt"
+		#List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_009_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_009_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_009_002_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_009_002.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_009_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_009_002_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_009_002_3.txt"
+		#Delete group
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_009_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_009_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_009_003_2.txt" 0 "Delete group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_009_003.txt"
+		#List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_009_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_009_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_009_004_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_009_004.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_009_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_009_004_3.txt"
+                rlAssertNotGrep "$groupid" "$TmpDir/subca_usergroup_009_004_3.txt"
+	rlPhaseEnd
+	
+	rlPhaseStartTest "pki_subca_usergroup-010: Valid CA admin edit groups"
+                local userid="ug10"
+                local fullname=$userid
+                local password=password$userid
+                local email="$userid@redhat.com"
+                local phone="1234"
+                local state="CA"
+                local groupid="group10"
+                local groupdesc="group10_desc"
+                #Add user
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_010.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_010.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_010_2.txt" 0 "Add user $userid to $CA_INST"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_010.txt"
+                rlAssertNotGrep "Failed to add user" "$TmpDir/subca_usergroup_010_2.txt"
+                #Add user to group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_010_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_010_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_010_002_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_010_002.txt"
+                rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_010_002_2.txt"
+		#Edit group - change description
+                local groupdesc2="group10_desc_changed"
+		rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_010_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc2&user=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_010_003.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc2&user=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_010_003_2.txt" 0 "Edit $groupid change desc $groupdesc2"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_010_003.txt"
+        rlPhaseEnd 
+
+	rlPhaseStartTest "pki_subca_usergroup-011: Valid CA agent cannot add new user"
+		local userid="ug11"
+                local fullname=$userid
+                local password="password$userid"
+                local email="$userid@redhat.com"
+                local phone="12345"
+                local state="CA"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_011.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_011.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_011_2.txt" 0 "Add user $userid to $CA_INST using a agent user"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_011.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_011_2.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-012: CA Audit user cannot add new user"
+                local userid="ug12"
+                local fullname=$userid
+                local password="password$userid"
+                local email="$userid@redhat.com"
+                local phone="12345"
+                local state="CA"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_012.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_012.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_012_2.txt" 0 "Add user $userid to $CA_INST using a audit user"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_012.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_012_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-013: CA Operator user cannot add new user"
+                local userid="ug13"
+                local fullname=$userid
+                local password="password$userid"
+                local email="$userid@redhat.com"
+                local phone="12345"
+                local state="CA"
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_013.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_013.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=users&RS_ID=$userid&fullname=$fullname&password=$password&email=$email&phone=$phone&state=$state&groups=&userType=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_013_2.txt" 0 "Add user $userid to $CA_INST using a operator user"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_013.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_013_2.txt"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_subca_usergroup-014: CA audit user cannot add new group"
+		local groupid="group14"
+                local groupdesc="group14_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_014.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_014.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_014_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_014.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_014_2.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-015: CA agent user cannot add new group"
+                local groupid="group15"
+                local groupdesc="group15_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_015.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_015.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_015_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_015.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_015_2.txt"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-016: CA operator user cannot add new group"
+                local groupid="group16"
+                local groupdesc="group16_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_016.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_016.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_016_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_016.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_016_2.txt"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_subca_usergroup-017: CA agent user cannot delete existing group"
+		local groupid="group17"
+                local groupdesc="group17_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_017.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_017.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_017_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_017.txt"
+                rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_017_2.txt"
+                #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_017_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_017_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_017_002_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_017_002.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_017_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_017_002_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_017_002_3.txt"
+                #Delete group using agent
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_017_003.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_017_003.txt \
+                             -u $valid_agent_user:$valid_agent_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_017_003_2.txt" 0 "Delete group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_017_003.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_017_003_2.txt"
+		 #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_017_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_017_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_017_004_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_017_004.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_017_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_017_004_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_017_004_3.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup-018: CA Audit user cannot delete existing group"
+		local groupid="group18"
+                local groupdesc="group18_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_018.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_018.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_018_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_018.txt"
+                rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_018_2.txt"
+                #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_018_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_018_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_018_002_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_018_002.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_018_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_018_002_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_018_002_3.txt"
+                #Delete group using auditor
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_018_003.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_018_003.txt \
+                             -u $valid_audit_user:$valid_audit_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_018_003_2.txt" 0 "Delete group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_018_003.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_018_003_2.txt"
+		 #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_018_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_018_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_018_004_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_018_004.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_018_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_018_004_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_018_004_3.txt"
+	rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_subca_usergroup-019: CA Operator user cannot delete existing group"
+		local groupid="group19"
+                local groupdesc="group19_desc"
+                #Add group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_019.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_019.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_ADD&OP_SCOPE=groups&RS_ID=$groupid&desc=$groupdesc&user=\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_019_2.txt" 0 "Add group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_019.txt"
+                rlAssertNotGrep "Failed to add group" "$TmpDir/subca_usergroup_019_2.txt"
+                #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_019_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_019_002.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_019_002_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_019_002.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_019_002_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_019_002_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_019_002_3.txt"
+                #Delete group using operator
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_019_003.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_019_003.txt \
+                             -u $valid_operator_user:$valid_operator_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_019_003_2.txt" 0 "Delete group $groupid"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_019_003.txt"
+                rlAssertGrep "You are not authorized to perform this operation" "$TmpDir/subca_usergroup_019_003_2.txt"
+		 #List group
+                rlLog "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_019_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\""
+                rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_019_004.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=groups\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_019_004_2.txt" 0 "List groups"
+                rlAssertGrep "HTTP/1.1 200 OK" "$TmpDir/subca_usergroup_019_004.txt"
+                rlRun "cat  $TmpDir/subca_usergroup_019_004_2.txt | python -c 'import sys, urllib as ul; print ul.unquote(sys.stdin.read());' | sed 'y/+/ /' > $TmpDir/subca_usergroup_019_004_3.txt"
+                rlAssertGrep "$groupid" "$TmpDir/subca_usergroup_019_004_3.txt"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_usergroup_cleanup: Deleting users and groups"
+		local group=("group01" "group10" "group17" "group18" "group19")
+                i=0
+                while [ $i -lt ${#group[@]} ] ; do
+                        groupid=${group[$i]}
+                        rlRun "curl --basic \
+                            --dump-header  $TmpDir/ca_group_cleanup_$i.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=groups&RS_ID=$groupid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/ca_group_cleanup_$i_2.txt" 0 "Delete group $groupid"
+                let i=$i+1
+                done
+
+		local user=("ug02" "ug04" "ug06:true" "ug08" "ug10")
+		i=0
+		while [ $i -lt ${#user[@]} ] ; do
+			userid=${user[$i]}
+			rlRun "curl --basic \
+                            --dump-header  $TmpDir/subca_usergroup_cleanup_$i.txt \
+                             -u $valid_admin_user:$valid_admin_user_password \
+                             -d \"OP_TYPE=OP_DELETE&OP_SCOPE=users&RS_ID=$userid\" \
+                             -k \"https://$ca_host:$ca_secure_port/ca/ug\" > $TmpDir/subca_usergroup_cleanup_$i_2.txt" 0 "Delete user $userid"
+		let i=$i+1
+		done
+		enable_ca_nonce $tomcat_name
+		rlRun "popd"
+	        rlRun "rm -r $TmpDir" 0 "Removing temp directory"
+	rlPhaseEnd
+}
diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh
index 0fcccdb7f..c1faea6fc 100755
--- a/tests/dogtag/runtest.sh
+++ b/tests/dogtag/runtest.sh
@@ -191,6 +191,10 @@
 . ./acceptance/legacy/ca-tests/publishing/ca-admin-publishing.sh
 . ./acceptance/legacy/ca-tests/cert-enrollment/ca-ag-certificates.sh
 . ./acceptance/legacy/ca-tests/ocsp/ca-ee-ocsp.sh
+. ./acceptance/legacy/ca-tests/renewal/renew_manual.sh
+. ./acceptance/legacy/ca-tests/renewal/renew_DirAuthUserCert.sh
+. ./acceptance/legacy/ca-tests/renewal/renew_caSSLClientCert.sh
+. ./acceptance/legacy/subca-tests/usergroups/subca-usergroups.sh
 . ./acceptance/legacy/subca-tests/acls/subca-ad-acls.sh
 . ./acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh
 . ./acceptance/legacy/subca-tests/authplugin/subca-ad-authplugin.sh
@@ -1045,13 +1049,6 @@ rlJournalStart
 		run_bug_790924
         fi
 	
-	LEGACY_CA_ADMIN_ACL_UPPERCASE=$(echo $LEGACY_CA_ADMIN_ACL | tr [a-z] [A-Z])
-        if [ "$LEGACY_CA_ADMIN_ACL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
-                #Execute legacy CA admin acl tests
-		subsystemType=ca
-		run_admin-ca-acl_tests $subsystemType $MYROLE
-        fi
-
 	######## PKI KEY KRA TESTS ############
 	PKI_KEY_KRA_TESTS_UPPERCASE=$(echo $PKI_KEY_KRA_TESTS | tr [a-z] [A-Z])
         if [ "$PKI_KEY_KRA_TESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
@@ -1462,10 +1459,8 @@ rlJournalStart
         PKI_LEGACY_CA_USERGROUP_UPPERCASE=$(echo $PKI_LEGACY_CA_USERGROUP | tr [a-z] [A-Z])
         if [ "$PKI_LEGACY_CA_USERGROUP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
                 # Execute pki ca-usergroup-tests  tests
-                  subsystemId=$CA_INST
                   subsystemType=ca
-                  rlLog "Subsystem ID CA=$CA_INST, MY_ROLE=$MYROLE"
-                  run_pki-legacy-ca-usergroup_tests $subsystemId $subsystemType $MYROLE
+                  run_pki-legacy-ca-usergroup_tests $subsystemType $MYROLE
         fi
 	PKI_LEGACY_CA_ADMIN_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_CA_ADMIN_PROFILE | tr [a-z] [A-Z])
 	if [ "$PKI_LEGACY_CA_ADMIN_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
@@ -1537,6 +1532,24 @@ rlJournalStart
                 subsystemType=ca
                 run_ca-ee-ocsp_tests $subsystemType $MYROLE
         fi
+	PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_MANUAL | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_CA_RENEW_MANUAL_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki ca-renew-manual tests
+                subsystemType=ca
+                run_pki-legacy-ca-renew_manual_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_CA_RENEW_DIRECTORY_AUTH_USERCERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki ca-renew-directory-auth-usercert tests
+                subsystemType=ca
+                run_pki-legacy-ca-renew_dir_auth_user_cert_tests $subsystemType $MYROLE
+        fi
+        PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE=$(echo $PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_CA_RENEW_SSLCLIENTAUTH_CERT_UPPERCASE" = "TRUE" ] || [ "TEST_ALL_UPPERCASE" = "TRUE" ]; then
+                # Execute pki ca-renew-sslclient-cert tests
+                subsystemType=ca
+                run_pki-legacy-ca-renew_self_ca_user_ssl_client_cert_tests $subsystemType $MYROLE
+        fi
 	PKI_LEGACY_KRA_AG_UPPERCASE=$(echo $PKI_LEGACY_KRA_AG_TESTS | tr [a-z] [A-Z])
 	if [ "$PKI_LEGACY_KRA_AG_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
 		subsystemType=kra
@@ -1562,6 +1575,12 @@ rlJournalStart
 		subsystemType=kra
 		run_admin-kra-log_tests $subsystemType $MYROLE
 	fi
+	PKI_LEGACY_SUBCA_USERGROUP_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_USERGROUP | tr [a-z] [A-Z])
+        if [ "$PKI_LEGACY_SUBCA_USERGROUP_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ] ; then
+                # Execute pki subca-usergroup-tests  tests
+                subsystemType=ca
+                run_pki-legacy-subca-usergroup_tests $subsystemType $MYROLE
+        fi
 	PKI_LEGACY_SUBCA_ADMIN_ACLS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_ACLS | tr [a-z] [A-Z])
         if [ "$PKI_LEGACY_SUBCA_ADMIN_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
                 subsystemType=ca
diff --git a/tests/dogtag/shared/rhcs-shared.sh b/tests/dogtag/shared/rhcs-shared.sh
index a351c4a40..45d5b6c83 100755
--- a/tests/dogtag/shared/rhcs-shared.sh
+++ b/tests/dogtag/shared/rhcs-shared.sh
@@ -14,10 +14,13 @@
 #	runJava <java class> <input>
 #	set_javapath
 #	install_and_trust_CA_cert <ca_server_root> <nss_db_dir>
+#       install_and_trust_user_cert <certificate pem file> <nickname> <nss-db-directory>
 #	disable_ca_nonce <ca_server_root>
 #	enable_ca_nonce <ca_server_root>
 #	importP12File <P12FileLocation> <P12FilePassword> <nssdbDirectory> <nssdbPassword> <cert_nickname>
-#
+#       forward_system_clock <number_of_days>
+#       reverse_system_clock <number_of_days>
+#       replace_string_in_a_file <file_name> <original_string> <replace_string>
 ######################################################################
 #######################################################################
 
@@ -272,6 +275,76 @@ install_and_trust_KRA_cert(){
 }
 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# install_and_trust_user_cert
+#   Usage: install_and_trust_user_cert <certificate pem file> <nickname> <nss-db-directory>
+#
+# This will check and install user certificate in a given nss-db
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+install_and_trust_user_cert(){
+        local cert_pem_file="$1"
+        local user_cert_nick="$2"
+        local nss_db_dir="$3"
+        rlRun "certutil -d $nss_db_dir -A -n \"$user_cert_nick\" -i $cert_pem_file -t \"u,u,u\" "
+}
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# forward_system_clock
+#   Usage: forward_system_clock <number_of_days>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+forward_system_clock(){
+        local number_of_days=$1
+        rlLog "Current Date/Time: $(date)"
+        rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode"
+        rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+        local cur_date=$(date)
+        rlLog "Move system to $cur_date + $number_of_days days ahead"
+        rlRun "chronyc -a -m 'offline' 'settime $cur_date + $number_of_days days' 'makestep' 'manual reset' 1> $TmpDir/chrony.out"
+        rlLog "Date after modifying using chrony: $(date)"
+}
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# reverse_system_clock
+#   Usage: reverse_system_clock <number_of_days>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+reverse_system_clock(){
+        local numdays=$1
+        rlLog "number_of_days=$numdays"
+        rlLog "Current Date/Time: $(date)"
+        local new_string="$numdays days ago"
+        local new_date=$(date -d "$new_string")
+        rlRun "chronyc -a -m 'settime $new_date' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out"
+        rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+        rlLog "Date after modifying using chrony: $(date)"
+}
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#       replace_string_in_a_file <file_name> <original_string> <replace_string>
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+replace_string_in_a_file()
+{
+        local file_name=$1
+        local original_string=$2
+        local replace_string=$3
+        local rc=0
+        temp_file="$file_name.temp"
+        rlRun "sed 's/$original_string/$replace_string/g' $file_name > $temp_file"
+        cp $temp_file $file_name
+        cat $file_name | grep $replace_string
+        if [ $? -ne 0 ] ; then
+                rlLog "$file_name did not get replaced with $replace_string"
+                rc=1
+        fi
+        return $rc
+}
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 # disable_ca_nonce
 #   Usage: disable_ca_nonce <ca_server_root>
 #