Add Legacy drm-logs and some subca tests

Sub CA cert-enrollment, profiles and logs are added
DRM logs are added

Signed-off-by: Niranjan Mallapadi <mrniranjan@redhat.com>

10 files changed, 10480 insertions, 0 deletions

diff --git a/tests/dogtag/Makefile b/tests/dogtag/Makefile
index d7f4faed3..c337ef837 100755
--- a/tests/dogtag/Makefile
+++ b/tests/dogtag/Makefile
@@ -263,12 +263,20 @@ build: $(BUILT_FILES)
 	chmod a+x ./acceptance/legacy/drm-tests/agent/drm-ag-tests.sh
 	chmod a+x ./acceptance/legacy/drm-tests/internaldb/drm-ad-internaldb.sh
 	chmod a+x ./acceptance/legacy/drm-tests/usergroups/drm-ad-usergroups.sh	
+	chmod a+x ./acceptance/legacy/drm-tests/logs/drm-ad-logs.sh
 	chmod a+x ./acceptance/legacy/subca-tests/acls/subca-ad-acls.sh
 	chmod a+x ./acceptance/legacy/subca-tests/internaldb/subca-ad-internaldb.sh
 	chmod a+x ./acceptance/legacy/subca-tests/authplugin/subca-ad-authplugin.sh
 	chmod a+x ./acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh
 	chmod a+x ./acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh
 	chmod a+x ./acceptance/legacy/subca-tests/crls/subca-ag-crls.sh
+	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh
+	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-requests.sh
+	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-enrollments.sh
+	chmod a+x ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh
+	chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh
+	chmod a+x ./acceptance/legacy/subca-tests/profiles/subca-ag-profiles.sh
+	chmod a+x ./acceptance/legacy/subca-tests/logs/subca-ad-logs.sh
 	# bug verifications
 	chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh
 	chmod a+x ./acceptance/bugzilla/tomcatjss-bugs/bug-1084224.sh
diff --git a/tests/dogtag/acceptance/legacy/drm-tests/logs/drm-ad-logs.sh b/tests/dogtag/acceptance/legacy/drm-tests/logs/drm-ad-logs.sh
new file mode 100755
index 000000000..136ff26e2
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/drm-tests/logs/drm-ad-logs.sh
@@ -0,0 +1,194 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy/drm-tests/drm-ad-logs.sh
+#   Description: DRM Admin logs tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki key cli commands needs to be tested:
+#  DRM Admin logs test
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mniranja@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_admin-kra-log_tests()
+{
+        local cs_Type=$1
+        local cs_Role=$2
+        
+	# Creating Temporary Directory for legacy test
+        rlPhaseStartSetup "Create Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlPhaseEnd
+
+        # Local Variables
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        local CA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+	local KRA_INST=$(cat $TmpDir/topo_file | grep MY_KRA | cut -d= -f2)
+	local tomcat_name=$(eval echo \$${CA_INST}_TOMCAT_INSTANCE_NAME)
+	local target_unsecure_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
+	local target_secure_port=$(eval echo \$${CA_INST}_SECURE_PORT)
+	local tmp_ca_port=$(eval echo \$${CA_INST}_UNSECURE_PORT)
+        local tmp_kra_host=$(eval echo \$${cs_Role})
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local valid_ca_agent_cert=$CA_INST\_agentV
+        local valid_agent=$KRA_INST\_agentV
+        local valid_agent_pwd=$KRA_INST\_agentV_password
+        local valid_audit=$KRA_INST\_auditV
+        local valid_audit_pwd=$KRA_INST\_auditV_password
+        local valid_operator=$KRA_INST\_operatorV
+        local valid_operator_pwd=$KRA_INST\_operatorV_password
+        local valid_admin=$KRA_INST\_adminV
+        local valid_admin_pwd=$KRA_INST\_adminV_password
+        local revoked_agent=$KRA_INST\_agentR
+        local revoked_admin=$KRA_INST\_adminR
+        local expired_admin=$KRA_INST\_adminE
+        local expired_agent=$KRA_INST\_agentE
+        local admin_out="$TmpDir/admin_out"
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+
+
+	rlPhaseStartTest "pki_console_log-001: DRM Admin Interface - Add a new log file"
+	rlLog "Create a new log of type system"
+	local logfile=log$RANDOM
+	local level=0
+	local rolloverinterval=1
+	local logtype="system"
+	local flushinterval=5
+	local filename=/tmp/$logfile
+	local logenable="True"
+	local signedAuditCertNickname="kraauditsigningcert"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_kra_host:$target_secure_port/kra/log >> $admin_out" 0 "Create $logfile file of type $logtype"
+	rlLog "List all logs"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_kra_host:$target_secure_port/kra/log > $admin_out" 0 "List all logs configured"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "$logfile=file:visible" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_log-002: DRM Admin Interface - List all logs"
+	rlLog "List all logs"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \
+		 -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_kra_host:$target_secure_port/kra/log > $admin_out" 0 "List all logs configured"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "Transactions=file:visible" "$admin_out"
+	rlAssertGrep "SignedAudit=file:visible" "$admin_out"
+	rlAssertGrep "System=file:visible" "$admin_out"
+	rlAssertGrep "$logfile=file:visible" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_log-003: DRM Admin Interface - Edit log file configuration"
+        local level=0
+        local rolloverinterval=1
+        local logtype="system"
+        local flushinterval=5
+        local filename=/tmp/$logfile
+        local logenable="false"
+	local maxfilesize=3000
+	local buffersize=512
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=logRule&RS_ID=$logfile&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&bufferSize=$buffersize&maxFileSize=$maxfilesize&fileName=$filename&enable=$logenable&implName=file&type=$logtype&RULENAME=$logfile\" -k https://$tmp_kra_host:$target_secure_port/kra/log >> $admin_out" 0 "Modify $logfile file"
+	rlLog "Changes require restart of CA instance"
+	rlRun "rhcs_stop_instance $tomcat_name"
+	rlRun "rhcs_start_instance $tomcat_name"
+	rlLog "Read $logfile and verify values are updated"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_READ&OP_SCOPE=logRule&RS_ID=$logfile\" -k  https://$tmp_kra_host:$target_secure_port/kra/log > $admin_out" 0 "Read $logfile file"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "maxFileSize=$maxfilesize" "$admin_out"
+	rlAssertGrep "enable=$logenable" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_log-004: DRM Admin Interface - View log file"
+	rlLog "Read $logfile"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_READ&OP_SCOPE=logRule&RS_ID=$logfile\" -k  https://$tmp_kra_host:$target_secure_port/kra/log > $admin_out" 0 "Read $logfile file"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "implName=file" "$admin_out"
+	rlAssertGrep "type=$logtype" "$admin_out"
+	rlAssertGrep "enable=$logenable" "$admin_out"
+	rlAssertGrep "level=Debug" "$admin_out"
+	rlAssertGrep "bufferSize=$buffersize" "$admin_out"
+	rlAssertGrep "maxFileSize=$maxfilesize" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_log-005: DRM Admin Interface - Delete log file"
+	rlLog "Delete log $logfile file"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=logRule&RS_ID=$logfile\" -k  https://$tmp_kra_host:$target_secure_port/kra/log > $admin_out" 0 "Read $logfile file"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlLog "List all logs"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin:$valid_admin_pwd" \
+                 -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_kra_host:$target_secure_port/kra/log > $admin_out" 0 "List all logs configured"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "Transactions=file:visible" "$admin_out"
+        rlAssertGrep "SignedAudit=file:visible" "$admin_out"
+        rlAssertGrep "System=file:visible" "$admin_out"
+        rlAssertNotGrep "$logfile=file:visible" "$admin_out"	
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_log-006: DRM Admin Interface - Adding a log file with agent privileges should fail"
+        local logfile=log$RANDOM
+        local level=0
+        local rolloverinterval=1
+        local logtype="system"
+        local flushinterval=5
+        local filename=/tmp/$logfile
+        local logenable="True"
+        local signedAuditCertNickname="caauditsigningcert"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_agent:$valid_agent_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_kra_host:$target_secure_port/kra/log > $admin_out" 0 "Create $logfile file of type $logtype"   
+        rlAssertGrep "You are not authorized to perform this operation" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_log-007: DRM Admin Interface - Adding a log file with audit privileges should fail"
+        local logfile=log$RANDOM
+        local level=0
+        local rolloverinterval=1
+        local logtype="system"
+        local flushinterval=5
+        local filename=/tmp/$logfile
+        local logenable="True"
+        local signedAuditCertNickname="caauditsigningcert"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_audit:$valid_audit_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_kra_host:$target_secure_port/kra/log > $admin_out" 0 "Create $logfile file of type $logtype"
+        rlAssertGrep "You are not authorized to perform this operation" "$admin_out"
+        rlPhaseEnd
+
+	rlPhaseStartCleanup "Delete temporary dir"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlPhaseEnd
+
+
+}
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh
new file mode 100755
index 000000000..53f411a59
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh
@@ -0,0 +1,337 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy/ca-tests/cert-enrollment/subca-ag-certificates
+#   Description: Subordiate CA Agent Certificates
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#   The following legacy tests is being tested:
+#   subca-ag-certificates
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mniranja@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/pki-auth-plugin-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_subca-ag-certificates_tests()
+{
+	
+	 # Creating Temporary Directory
+        rlPhaseStartSetup "Create Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "export PYTHONPATH=$PYTHONPATH:/opt/rhqa_pki/"
+        rlPhaseEnd
+
+        # Disable Nonce
+        rlPhaseStartSetup "Disable Nonce"
+        local cs_Type=$1
+        local cs_Role=$2
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        if [ $cs_Role="MASTER" ]; then
+                 SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
+        elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then
+                SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        fi
+        local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME)
+        rlRun "disable_ca_nonce $tomcat_name"
+        rlPhaseEnd
+	
+        # Local Variables
+        local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT)
+        local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local valid_agent_cert=$SUBCA_INST\_agentV
+        local valid_audit_cert=$SUBCA_INST\_auditV
+        local valid_operator_cert=$SUBCA_INST\_operatorV
+        local valid_admin_cert=$SUBCA_INST\_adminV
+        local cert_find_info="$TmpDir/cert_find_info"
+        local revoked_agent_cert=$SUBCA_INST\_agentR
+        local revoked_admin_cert=$SUBCA_INST\_adminR
+        local expired_admin_cert=$SUBCA_INST\_adminE
+        local expired_agent_cert=$SUBCA_INST\_agentE
+        local admin_out="$TmpDir/admin_out"
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local cert_info="$TmpDir/cert_info"
+        local ca_profile_out="$TmpDir/ca-profile-out"
+        local cert_out="$TmpDir/cert-show.out"
+        local cert_show_out="$TmpDir/cert_show.out"
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')
+        local SSL_DIR=$CERTDB_DIR
+
+
+
+	rlPhaseStartTest "pki_subca_ag-certificates-001: CA Agent Page: List Certificates"
+	local op=listCerts
+	local queryCertFilter='(|(certStatus=VALID)(certStatus=REVOKED))'
+	local serialFrom=''
+	local serialTo=''
+	local skipNonValid=''
+	local querySentinelDown='0'
+	local querySentinelUp=''
+	local direction=''
+	local maxCount='10'
+	local test_out=$op
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+		--dump-header  $admin_out \
+		-E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+		-d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" \
+		-k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/listCerts\" > $TmpDir/$test_out" 0 "List Certificates"
+	rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+		--dump-header  $admin_out \
+		-E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+		-d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" \
+		-k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/listCerts\" > $TmpDir/$test_out" 0 "List Certificates"
+	local no_of_records=$(cat $TmpDir/$test_out | grep record.subject= | wc -l)
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlAssertEquals "Verify number of records is $maxCount" $maxCount $no_of_records
+	rlPhaseEnd	
+	
+        rlPhaseStartSetup "Generate Cert which will be revoked"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser"
+        local usercn="fooUser"
+        local phone="1234"
+        local usermail="fooUser@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-certificates-002: CA Agent Page: Revoke Certificates"
+        local STRIP_HEX=$(echo $serial_number | cut -dx -f2)
+        local serial=$STRIP_HEX
+        local CONV_UPP_VAL=${STRIP_HEX^^}
+        local decimal_serial_number=$(echo "ibase=16;$CONV_UPP_VAL"|bc)
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local revocationReason="0"
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlLog "Revoked cert with serial Number: $serial_number"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"$serial=on&day=0&month=$Month&year=0&revocationReason=$revocationReason&csrRequestorComments=&submit=Submit&op=doRevoke&templateType=RevocationSuccess&serialNumber=$serial&revokeAll=(|(certRecordId=$decimal_serial_number))&totalRecordCount=1&verifiedRecordCount=1&invalidityDate=0\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/$test_out" 0 "Revoke cert with serial Number $serial_number"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"$serial=on&day=0&month=$Month&year=0&revocationReason=$revocationReason&csrRequestorComments=&submit=Submit&op=doRevoke&templateType=RevocationSuccess&serialNumber=$serial&revokeAll=(|(certRecordId=$decimal_serial_number))&totalRecordCount=1&verifiedRecordCount=1&invalidityDate=0\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/$test_out" 0 "Revoke cert with serial Number $serial_number"
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertGrep "header.revoked = \"yes\"" "$TmpDir/$test_out"
+	rlAssertGrep "header.revoked = \"yes\"" "$TmpDir/$test_out"
+        rlAssertGrep "header.error = null" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-certificates-003: CA Agent Page: Display Revocation List(type: Entire CRL)"
+	rlLog "Display Cached CRL"
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+	local crlIssuingPoint='MasterCRL'
+	local crlDisplayType='cachedCRL'
+	local pageStart='1'
+	local pageSize='50'
+	local test_out=$crlDisplayType
+	rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+		--dump-header  $admin_out \
+		-E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+		-d \"crlIssuingPoint=$crlIssuingPoint&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL\" > $TmpDir/$test_out"
+	rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+		--dump-header  $admin_out \
+		-E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+		-d \"crlIssuingPoint=$crlIssuingPoint&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL\" > $TmpDir/$test_out" 0 "Display cached CRL"
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/$test_out"
+	rlAssertGrep "header.crlDisplayType = \"$crlDisplayType\"" "$TmpDir/$test_out"	
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-certificates-004: CA Agent Page: Display Revocation List(type: Entire CRL)"
+	rlLog "Display Entire CRL"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        local crlIssuingPoint='MasterCRL'
+        local crlDisplayType='entireCRL'
+        local pageStart='1'
+        local pageSize='50'
+        local test_out=$crlDisplayType
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"crlIssuingPoint=$crlIssuingPoint&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL\" > $TmpDir/$test_out"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"crlIssuingPoint=$crlIssuingPoint&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL\" > $TmpDir/$test_out" 0 "Display cached CRL"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/$test_out"
+        rlAssertGrep "header.crlDisplayType = \"$crlDisplayType\"" "$TmpDir/$test_out"	
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-certificates-005: CA Agent Page: Display Revocation List(type: CRLHeader)"
+        rlLog "Display CRL Header"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        local crlIssuingPoint='MasterCRL'
+        local crlDisplayType='crlHeader'
+        local pageStart='1'
+        local pageSize='50'
+        local test_out=$crlDisplayType
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"crlIssuingPoint=$crlIssuingPoint&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL\" > $TmpDir/$test_out"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"crlIssuingPoint=$crlIssuingPoint&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL\" > $TmpDir/$test_out" 0 "Display cached CRL"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/$test_out"
+        rlAssertGrep "header.crlDisplayType = \"$crlDisplayType\"" "$TmpDir/$test_out"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-certificates-006: CA Agent Page: Display Revocation List(type: Base64 Encoded)"
+        rlLog "Display Base64 Encoded CRL"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        local crlIssuingPoint='MasterCRL'
+        local crlDisplayType='base64Encoded'
+        local pageStart='1'
+        local pageSize='50'
+        local test_out=$crlDisplayType
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"crlIssuingPoint=$crlIssuingPoint&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL\" > $TmpDir/$test_out"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"crlIssuingPoint=$crlIssuingPoint&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/displayCRL\" > $TmpDir/$test_out" 0 "Display cached CRL"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/$test_out"
+        rlAssertGrep "header.crlDisplayType = \"$crlDisplayType\"" "$TmpDir/$test_out"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-certificates-007: CA Agent Page: Update Revocation List"
+	rlLog "Update Revocation List"
+	local crlIssuingPoint=MasterCRL
+	local signatureAlgorithm='SHA512withRSA'
+	local test_out=updateCRL
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+		-d \"crlIssuingPoint=$crlIssuingPoint&signatureAlgorithm=$signatureAlgorithm\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/updateCRL\" > $TmpDir/$test_out"
+	rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+		--dump-header  $admin_out \
+		-E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+		-d \"crlIssuingPoint=$crlIssuingPoint&signatureAlgorithm=$signatureAlgorithm\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/updateCRL\" > $TmpDir/$test_out" 0 "Update Revocation List"
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlAssertGrep "header.crlIssuingPoint = \"$crlIssuingPoint\"" "$TmpDir/$test_out"
+	rlAssertGrep "header.crlUpdate = \"Scheduled\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartCleanup "Delete temp dir and enable nonce"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+	enable_ca_nonce $tomcat_name
+        rlPhaseEnd
+
+}
+verify_cert()
+{
+        local serial_number=$1
+        local request_dn=$2
+        STRIP_HEX=$(echo $serial_number | cut -dx -f2)
+        CONV_LOW_VAL=${STRIP_HEX,,}
+        rlRun "pki -h $tmp_ca_host -p $target_unsecure_port cert-show $serial_number > $cert_show_out" 0 "Executing pki cert-show $serial_number"
+        rlAssertGrep "Serial Number: 0x$CONV_LOW_VAL" "$cert_show_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Cert,O=redhat" "$cert_show_out"
+        rlAssertGrep "Subject: $request_dn" "$cert_show_out"
+        rlAssertGrep "Status: VALID" "$cert_show_out"
+}
+
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ag-requests.sh b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ag-requests.sh
new file mode 100755
index 000000000..b79a5a9b2
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ag-requests.sh
@@ -0,0 +1,1543 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy/ca-tests/cert-enrollment/subca-ag-requests
+#   Description: Subordiate CA Agent Requests 
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#   The following legacy test is being tested:
+#   subca-ag-requests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mniranja@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/pki-auth-plugin-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_subca-ag-requests_tests()
+{
+
+	# Creating Temporary Directory
+        rlPhaseStartSetup "Create Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "export PYTHONPATH=$PYTHONPATH:/opt/rhqa_pki/"
+        rlPhaseEnd
+
+        # Disable Nonce
+        rlPhaseStartSetup "Disable Nonce"
+        local cs_Type=$1
+        local cs_Role=$2
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        if [ $cs_Role="MASTER" ]; then
+                 SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
+        elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then
+                SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        fi
+        local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME)
+        disable_ca_nonce $tomcat_name
+        rlPhaseEnd
+
+	#local variables
+        local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT)
+        local tmp_ca_agent=$SUBCA_INST\_agentV
+        local tmp_ca_admin=$SUBCA_INST\_adminV
+        local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local valid_agent_cert=$SUBCA_INST\_agentV
+        local valid_audit_cert=$SUBCA_INST\_auditV
+        local valid_operator_cert=$SUBCA_INST\_operatorV
+        local valid_admin_cert=$SUBCA_INST\_adminV
+        local cert_find_info="$TmpDir/cert_find_info"
+        local revoked_agent_cert=$SUBCA_INST\_agentR
+        local revoked_admin_cert=$SUBCA_INST\_adminR
+        local expired_admin_cert=$SUBCA_INST\_adminE
+        local expired_agent_cert=$SUBCA_INST\_agentE
+        local admin_out="$TmpDir/admin_out"
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local cert_info="$TmpDir/cert_info"
+        local ca_profile_out="$TmpDir/ca-profile-out"
+        local cert_out="$TmpDir/cert-show.out"
+        local cert_show_out="$TmpDir/cert_show.out"
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')
+        local SSL_DIR=$CERTDB_DIR
+
+	rlPhaseStartTest "pki_subca_ag-requests-001: CA Agent Page: List Requests try to display 100 requests and their details"
+	local reqType='enrollment'
+	local reqState='showWaiting'
+	local lastEntryOnPage='0'
+	local direction='first'
+	local maxCount='100'
+	local test_out='agent.out'
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"reqType=$reqType&reqState=$reqState&lastEntryOnPage=$lastEntryOnPage&direction=$direction&maxCount=$maxCount\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/queryReq\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"reqType=$reqType&reqState=$reqState&lastEntryOnPage=$lastEntryOnPage&direction=$direction&maxCount=$maxCount\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/queryReq\" > $TmpDir/$test_out"
+	rlAssertGrep "record.callerName=\"$valid_agent_cert\"" "$TmpDir/$test_out"
+	local no_of_records=$(cat $TmpDir/$test_out | grep record.subject | wc -l)
+	rlAssertGreater "Verify No of records displayed is more than 1" $no_of_records 1
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartSetup "Create certificate request for review"
+        rlLog "Create a pkcs10 cert request"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="foo$RANDOM"
+        local usercn="foo$RANDOM"
+        local phone="1234"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-002: CA Agent Page: view a particular profile based certificate request"
+	rlLog "View certificate request details"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileReview\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileReview\" > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlAssertGrep "defList.defVal=\"RSA - 1.2.840.113549.1.1.1\"" "$TmpDir/$test_out"
+	rlAssertGrep "defList.defVal=\"$cert_ext_exKeyUsageOIDs\"" "$TmpDir/$test_out"
+	rlAssertGrep "inputList.inputVal=\"$useid\"" "$TmpDir/$test_out"
+	rlAssertGrep "inputList.inputVal=\"$usercn\"" "$TmpDir/$test_out"
+	rlAssertGrep "inputList.inputVal=\"$usermail\"" "$TmpDir/$test_out"
+	rlAssertGrep "profileName=\"Manual User Dual-Use Certificate Enrollment\"" "$TmpDir/$test_out"
+	rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-003: CA Agent Page: Approve Profile request"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit certificate request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        local serial_number_without_hex=$(echo $serial_number | cut -dx -f2)
+        local serial_number_without_hex_lower=${serial_number_without_hex,,}
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-004: CA Agent Page: Cancel Certificate request"	
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=cancel&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=cancel&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "cancel certificate request"
+	rlAssertGrep "requestType=\"enrollment\"" "$TmpDir/$test_out"
+	rlAssertGrep "profileId=\"caUserCert\"" "$TmpDir/$test_out"
+	rlAssertGrep "requestId=\"$request_id\"" "$TmpDir/$test_out"
+	rlAssertGrep "errorCode=\"0\"" "$TmpDir/$test_out"
+	rlAssertGrep "requestStatus=\"canceled\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_subca_ag-requests-005: CA Agent Page: Reject Certificate request"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+	local action=reject
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "$action certificate request"
+        rlAssertGrep "requestType=\"enrollment\"" "$TmpDir/$test_out"
+        rlAssertGrep "profileId=\"caUserCert\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestId=\"$request_id\"" "$TmpDir/$test_out"
+        rlAssertGrep "errorCode=\"0\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestStatus=\"rejected\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-006: CA Agent Page: Assign Certificate request"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        local action=assign
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "$action certificate request"
+        rlAssertGrep "requestType=\"enrollment\"" "$TmpDir/$test_out"
+        rlAssertGrep "profileId=\"caUserCert\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestId=\"$request_id\"" "$TmpDir/$test_out"
+        rlAssertGrep "errorCode=\"0\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/$test_out"	
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-007: CA Agent Page: UnAssign Certificate request"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        local action=unassign
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "$action certificate request"
+        rlAssertGrep "requestType=\"enrollment\"" "$TmpDir/$test_out"
+        rlAssertGrep "profileId=\"caUserCert\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestId=\"$request_id\"" "$TmpDir/$test_out"
+        rlAssertGrep "errorCode=\"0\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_subca_ag-requests-008: CA Agent Page: Validate Certificate request"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        local action=validate
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "$action certificate request"
+        rlAssertGrep "requestType=\"enrollment\"" "$TmpDir/$test_out"
+        rlAssertGrep "profileId=\"caUserCert\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestId=\"$request_id\"" "$TmpDir/$test_out"
+        rlAssertGrep "errorCode=\"0\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-009: CA Agent Page: Update Certificate request"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        local action=update
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=$action&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "$action certificate request"
+        rlAssertGrep "requestType=\"enrollment\"" "$TmpDir/$test_out"
+        rlAssertGrep "profileId=\"caUserCert\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestId=\"$request_id\"" "$TmpDir/$test_out"
+        rlAssertGrep "errorCode=\"0\"" "$TmpDir/$test_out"
+        rlAssertGrep "requestStatus=\"pending\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-0010: Search certs with serial Number range"
+	local maxCount=10
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse="on"
+        local serialFrom=0
+        local serialTo=300
+        local queryCertFilter="(&(certRecordId>=$serialFrom)(certRecordId<=$serialTo))"
+	local statusInUse=''
+	local cert_status='VALID'
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=''
+	local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+	local profileInUse=''
+	local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+	local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='10'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertEquals "Verify No of records displayed is equal to $maxCount" $no_of_records $maxResults
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ag-requests-0011: Search certs with status VALID"
+        local maxCount=10
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(certStatus=VALID))"
+        local statusInUse='on'
+        local cert_status='VALID'
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=''
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertGreater "Verify No of records displayed is more than $maxCount" $maxResults $no_of_records
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_subca_ag-requests-0012: Search certs with status REVOKED"
+        local maxCount=10
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(certStatus=REVOKED))"
+        local statusInUse='on'
+        local cert_status='REVOKED'
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=''
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertGreater "Verify No of records displayed is more than $maxCount" $maxResults $no_of_records
+	rlAssertNotGrep "record.revokedOn=null" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+
+	rlPhaseStartSetup "pki_subca_ag-requests-0013: Generate a profile which generates cert with 1 day validity period"
+        local profile="caUserCert$RANDOM"
+        local pki_user="pki_foo_bar$RANDOM"
+        local pki_user_fullName="$pki_user User"
+        local profilename="$profile Enrollment Profile"
+        rlRun "python -m PkiLib.pkiprofilecli \
+            --new user --profileId "$profile" \
+            --profilename=\"$profilename\" \
+            --notBefore 1 \
+            --notAfter 1 \
+            --validfor 1 \
+            --maxvalidity 1  \
+            --outputfile $TmpDir/$profile\.xml"
+        rlLog "Add $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_admin_cert \
+                ca-profile-add $TmpDir/$profile\.xml > $ca_profile_out"
+        rlAssertGrep "Added profile $profile" "$ca_profile_out"
+        rlLog "Enable $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out"
+        rlAssertGrep "Enabled profile \"$profile\"" "$ca_profile_out"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 \
+                algo:rsa \
+                key_size:2048 \
+                subject_cn:\"$pki_user_fullName\" \
+                subject_uid:$pki_user \
+                subject_email:$pki_user@example.org \
+                subject_ou: \
+                subject_o: \
+                subject_c: \
+                archive:false \
+                req_profile:$profile \
+                target_host:$tmp_ca_host \
+                protocol: \
+                port:$tmp_ca_port \
+                cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD \
+                certdb_nick:$valid_agent_cert \
+                cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+	local NotAfterDate="$(date +"%a %b %d %I:%M:%S" --date "1 day")"
+        rlRun "pki -h $tmp_ca_host -p $tmp_ca_port cert-show $cert_serialNumber > $cert_out"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Cert,O=redhat" "$cert_out"
+        rlAssertGrep "Subject: $cert_subject" "$cert_out"
+        rlAssertGrep "Status: VALID" "$cert_out"
+	rlRun "pki -h $tmp_ca_host -p $tmp_ca_port cert-show $cert_serialNumber --encoded --output $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-cert-show.out"
+	rlAssertGrep "Certificate \"$cert_serialNumber\"" "$TEMP_NSS_DB/pki-cert-show.out"
+	rlRun "pki -h $tmp_ca_host -p $tmp_ca_port cert-show 0x1 --encoded --output  $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/ca-cert-show.out"
+	rlAssertGrep "Certificate \"0x1\"" "$TEMP_NSS_DB/ca-cert-show.out"
+	rlLog "Add the $cn cert to $TEMP_NSS_DB NSS DB"
+	rlRun "pki -d $TEMP_NSS_DB \
+		-h $tmp_ca_host \
+		-p $tmp_ca_port \
+		-c $TEMP_NSS_DB_PWD \
+		-n \"$pki_user\" client-cert-import \
+		--cert $TEMP_NSS_DB/$pki_user-out.pem 1> $TEMP_NSS_DB/pki-client-cert.out"
+	rlAssertGrep "Imported certificate \"$pki_user\"" "$TEMP_NSS_DB/pki-client-cert.out"
+	rlLog "Get CA cert imported to $TEMP_NSS_DB NSS DB"
+	rlRun "pki -d $TEMP_NSS_DB \
+		-h $tmp_ca_host \
+		-p $tmp_ca_port \
+		-c $TEMP_NSS_DB_PWD \
+		-n \"casigningcert\" client-cert-import \
+		--ca-cert $TEMP_NSS_DB/ca_cert.pem 1> $TEMP_NSS_DB/pki-ca-cert.out"
+	rlAssertGrep "Imported certificate \"casigningcert\"" "$TEMP_NSS_DB/pki-ca-cert.out"		
+	local cur_date=$(date)
+	local end_date=$(certutil -L -d $TEMP_NSS_DB -n $pki_user | grep "Not After" | awk -F ": " '{print $2}')
+	rlLog "Current Date/Time: $(date)"
+	rlLog "Current Date/Time: before modifying using chrony $(date)"
+	rlRun "chronyc -a 'manual on' 1> $TmpDir/chrony.out" 0 "Set chrony to manual mode"
+	rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+	rlLog "Move system to $end_date + 1 day ahead"
+	rlRun "chronyc -a -m 'offline' 'settime $end_date + 1 day' 'makestep' 'manual reset' 1> $TmpDir/chrony.out"
+	rlRun "date"
+	rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+	rlLog "Date after modifying using chrony: $(date)"
+	rlLog "Restart $tomcat_name service to update cert status"
+	rlRun "rhcs_stop_instance $tomcat_name"
+	rlRun "rhcs_start_instance $tomcat_name"
+	rlRun "sleep 30"
+	rlRun "pki -h $tmp_ca_host -p $tmp_ca_port cert-show $cert_serialNumber --encoded > $cert_out"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Cert,O=redhat" "$cert_out"
+        rlAssertGrep "Subject: $cert_subject" "$cert_out"
+        rlAssertGrep "Status: EXPIRED" "$cert_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-0014: Search certs with status EXPIRED"
+        local maxCount=10
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(certStatus=EXPIRED))"
+        local statusInUse='on'
+        local cert_status='EXPIRED'
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=''
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+	for i in $(cat $TmpDir/$test_out | grep record.validNotBefore | cut -d"=" -f2 | tr -d "\"" | tr -d ";"); do if [ $i -ge $(date +%s) ]; then result="fail"; fi; done
+	if [ $result == "fail" ]; then
+		rlFail "Records contain entries with valid certs"
+	else
+		rlPass "Records Contain entries with expired certs"
+	fi
+	rlAssertGrep "record.subject=\"$cert_subject\"" "$TmpDir/$test_out"
+	rlLog "Set the date back to it's original date & time"
+	rlRun "chronyc -a -m 'settime $cur_date + 10 seconds' 'makestep' 'manual reset' 'online' 1> $TmpDir/chrony.out"
+	rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+	rlLog "Current Date/Time after setting system date back using chrony $(date)"	
+        rlRun "date"
+        rlAssertGrep "200 OK" "$TmpDir/chrony.out"
+	rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_subca_ag-requests-0015: Search certs with subject Name"
+        local maxCount=1
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(&(|(x509Cert.subject=*CN=$pki_user_fullName,*)(x509Cert.subject=*CN=$pki_user_fullName))))"
+        local statusInUse=''
+        local cert_status='VALID'
+        local subjectInUse='on'
+        local eMail=''
+        local commonName='$pki_user_fullName'
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=''
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertEquals "Verify No of records displayed is more than $maxCount" $maxCount $no_of_records
+	rlAssertGrep "record.subject=\"$cert_subject\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ag-requests-0016: Search certs with status REVOKED by Agent"
+        local maxCount=10
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(certRevokedBy=$valid_agent_cert))"
+        local statusInUse=''
+        local cert_status=''
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy="$valid_agent_cert"
+        local revokedByInUse='on'
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertGreater "Verify No of records displayed is more than $maxCount" $no_of_records $maxCount
+	rlAssertNotGrep "record.revokedOn=null" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ag-requests-0017: Search certs with status REVOKED with reason unspecified"
+        local maxCount=10
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(x509cert.certRevoInfo=0))"
+        local statusInUse=''
+        local cert_status=''
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse='on'
+        local revocationReason='0'
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertGreater "Verify No of records displayed is more than $maxCount" $no_of_records $maxCount
+	rlAssertNotGrep "record.revokedOn=null" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ag-requests-0018: Search certs issued by valid agent"
+        local maxCount=10
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(certIssuedBy=$valid_agent_cert))"
+        local statusInUse=''
+        local cert_status=''
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse='on'
+        local issuedBy="$valid_agent_cert"
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertGreater "Verify No of records displayed is more than $maxCount" $no_of_records $maxCount
+	rlAssertGrep "record.revokedOn=null" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ag-requests-0019: Search certs with validity period of 1 day"
+        local maxCount=1
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(x509cert.duration<=86400000))"
+        local statusInUse=''
+        local cert_status=''
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse='on'
+        local validityOp='<='
+        local count='1'
+        local unit="86400000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxCount"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxCount"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertGreater "Verify No of records displayed is more than $maxCount" $no_of_records $maxCount
+	rlAssertGrep "record.revokedOn=null" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-0020: Search certs with Basic Contraints"
+        local maxCount=1
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(x509cert.BasicConstraints.isCA=on))"
+        local statusInUse=''
+        local cert_status=''
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse='on'
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertEquals "Verify No of records displayed is more than $maxCount" $maxCount $no_of_records
+	rlAssertGrep "record.revokedOn=null" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartSetup "Generate a profile with Netscape Extensions"
+        local profile="caUserCert$RANDOM"
+        local pki_user="pki_foo_bar$RANDOM"
+        local pki_user_fullName="$pki_user User"
+        local profilename="$profile Enrollment Profile"
+        rlLog "Create Profile $profile"
+        rlRun "python -m PkiLib.pkiprofilecli \
+                --new user \
+                --profileId $profile \
+                --profilename \"$profilename\" \
+                --netscapeextensions \"nsCertCritical,nsCertSSLClient,nsCertEmail\" \
+                --outputfile $TmpDir/$profile\.xml"
+        rlLog "Add Profile $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_admin_cert \
+                ca-profile-add $TmpDir/$profile\.xml > $ca_profile_out"
+        rlAssertGrep "Added profile $profile" "$ca_profile_out"
+        rlLog "Enable $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out"
+        rlLog "Verify by creating a user cert using the profile"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 \
+                algo:rsa \
+                key_size:2048 \
+                subject_cn:\"$pki_user_fullName\" \
+                subject_uid:$pki_user \
+                subject_email:$pki_user@example.org \
+                subject_ou: \
+                subject_o: \
+                subject_c: \
+                archive:false \
+                req_profile:$profile \
+                target_host:$tmp_ca_host \
+                protocol: \
+                port:$tmp_ca_port \
+                cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD \
+                certdb_nick:$valid_agent_cert \
+                cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+        rlRun "pki -h $tmp_ca_host -p $tmp_ca_port cert-show $cert_serialNumber --pretty > $cert_out"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Cert,O=redhat" "$cert_out"
+        rlAssertGrep "Subject: $cert_subject" "$cert_out"
+        rlAssertGrep "Status: VALID" "$cert_out"
+        rlAssertGrep "Identifier: Netscape Certificate Type - 2.16.840.1.113730.1.1" "$cert_out"
+        rlAssertGrep "SSL Client" "$cert_out"
+        rlAssertGrep "Secure Email" "$cert_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ag-requests-0021: Search certs of type SSLCLient"
+        local maxCount=0
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(x509cert.nsExtension.SSLClient=on))"
+        local statusInUse=''
+        local cert_status=''
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedByInUse=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local profileInUse=''
+        local profile=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local basicConstraintsInUse=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse='on'
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient='on'
+        local SSLServer=''
+        local maxResults='10'
+        local timeLimit='5'
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  -E $valid_agent_cert:$CERTDB_DIR_PASSWORD -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&statusInUse=$statusInUse&status=$cert_status&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedByInUse=$revokedByInUse&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&profileInUse=$profileInUse&profile=$profile&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&basicConstraintsInUse=$basicConstraintsInUse&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/agent/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertGreater "Verify No of records displayed is more than $maxCount" $no_of_records $maxCount
+	rlAssertGrep "record.revokedOn=null" "$TmpDir/$test_out"
+	rlAssertGrep "record.subject=\"$cert_subject\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+        rlPhaseStartCleanup "Delete temporary dir and enable nonce"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+	enable_ca_nonce $tomcat_name
+        rlPhaseEnd
+}
+verify_cert()
+{
+        local serial_number=$1
+        local request_dn=$2
+        STRIP_HEX=$(echo $serial_number | cut -dx -f2)
+        CONV_LOW_VAL=${STRIP_HEX,,}
+        rlRun "pki -h $tmp_ca_host -p $target_unsecure_port cert-show $serial_number > $cert_show_out" 0 "Executing pki cert-show $serial_number"
+        rlAssertGrep "Serial Number: 0x$CONV_LOW_VAL" "$cert_show_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Certificate,O=redhat" "$cert_show_out"
+        rlAssertGrep "Subject: $request_dn" "$cert_show_out"
+        rlAssertGrep "Status: VALID" "$cert_show_out"
+}
+
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-enrollments.sh b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-enrollments.sh
new file mode 100755
index 000000000..5b082011f
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-enrollments.sh
@@ -0,0 +1,4819 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy/ca-tests/cert-enrollment/subca-ee-enrollments
+#   Description:  Legacy cert end-entity enrollment tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#   The following Legacy tests needs to be tested:
+#   Subordiate CA End Entity Enrollment Tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mniranja@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/pki-auth-plugin-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_ee-subca-enrollment_tests()
+{
+	# Creating Temporary Directory
+        rlPhaseStartSetup "Create Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "export PYTHONPATH=$PYTHONPATH:/opt/rhqa_pki/"
+        rlPhaseEnd
+
+	# Disable Nonce
+	rlPhaseStartSetup "Disable Nonce"
+        local cs_Type=$1
+        local cs_Role=$2
+	get_topo_stack $cs_Role $TmpDir/topo_file
+	if [ $cs_Role="MASTER" ]; then
+		 SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
+	elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then
+		SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+	fi
+	local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME)
+        disable_ca_nonce $tomcat_name
+	rlPhaseEnd
+        
+	# Local Variables
+        local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT)
+        local tmp_ca_agent=$SUBCA_INST\_agentV
+        local tmp_ca_admin=$SUBCA_INST\_adminV
+        local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local valid_agent_cert=$SUBCA_INST\_agentV
+        local valid_audit_cert=$SUBCA_INST\_auditV
+        local valid_operator_cert=$SUBCA_INST\_operatorV
+        local valid_admin_cert=$SUBCA_INST\_adminV
+	local cert_find_info="$TmpDir/cert_find_info"
+        local revoked_agent_cert=$SUBCA_INST\_agentR
+        local revoked_admin_cert=$SUBCA_INST\_adminR
+        local expired_admin_cert=$SUBCA_INST\_adminE
+        local expired_agent_cert=$SUBCA_INST\_agentE
+	local admin_out="$TmpDir/admin_out"
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local cert_info="$TmpDir/cert_info"
+        local ca_profile_out="$TmpDir/ca-profile-out"
+        local cert_out="$TmpDir/cert-show.out"
+	local cert_show_out="$TmpDir/cert_show.out"
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')        
+	local SSL_DIR=$CERTDB_DIR
+
+
+
+        rlPhaseStartTest "pki_subca_ee-001: SUBCA Profile Enrollment - AgentFileSigning using CRMF Request of key size 4096"
+        rlLog "Create a new certificate request of type"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local filename=SecureFile-$RANDOM
+        local filelocation=$TmpDir/$filename
+	local profile="caAgentFileSigning"
+	local test_out=ca-$profile-1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Write some random text in $filename"
+        rlRun "echo "Secret123" > $filelocation" 0 "Create a file with text Secret123"
+        rlRun "chmod 777 $TmpDir" 0 "Set Directory permissions to 777"
+        rlRun "chmod 777 $TmpDir/$filename" 0 "Set file permsions to 777"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$filename \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create CRMF request for file signing"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+		--dump-header $admin_out \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&file_signing_url=file://$filelocation&file_signing_text=&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+	local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+	rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+	rlAssertNotGrep "Request Rejected" "$TmpDir/$test_out"
+	rlLog "BUGZILLA: https://bugzilla.redhat.com/show_bug.cgi?id=1175269"
+        rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_subca_ee-002: SUBCA Profile Enrollment - AgentFileSigning using CRMF Request of key size 3072"
+	rlLog "Create a new certificate request of type"
+	local request_type=crmf
+	local request_key_type=rsa
+	local request_key_size=3072
+	local filename=SecureFile-$RANDOM
+	local filelocation=$TmpDir/$filename
+        local profile="caAgentFileSigning"
+        local test_out=ca-$profile-2.txt
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlLog "Write some random text in $filename"
+	rlRun "echo "Secret123" > $filelocation" 0 "Create a file with text Secret123"
+	rlRun "chmod 777 $TmpDir" 0 "Set Directory permissions to 777"
+	rlRun "chmod 777 $TmpDir/$filename" 0 "Set file permsions to 777"
+	rlRun "create_new_cert_request \
+		tmp_nss_db:$TEMP_NSS_DB \
+		tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+		request_type:$request_type \
+		request_algo:$request_key_type \
+		request_size:$request_key_size \
+		subject_cn:$filename \
+		subject_uid: \
+		subject_email: \
+		subject_ou:IDM \
+		subject_organization:Redhat \
+		subject_country:US \
+		subject_archive:false \
+		cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+		cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create CRMF request for file signing"
+	rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+		--dump-header $admin_out \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&file_signing_url=file://$filelocation&file_signing_text=&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+	rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+	rlLog "Serial Number: $serial_number"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        rlAssertNotGrep "Request Rejected" "$TmpDir/$test_out"
+	rlLog "BUGZILLA: https://bugzilla.redhat.com/show_bug.cgi?id=1175269"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-003: SUBCA Profile Enrollment - AgentFileSigning using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local filename=SecureFile-$RANDOM
+        local filelocation=$TmpDir/$filename
+        local profile="caAgentFileSigning"
+        local test_out=ca-$profile-3.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Write some random text in $filename"
+        rlRun "echo "Secret123" > $filelocation" 0 "Create a file with text Secret123"
+        rlRun "chmod 777 $TmpDir" 0 "Set Directory permissions to 777"
+        rlRun "chmod 777 $TmpDir/$filename" 0 "Set file permsions to 777"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$filename \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create CRMF request for file signing"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+		 --dump-header $admin_out \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&file_signing_url=file://$filelocation&file_signing_text=&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+	rlLog "Serial Number=$serial_number"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        rlAssertNotGrep "Request Rejected" "$TmpDir/$test_out"
+	rlLog "BUGZILLA: https://bugzilla.redhat.com/show_bug.cgi?id=1175269"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-004: SUBCA Profile Enrollment - AgentFileSigning using CRMF Request of key size 1024"
+        rlLog "Create a new certificate request of type"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local filename=SecureFile-$RANDOM
+        local filelocation=$TmpDir/$filename
+        local profile="caAgentFileSigning"
+        local test_out=ca-$profile-4.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Write some random text in $filename"
+        rlRun "echo "Secret123" > $filelocation" 0 "Create a file with text Secret123"
+        rlRun "chmod 777 $TmpDir" 0 "Set Directory permissions to 777"
+        rlRun "chmod 777 $TmpDir/$filename" 0 "Set file permsions to 777"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$filename \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create CRMF request for file signing"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+		--dump-header $admin_out \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&file_signing_url=file://$filelocation&file_signing_text=&requestor_name=&requestor_email=&requestor_phone=&profileId=caAgentFileSigning&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+	rlLog "Serial Number=$serial_number"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        rlAssertNotGrep "Request Rejected" "$TmpDir/$test_out"
+	rlLog "BUGZILLA: https://bugzilla.redhat.com/show_bug.cgi?id=1175269"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-005: SUBCA Profile Enrollment - caSignedLogCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caSignedLogCert
+        local subject="PKI-$RANDOM Audit Signing Certificate"
+        local test_out=ca-$profile-test1-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlAssertNotGrep "Request Rejected" "$TmpDir/$test_out"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-006: SUBCA Profile Enrollment - caSignedLogCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+	local profile=caSignedLogCert
+	local subject="PKI-$RANDOM Audit Signing Certificate"
+	local test_out=ca-$profile-test1-out.txt
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+	local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+	rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+	local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+	rlLog "Approve $request_id using $valid_agent_cert"
+	local Second=`date +'%S' -d now`
+	local Minute=`date +'%M' -d now`
+	local Hour=`date +'%H' -d now`
+	local Day=`date +'%d' -d now`
+	local Month=`date +'%m' -d now`
+	local Year=`date +'%Y' -d now`
+	local start_year=$Year
+	let end_year=$Year+1
+	local end_day="1"
+	local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+	local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+	rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+	rlLog "serial_number=$serial_number"
+        rlAssertNotGrep "Request Rejected" "$TmpDir/$test_out"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-007: SUBCA Profile Enrollment - caSignedLogCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caSignedLogCert
+        local subject="PKI-$RANDOM Audit Signing Certificate"
+        local test_out=ca-$profile-test2-out.txt
+	rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+	rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-008: SUBCA Profile Enrollment - caSignedLogCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caSignedLogCert
+        local subject="PKI-$RANDOM Audit Signing Certificate"
+        local test_out=ca-$profile-test3-out.txt
+	rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+	rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-009: SUBCA Profile Enrollment - caSignedLogCert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caSignedLogCert
+        local subject="PKI-$RANDOM Audit Signing Certificate"
+        local test_out=ca-$profile-test4-out.txt
+	rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd 
+
+        rlPhaseStartTest "pki_subca_ee-0010: SUBCA Profile Enrollment - caSignedLogCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caSignedLogCert
+        local subject="PKI-$RANDOM Audit Signing Certificate"
+        local test_out=ca-$profile-test5-out.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd 
+
+        rlPhaseStartTest "pki_subca_ee-0011: SUBCA Profile Enrollment - caSignedLogCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caSignedLogCert
+        local subject="PKI-$RANDOM Audit Signing Certificate"
+        local test_out=ca-$profile-test6-out.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd 
+
+        rlPhaseStartTest "pki_subca_ee-0012: SUBCA Profile Enrollment - caSignedLogCert using PKCS10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caSignedLogCert
+        local subject="PKI-$RANDOM Audit Signing Certificate"
+        local test_out=ca-$profile-test6-out.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0013: SUBCA Profile Enrollment - caAgentServerCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caAgentServerCert
+        local subject="Server-$RANDOM-1.example.com"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem  --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0014: SUBCA Profile Enrollment - caAgentServerCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caAgentServerCert
+        local subject="Server-$RANDOM-1.example.com"
+        local test_out=ca-$profile-test1.txt
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem  --dump-header $admin_out  \
+		-E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  \
+		-E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0015: SUBCA Profile Enrollment - caAgentServerCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caAgentServerCert
+        local subject="Server-$RANDOM-1.example.com"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem  --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_subca_ee-0016: SUBCA Profile Enrollment - caAgentServerCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caAgentServerCert
+        local subject="Server-$RANDOM-1.example.com"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem  --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0017: SUBCA Profile Enrollment - caAgentServerCert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caAgentServerCert
+        local subject="Server-$RANDOM-1.example.com"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem  --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0018: SUBCA Profile Enrollment - caAgentServerCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caAgentServerCert
+        local subject="Server-$RANDOM-1.example.com"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem  --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0019: SUBCA Profile Enrollment - caAgentServerCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caAgentServerCert
+        local subject="Server-$RANDOM-1.example.com"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem  --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0020: SUBCA Profile Enrollment - caAgentServerCert using PKCS10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caAgentServerCert
+        local subject="Server-$RANDOM-1.example.com"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem  --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0021: SUBCA Profile Enrollment - caCACert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caCACert
+        local subject="PKI-$RANDOM CA Signing Certificate"
+        local test_out=ca-$profile-test1-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&bypassCAnotafter=false&basicConstraintsCritical=true&basicConstraintsIsCA=true&basicConstraintsPathLen=-1&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=true&keyUsageCrlSign=true&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0022: SUBCA Profile Enrollment - caCACert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caCACert
+        local subject="PKI-$RANDOM CA Signing Certificate"
+        local test_out=ca-$profile-test1-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&bypassCAnotafter=false&basicConstraintsCritical=true&basicConstraintsIsCA=true&basicConstraintsPathLen=-1&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=true&keyUsageCrlSign=true&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0023: SUBCA Profile Enrollment - caCACert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caCACert
+        local subject="PKI-$RANDOM CA Signing Certificate"
+        local test_out=ca-$profile-test2-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&bypassCAnotafter=false&basicConstraintsCritical=true&basicConstraintsIsCA=true&basicConstraintsPathLen=-1&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=true&keyUsageCrlSign=true&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0024: SUBCA Profile Enrollment - caCACert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caCACert
+        local subject="PKI-$RANDOM CA Signing Certificate"
+        local test_out=ca-$profile-test3-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&bypassCAnotafter=false&basicConstraintsCritical=true&basicConstraintsIsCA=true&basicConstraintsPathLen=-1&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=true&keyUsageCrlSign=true&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0025: SUBCA Profile Enrollment - caCACert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caCACert
+        local subject="PKI-$RANDOM CA Signing Certificate"
+        local test_out=ca-$profile-test4-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&bypassCAnotafter=false&basicConstraintsCritical=true&basicConstraintsIsCA=true&basicConstraintsPathLen=-1&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=true&keyUsageCrlSign=true&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0026: SUBCA Profile Enrollment - caCACert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caCACert
+        local subject="PKI-$RANDOM CA Signing Certificate"
+        local test_out=ca-$profile-test4-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&bypassCAnotafter=false&basicConstraintsCritical=true&basicConstraintsIsCA=true&basicConstraintsPathLen=-1&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=true&keyUsageCrlSign=true&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0027: SUBCA Profile Enrollment - caCACert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caCACert
+        local subject="PKI-$RANDOM CA Signing Certificate"
+        local test_out=ca-$profile-test5-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&bypassCAnotafter=false&basicConstraintsCritical=true&basicConstraintsIsCA=true&basicConstraintsPathLen=-1&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=true&keyUsageCrlSign=true&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0028: SUBCA Profile Enrollment - caCACert using pkcs10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caCACert
+        local subject="PKI-$RANDOM CA Signing Certificate"
+        local test_out=ca-$profile-test6-out.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&bypassCAnotafter=false&basicConstraintsCritical=true&basicConstraintsIsCA=true&basicConstraintsPathLen=-1&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=false&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=true&keyUsageCrlSign=true&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+
+	rlPhaseStartSetup "Enable UidPwdDirAuth Plugin"
+	local LDAP_PORT=20389
+	local INSTANCE_NAME=ldap-$RANDOM
+	local LDAP_ROOTDN="cn=Directory Manager"
+	local LDAP_ROOTDNPWD="Secret123"
+	local LDAP_BASEDN="DC=example,DC=org"
+	local count=100
+	rlRun "rhcs_install_set_ldap_vars"
+	rlRun "rhds_install $LDAP_PORT $INSTANCE_NAME \"$LDAP_ROOTDN\" $LDAP_ROOTDNPWD $LDAP_BASEDN" 0
+        if [ $? != 0 ]; then
+                rlFail "Unable to setup ldap instance"
+                return 1
+        fi
+	rlRun "UidPwdDirAuth $cs_Role $SUBCA_INST subcaadmin Secret123 add $tmp_ca_host \"$LDAP_BASEDN\" $LDAP_PORT" 
+	rlLog "Add 100 users to ou=People,$LDAP_BASEDN"
+	rlRun "create_dir_user $LDAP_BASEDN 100 > $TmpDir/ldapusers.ldif"
+	rlRun "ldapadd -x -D \"$LDAP_ROOTDN\" -w $LDAP_ROOTDNPWD -h $tmp_ca_host -p $LDAP_PORT -f $TmpDir/ldapusers.ldif > $TmpDir/ldapadd.out" 0 "Add test users for Directory-Authenticated Enrollment"
+	rlAssertGrep "adding new entry \"cn=idmusers,ou=Groups,$LDAP_BASEDN\"" "$TmpDir/ldapadd.out"
+	rlPhaseEnd
+
+
+
+        rlPhaseStartTest "pki_subca_ee-0029: SUBCA Profile Enrollment - caDirUserCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caDirUserCert
+        local userid="idmuser1"
+        local password="redhat"
+        local test_out=ca-$profile-test1.txt
+	local LDAP_BASEDN="DC=example,DC=org"
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$userid \
+                subject_uid:$userid \
+                subject_email: \
+                subject_ou:People \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0030: SUBCA Profile Enrollment - caDirUserCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caDirUserCert
+        local userid="idmuser1"
+	local password="redhat"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+	rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+	local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+	rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0031: SUBCA Profile Enrollment - caDirUserCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caDirUserCert
+        local userid="idmuser2"
+        local password="redhat"
+        local test_out=ca-$profile-test2.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0032: SUBCA Profile Enrollment - caDirUserCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caDirUserCert
+        local userid="idmuser3"
+        local password="redhat"
+        local test_out=ca-$profile-test3.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0033: SUBCA Profile Enrollment - caDirUserCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caDirUserCert
+        local userid="idmuser4"
+        local password="redhat"
+        local test_out=ca-$profile-test4.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+	
+        rlPhaseStartTest "pki_subca_ee-0034: SUBCA Profile Enrollment - caDirUserCert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caDirUserCert
+        local userid="idmuser5"
+        local password="redhat"
+        local test_out=ca-$profile-test5.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0035: SUBCA Profile Enrollment - caDirUserCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caDirUserCert
+        local userid="idmuser5"
+        local password="redhat"
+        local test_out=ca-$profile-test6.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0036: SUBCA Profile Enrollment - caDirUserCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caDirUserCert
+        local userid="idmuser6"
+        local password="redhat"
+        local test_out=ca-$profile-test7.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0037: SUBCA Profile Enrollment - caDirUserCert using pkcs10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caDirUserCert
+        local userid="idmuser7"
+        local password="redhat"
+        local test_out=ca-$profile-test8.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        #local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+	local cert_requestdn="UID=$userid,OU=People,$LDAP_BASEDN"
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"uid=$userid&pwd=$password&cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&profileId=$profile&renewal=false&xmlOutput=false\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_subca_ee-0038: SUBCA Profile Enrollment - caOCSPCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caOCSPCert
+        local subject="PKI-$RANDOM OCSP Signing Certificate"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.9&ocspNoCheckCritical=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0039: SUBCA Profile Enrollment - caOCSPCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caOCSPCert
+        local subject="PKI-$RANDOM OCSP Signing Certificate"
+        local test_out=ca-$profile-test2.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.9&ocspNoCheckCritical=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0040: SUBCA Profile Enrollment - caOCSPCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caOCSPCert
+        local subject="PKI-$RANDOM OCSP Signing Certificate"
+        local test_out=ca-$profile-test3.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.9&ocspNoCheckCritical=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0041: SUBCA Profile Enrollment - caOCSPCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caOCSPCert
+        local subject="PKI-$RANDOM OCSP Signing Certificate"
+        local test_out=ca-$profile-test4.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.9&ocspNoCheckCritical=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0042: SUBCA Profile Enrollment - caOCSPCert using pkcs10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caOCSPCert
+        local subject="PKI-$RANDOM OCSP Signing Certificate"
+        local test_out=ca-$profile-test5.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.9&ocspNoCheckCritical=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0043: SUBCA Profile Enrollment - caOCSPCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caOCSPCert
+        local subject="PKI-$RANDOM OCSP Signing Certificate"
+        local test_out=ca-$profile-test6.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.9&ocspNoCheckCritical=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0044: SUBCA Profile Enrollment - caOCSPCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caOCSPCert
+        local subject="PKI-$RANDOM OCSP Signing Certificate"
+        local test_out=ca-$profile-test7.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.9&ocspNoCheckCritical=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0045: SUBCA Profile Enrollment - caOCSPCert using PKCS10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caOCSPCert
+        local subject="PKI-$RANDOM OCSP Signing Certificate"
+        local test_out=ca-$profile-test8.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.9&ocspNoCheckCritical=false&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0046: SUBCA Profile Enrollment - caOtherCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caOtherCert
+        local subject="PKI-$RANDOM Certificate"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0047: SUBCA Profile Enrollment - caOtherCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caOtherCert
+        local subject="PKI-$RANDOM Certificate"
+        local test_out=ca-$profile-test2.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0048: SUBCA Profile Enrollment - caOtherCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caOtherCert
+        local subject="PKI-$RANDOM Certificate"
+        local test_out=ca-$profile-test3.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0049: SUBCA Profile Enrollment - caOtherCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caOtherCert
+        local subject="PKI-$RANDOM Certificate"
+        local test_out=ca-$profile-test4.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0050: SUBCA Profile Enrollment - caOtherCert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caOtherCert
+        local subject="PKI-$RANDOM Certificate"
+        local test_out=ca-$profile-test5.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_subca_ee-0051: SUBCA Profile Enrollment - caOtherCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caOtherCert
+        local subject="PKI-$RANDOM Certificate"
+        local test_out=ca-$profile-test6.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0052: SUBCA Profile Enrollment - caOtherCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caOtherCert
+        local subject="PKI-$RANDOM Certificate"
+        local test_out=ca-$profile-test7.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0053: SUBCA Profile Enrollment - caOtherCert using PKCS10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caOtherCert
+        local subject="PKI-$RANDOM Certificate"
+        local test_out=ca-$profile-test8.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.1,1.3.6.1.5.5.7.3.2&signingAlg=SHA1withRSA&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0054: SUBCA Profile Enrollment - caTPSCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caTPSCert
+        local subject="PKI-$RANDOM TPS Signing Certificate"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0055: SUBCA Profile Enrollment - caTPSCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caTPSCert
+        local subject="PKI-$RANDOM TPS Signing Certificate"
+        local test_out=ca-$profile-test2.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0056: SUBCA Profile Enrollment - caTPSCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caTPSCert
+        local subject="PKI-$RANDOM TPS Signing Certificate"
+        local test_out=ca-$profile-test3.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0057: SUBCA Profile Enrollment - caTPSCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caTPSCert
+        local subject="PKI-$RANDOM TPS Signing Certificate"
+        local test_out=ca-$profile-test4.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0058: SUBCA Profile Enrollment - caTPSCert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caTPSCert
+        local subject="PKI-$RANDOM TPS Signing Certificate"
+        local test_out=ca-$profile-test5.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0059: SUBCA Profile Enrollment - caTPSCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caTPSCert
+        local subject="PKI-$RANDOM TPS Signing Certificate"
+        local test_out=ca-$profile-test6.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0060: SUBCA Profile Enrollment - caTPSCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caTPSCert
+        local subject="PKI-$RANDOM TPS Signing Certificate"
+        local test_out=ca-$profile-test7.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0061: SUBCA Profile Enrollment - caTPSCert using PKCS10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caTPSCert
+        local subject="PKI-$RANDOM TPS Signing Certificate"
+        local test_out=ca-$profile-test8.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0062: SUBCA Profile Enrollment - caTransportCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caTransportCert 
+        local subject="PKI-$RANDOM Transport Certificate"
+        local test_out=ca-$profile-test1.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0063: SUBCA Profile Enrollment - caTransportCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caTransportCert
+        local subject="PKI-$RANDOM Transport Certificate"
+        local test_out=ca-$profile-test2.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0064: SUBCA Profile Enrollment - caTransportCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caTransportCert
+        local subject="PKI-$RANDOM Transport Certificate"
+        local test_out=ca-$profile-test3.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0065: SUBCA Profile Enrollment - caTransportCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caTransportCert
+        local subject="PKI-$RANDOM Transport Certificate"
+        local test_out=ca-$profile-test4.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0066: SUBCA Profile Enrollment - caTransportCert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caTransportCert
+        local subject="PKI-$RANDOM Transport Certificate"
+        local test_out=ca-$profile-test5.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0067: SUBCA Profile Enrollment - caTransportCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caTransportCert
+        local subject="PKI-$RANDOM Transport Certificate"
+        local test_out=ca-$profile-test6.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0068: SUBCA Profile Enrollment - caTransportCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caTransportCert
+        local subject="PKI-$RANDOM Transport Certificate"
+        local test_out=ca-$profile-test7.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0069: SUBCA Profile Enrollment - caTransportCert using PKCS10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caTransportCert
+        local subject="PKI-$RANDOM Transport Certificate"
+        local test_out=ca-$profile-test8.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_subca_ee-0070: SUBCA Profile Enrollment - caServerCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caServerCert
+        local subject="PKI-$RANDOM-1.example.org"
+        local test_out=ca-$profile-test1.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0071: SUBCA Profile Enrollment - caServerCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caServerCert
+        local subject="PKI-$RANDOM-2.example.org"
+        local test_out=ca-$profile-test2.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0072: SUBCA Profile Enrollment - caServerCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caServerCert
+        local subject="PKI-$RANDOM-3.example.org"
+        local test_out=ca-$profile-test3.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0073: SUBCA Profile Enrollment - caServerCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caServerCert
+        local subject="PKI-$RANDOM-4.example.org"
+        local test_out=ca-$profile-test4.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0074: SUBCA Profile Enrollment - caServerCert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caServerCert
+        local subject="PKI-$RANDOM-5.example.org"
+        local test_out=ca-$profile-test5.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0075: SUBCA Profile Enrollment - caServerCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caServerCert
+        local subject="PKI-$RANDOM-6.example.org"
+        local test_out=ca-$profile-test6.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0076: SUBCA Profile Enrollment - caServerCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caServerCert
+        local subject="PKI-$RANDOM-7.example.org"
+        local test_out=ca-$profile-test7.txt
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0077: SUBCA Profile Enrollment - caServerCert using PKCS10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caServerCert
+        local subject="PKI-$RANDOM-8.example.org"
+        local test_out=ca-$profile-test8.txt
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$subject\" \
+                subject_uid: \
+                subject_email: \
+                subject_ou:IDM \
+                subject_organization:Redhat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient"
+
+        rlRun "curl --basic --dump-header $admin_out  \
+                -d \"cert_request_type=$request_type&keyParam=$request_key_size&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)&requestor_name=&requestor_email=&requestor_phone=&profileId=$profile&renewal=false&xmlOutput\"  \
+                -k https://$tmp_ca_host:$target_secure_port/ca/eeca/ca/profileSubmitSSLClient > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem --dump-header $admin_out -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=true&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&signingAlg=SHA1withRSA&authInfoAccessCritical=false&authInfoAccessGeneralNames=&requestNotes=&op=approve&submit=submit\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Approve $request_id"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0078: SUBCA Profile Enrollment - caUserCert using CRMF Request of key size 4096"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caUserCert
+	local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser1"
+        local usercn="fooUser1"
+	local phone="1234"
+        local usermail="fooUser1@example.org"
+        local test_out=ca-$profile-test1.txt
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$usercn \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+	rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+	rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out"	0 "Submit Certificate request to $profile"
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+	local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+	rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+		     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+	            -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+	rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0079: SUBCA Profile Enrollment - caUserCert using CRMF Request of key size 3072"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser2"
+        local usercn="fooUser2"
+        local phone="1234"
+        local usermail="fooUser2@example.org"
+        local test_out=ca-$profile-test2.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:$usercn \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0080: SUBCA Profile Enrollment - caUserCert using CRMF Request of key size 2048"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser3"
+        local usercn="fooUser3"
+        local phone="1234"
+        local usermail="fooUser3@example.org"
+        local test_out=ca-$profile-test3.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0081: SUBCA Profile Enrollment - caUserCert using CRMF Request of key size 1024"
+        local request_type=crmf
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser4"
+        local usercn="fooUser4"
+        local phone="1234"
+        local usermail="fooUser4@example.org"
+        local test_out=ca-$profile-test4.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0082: SUBCA Profile Enrollment - caUserCert using PKCS10 Request of key size 4096"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=4096
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser5"
+        local usercn="fooUser5"
+        local phone="1234"
+        local usermail="fooUser5@example.org"
+        local test_out=ca-$profile-test5.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0083: SUBCA Profile Enrollment - caUserCert using PKCS10 Request of key size 3072"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=3072
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser6"
+        local usercn="fooUser6"
+        local phone="1234"
+        local usermail="fooUser6@example.org"
+        local test_out=ca-$profile-test6.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0084: SUBCA Profile Enrollment - caUserCert using PKCS10 Request of key size 2048"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=2048
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser7"
+        local usercn="fooUser7"
+        local phone="1234"
+        local usermail="fooUser7@example.org"
+        local test_out=ca-$profile-test7.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-0085: SUBCA Profile Enrollment - caUserCert using PKCS10 Request of key size 1024"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser8"
+        local usercn="fooUser8"
+        local phone="1234"
+        local usermail="fooUser8@example.org"
+        local test_out=ca-$profile-test8.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+		     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+	rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        rlPhaseEnd
+
+	rlPhaseStartCleanup "Delete temporary dir and enable nonce"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        enable_ca_nonce $tomcat_name
+        rlPhaseEnd
+
+}
+verify_cert()
+{
+        local serial_number=$1
+        local request_dn=$2
+        STRIP_HEX=$(echo $serial_number | cut -dx -f2)
+        CONV_LOW_VAL=${STRIP_HEX,,}
+        rlRun "pki -h $tmp_ca_host -p $target_unsecure_port cert-show $serial_number > $cert_show_out" 0 "Executing pki cert-show $serial_number"
+        rlAssertGrep "Serial Number: 0x$CONV_LOW_VAL" "$cert_show_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Certificate,O=redhat" "$cert_show_out"
+        rlAssertGrep "Subject: $request_dn" "$cert_show_out"
+        rlAssertGrep "Status: VALID" "$cert_show_out"
+}
+
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh
new file mode 100755
index 000000000..2c419664f
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh
@@ -0,0 +1,1032 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy/ca-tests/cert-enrollment/cert-ee-retrieval
+#   Description: Legacy cert retrieval tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mniranja@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/pki-auth-plugin-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_ee-subca-retrieval_tests()
+{
+	
+	 # Creating Temporary Directory
+        rlPhaseStartSetup "Create Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "export PYTHONPATH=$PYTHONPATH:/opt/rhqa_pki/"
+        rlPhaseEnd
+
+        # Disable Nonce
+        rlPhaseStartSetup "Disable Nonce"
+        local cs_Type=$1
+        local cs_Role=$2
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        if [ $cs_Role="MASTER" ]; then
+                 SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
+        elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then
+                SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        fi
+        local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME)
+        disable_ca_nonce $tomcat_name
+        rlPhaseEnd
+
+        # Local Variables
+        local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT)
+        local tmp_ca_agent=$SUBCA_INST\_agentV
+        local tmp_ca_admin=$SUBCA_INST\_adminV
+        local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local valid_agent_cert=$SUBCA_INST\_agentV
+        local valid_audit_cert=$SUBCA_INST\_auditV
+        local valid_operator_cert=$SUBCA_INST\_operatorV
+        local valid_admin_cert=$SUBCA_INST\_adminV
+	local cert_find_info="$TmpDir/cert_find_info"
+	local admin_out="$TmpDir/admin_out"
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local cert_info="$TmpDir/cert_info"
+        local ca_profile_out="$TmpDir/ca-profile-out"
+        local cert_out="$TmpDir/cert-show.out"
+	local cert_show_out="$TmpDir/cert_show.out"
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')        
+	local SSL_DIR=$CERTDB_DIR
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-001: CA Cert Retrieval -  Check Request Status servlet(pending request)"
+	rlLog "Create a pkcs10 cert request"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="foo1"
+        local usercn="foo1"
+        local phone="1234"
+        local usermail="foo1@example.org"
+        local test_out=ca-$profile-test1.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=$cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+	rlLog "request_id=$request_id"
+	rlLog "curl --basic --dump-header $admin_out -d \"format=id&requestId=$request_id&submit=Submit\" -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/checkRequest\"" 
+	rlRun "curl --basic --dump-header $admin_out -d \"format=id&requestId=$request_id&submit=Submit\" -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/checkRequest\" >> $TmpDir/$test_out" 0 "Check certificate request status of $request_id"
+	rlAssertGrep "header.status = \"pending\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-002: CA Cert Retrieval -  Check Request Status servlet(completed request)"
+	local request_id="1"
+	rlLog "curl --basic --dump-header $admin_out -d \"format=id&requestId=$request_id&submit=Submit\" -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/checkRequest\""
+	rlRun "curl --basic --dump-header $admin_out -d \"format=id&requestId=$request_id&submit=Submit\" -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/checkRequest\" > $TmpDir/$test_out" 0 "Check certificate request status of $request_id"
+	rlAssertGrep "header.status = \"complete\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_subca_ee-retrieval-003: CA Cert Retrieval -  Check Request Status servlet(Negative Value)"
+        local request_id="-1"
+        rlLog "curl --basic --dump-header $admin_out -d \"format=id&requestId=$request_id&submit=Submit\" -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/checkRequest\""
+        rlRun "curl --basic --dump-header $admin_out -d \"format=id&requestId=$request_id&submit=Submit\" -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/checkRequest\" > $TmpDir/$test_out" 0 "Check certificate request status of $request_id"
+        rlAssertGrep "Request ID -1 was not found in the request queue" "$TmpDir/$test_out"
+        rlPhaseEnd	
+
+        rlPhaseStartTest "pki_subca_ee-retrieval-004: CA Cert Retrieval -  Check Request Status servlet(Non numerical characters)"
+        local request_id="abcd"
+        rlLog "curl --basic --dump-header $admin_out -d \"format=id&requestId=$request_id&submit=Submit\" -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/checkRequest\""
+        rlRun "curl --basic --dump-header $admin_out -d \"format=id&requestId=$request_id&submit=Submit\" -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/checkRequest\" > $TmpDir/$test_out" 0 "Check certificate request status of $request_id"
+        rlAssertGrep "Invalid number format: abcd" "$TmpDir/$test_out"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-004: CA Cert Retrieval -  List Certificates(Default values list first 20 records)"
+	local op=listCerts
+	local queryCertFilter="(|(certStatus=VALID)(certStatus=REVOKED))"
+	local serialFrom=""
+	local serialTo=""
+	local skipNonValid="on"
+	local querySentinelDown="0"
+	local querySentinelUp=""
+	local direction="begin"
+	local maxCount="20"
+	rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/listCerts" 
+	rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/listCerts > $TmpDir/$test_out" 0 "List certificate with $queryCertFilter of maxCount $maxCount"
+	local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+	rlAssertEquals "Verify No of records displayed is equal to $maxCount" $no_of_records $maxCount
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-005: CA Cert Retrieval - List Certificates from range 0x5 to 0x20"
+        local op=listCerts
+        local queryCertFilter="(|(certStatus=VALID)(certStatus=REVOKED))"
+        local serialFrom="0x5"
+        local serialTo="0x1c"
+        local skipNonValid="on"
+        local querySentinelDown="0x5"
+        local querySentinelUp="0x5"
+        local direction="down"
+        local maxCount="20"
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/listCerts"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/listCerts > $TmpDir/$test_out" 0 "List certificate with $queryCertFilter of maxCount $maxCount"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertEquals "Verify No of records displayed is equal to $maxCount" $no_of_records $maxCount
+	rlAssertGrep "record.serialNumberDecimal=\"5\"" "$TmpDir/$test_out"
+	rlAssertNotGrep "record.serialNumber=\"1d\"" "$TmpDir/$test_out"
+	rlAssertNotGrep "record.serialNumber=\"4\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartSetup "Generate 10 Certs of which 5 will be revoked"
+	local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser"
+        local usercn="fooUser"
+        local phone="1234"
+        local usermail="fooUser@example.org"
+        local test_out=ca-$profile-test.txt
+	local i=1
+	local upperlimit=10
+	while [ $i -ne $upperlimit ];do
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn-$i\" \
+                subject_uid:$userid-$i \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-$i-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-$i-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-$i-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-$i-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-$i-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid-$i&sn_cn=$usercn-$i&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-$i-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid-$i&sn_cn=$usercn-$i&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-$i-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+	rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid-$i\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid-$i\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	if [ $i -le 5 ]; then
+		local STRIP_HEX=$(echo $serial_number | cut -dx -f2)
+		local serial=$STRIP_HEX
+		local CONV_UPP_VAL=${STRIP_HEX^^}
+		local decimal_serial_number=$(echo "ibase=16;$CONV_UPP_VAL"|bc)
+		local Day=`date +'%d' -d now`
+		local Month=`date +'%m' -d now`
+		local revocationReason="0"
+		rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"$serial=on&day=0&month=$Month&year=0&revocationReason=$revocationReason&csrRequestorComments=&submit=Submit&op=doRevoke&templateType=RevocationSuccess&serialNumber=$serial&revokeAll=(|(certRecordId=$decimal_serial_number))&totalRecordCount=1&verifiedRecordCount=1&invalidityDate=0\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/$test_out" 0 "Revoke cert with serial Number $serial_number"
+		rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"$serial=on&day=0&month=$Month&year=0&revocationReason=$revocationReason&csrRequestorComments=&submit=Submit&op=doRevoke&templateType=RevocationSuccess&serialNumber=$serial&revokeAll=(|(certRecordId=$decimal_serial_number))&totalRecordCount=1&verifiedRecordCount=1&invalidityDate=0\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/$test_out" 0 "Revoke cert with serial Number $serial_number"
+		rlAssertGrep "header.revoked = \"yes\"" "$TmpDir/$test_out"
+		rlAssertGrep "header.error = null" "$TmpDir/$test_out"
+	fi
+	let i=$i+1
+	done
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-006: CA Cert Retrieval - List only valid certificates"
+        local op=listCerts
+        local queryCertFilter="(certStatus=VALID)"
+        local serialFrom="0"
+        local serialTo="300"
+        local skipNonValid="on"
+        local querySentinelDown="0"
+        local querySentinelUp="0"
+        local direction="down"
+        local maxCount="1000"
+	local test_out="retrieval.txt"
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/listCerts"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/listCerts > $TmpDir/$test_out" 0 "List certificate with $queryCertFilter of maxCount $maxCount"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+	rlLog "no_of_records=$no_of_records"
+        rlAssertNotGrep "record.revokedBy=\"$valid_agent_cert\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+        
+	rlPhaseStartTest "pki_subca_ee-retrieval-007: CA Cert Retrieval - List certs with max count of 10"
+        local op=listCerts
+        local queryCertFilter="(certStatus=VALID)"
+        local serialFrom="0"
+        local serialTo="20"
+        local skipNonValid="on"
+        local querySentinelDown="0"
+        local querySentinelUp="0"
+        local direction="down"
+        local maxCount="10"
+        local test_out="retrieval.txt"
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/listCerts"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialFrom=$serialFrom&serialTo=$serialTo&skipNonValid=$skipNonValid&querySentinelDown=$querySentinelDown&querySentinelUp=$querySentinelUp&direction=$direction&maxCount=$maxCount\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/listCerts > $TmpDir/$test_out" 0 "List certificate with $queryCertFilter of maxCount $maxCount"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlLog "no_of_records=$no_of_records"
+	local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+	rlAssertEquals "Verify No of records displayed is equal to $maxCount" $no_of_records $maxCount
+        rlPhaseEnd
+
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-008: CA Cert Retrieval - Search certs with max count of 10"
+	local test_out=srcCerts.txt
+	local op=srchCerts
+	local serialNumberRangeInUse="on"
+	local serialFrom=0
+	local serialTo=300
+	local queryCertFilter="(&(certRecordId>=$serialFrom)(certRecordId<=$serialTo))"
+	local subjectInUse=''
+	local eMail=''
+	local commonName=''
+	local userID=''
+	local orgUnit=''
+	local org=''
+	local locality=''
+	local state=''
+	local country=''
+	local match='partial'
+	local revokedBy=''
+	local revokedOnInUse=''
+	local revokedOnFrom=''
+	local revokedOnTo=''
+	local revocationReasonInUse=''
+	local revocationReason=''
+	local issuedByInUse=''
+	local issuedBy=''
+	local issuedOnInUse=''
+	local issuedOnFrom=''
+	local issuedOnTo=''
+	local validNotBeforeInUse=''
+	local validNotBeforeFrom=''
+	local validNotBeforeTo=''
+	local validNotAfterInUse=''
+	local validNotAfterFrom=''
+	local validNotAfterTo=''
+	local validityLengthInUse=''
+	local validityOp=''
+	local count=''
+	local unit="2592000000"
+	local certTypeInUse=''
+	local SubordinateEmailCA=''
+	local SubordinateSSLCA=''
+	local SecureEmail=''
+	local SSLClient=''
+	local SSLServer=''
+	local maxResults='10'
+	local timeLimit='5'
+	rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+	rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certs with serialNumber range starting from $serialFrom to $serialTo with maxCount of $maxResults"
+	local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertEquals "Verify No of records displayed is equal to $maxCount" $no_of_records $maxResults
+	rlPhaseEnd	
+
+        rlPhaseStartSetup "Generate a user cert"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+	local serial_number_without_hex=$(echo $serial_number | cut -dx -f2)
+	local serial_number_without_hex_lower=${serial_number_without_hex,,}
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-retrieval-009: CA Cert Retrieval - Search certs with subject Name matching Email Address(method=exact)"
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(&(|(x509Cert.subject=*E=$usermail,*)(x509Cert.subject=*E=$usermail))))"
+        local subjectInUse='on'
+        local eMail="$usermail"
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='exact'
+        local revokedBy=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='10'
+        local timeLimit='5'
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certificate with subject DN containing $usermail"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certificate with subject DN containing $usermail"
+	rlAssertGrep "record.subject=\"$cert_requestdn\"" "$TmpDir/$test_out"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertEquals "Verify No of records displayed is equal to 1" $no_of_records 1
+	rlAssertGrep "record.serialNumber=\"$serial_number_without_hex_lower\"" "$TmpDir/$test_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_ee-retrieval-0010: CA Cert Retrieval - Search certs with subject Name matching userID(method=exact)"
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(&(|(x509Cert.subject=*UID=$userid,*)(x509Cert.subject=*UID=$userid))))"
+        local subjectInUse='on'
+        local eMail=''
+        local commonName=''
+        local userID="$userid"
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='exact'
+        local revokedBy=''
+        local revokedOnInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='10'
+        local timeLimit='5'
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certificate with subject DN containing $usermail"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search Certificate with subject DN containing $userid"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+	rlAssertGrep "record.subject=\"$cert_requestdn\"" "$TmpDir/$test_out"
+        rlAssertEquals "Verify No of records displayed is equal to 1" $no_of_records 1
+	rlAssertGrep "record.serialNumber=\"$serial_number_without_hex_lower\"" "$TmpDir/$test_out"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_subca_ee-retrieval-0011: CA Cert Retrieval - Search revoked certs with revoked by valid agent"
+        local test_out=srcCerts.txt
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(certRevokedBy=$valid_agent_cert))"
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy="$valid_agent_cert"
+        local revokedOnInUse=''
+	local revokedByInUse='on'
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp=''
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='10'
+        local timeLimit='5'
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=(&(certRevokedBy=ROOTCA_agentV))&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=(&(certRevokedBy=ROOTCA_agentV))&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+	rlAssertGrep "record.revokedBy=\"$valid_agent_cert\"" "$TmpDir/$test_out"
+        rlAssertGreater "Verify No of records displayed is greater than 3" $no_of_records 3
+        rlPhaseEnd
+
+	
+	rlPhaseStartTest "pki_subca_ee-retrieval-0012: CA Cert Retrieval - Search revoked certs with revoked by reason Unspecified"
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(x509cert.certRevoInfo=0))"
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedOnInUse=''
+        local revokedByInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse='on'
+        local revocationReason='0'
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp='<='
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='10'
+        local timeLimit='5'
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlAssertGrep "record.revokedBy=\"$valid_agent_cert\"" "$TmpDir/$test_out"
+        rlAssertGreater "Verify No of records displayed is greater than 3" $no_of_records 3
+	rlPhaseEnd	
+
+
+	
+        rlPhaseStartSetup "Generate a user cert and revoke with reason Key compromised"
+        local request_type=pkcs10
+        local request_key_type=rsa
+        local request_key_size=1024
+        local profile=caUserCert
+        local cert_ext_exKeyUsageOIDs="1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4"
+        local userid="fooUser$RANDOM"
+        local usercn="fooUser$RANDOM"
+        local phone="1234-$RANDOM"
+        local usermail="$userid@example.org"
+        local test_out=ca-$profile-test.txt
+        rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Create a new certificate request of type $request_type with key size $request_key_size"
+        rlRun "create_new_cert_request \
+                tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_password:$TEMP_NSS_DB_PWD \
+                request_type:$request_type \
+                request_algo:$request_key_type \
+                request_size:$request_key_size \
+                subject_cn:\"$usercn\" \
+                subject_uid:$userid \
+                subject_email:$usermail \
+                subject_ou:IDM \
+                subject_organization:RedHat \
+                subject_country:US \
+                subject_archive:false \
+                cert_request_file:$TEMP_NSS_DB/$rand-request.pem \
+                cert_subject_file:$TEMP_NSS_DB/$rand-subject.out" 0 "Create $request_type request for $profile"
+        local cert_requestdn=$(cat $TEMP_NSS_DB/$rand-subject.out | grep Request_DN | cut -d ":" -f2)
+        rlLog "cert_requestdn=cert_requestdn"
+        rlRun "cat $TEMP_NSS_DB/$rand-request.pem |  python -c 'import sys, urllib as ul; print ul.quote(sys.stdin.read());' >  $TEMP_NSS_DB/$rand-encoded-request.pem"
+        rlLog "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\""
+        rlRun "curl --basic \
+                    --dump-header  $admin_out \
+                    -d \"profileId=$profile&cert_request_type=$request_type&sn_uid=$userid&sn_cn=$usercn&sn_e=$usermail&sn_ou=IDM&sn_o=Redhat&sn_C=US&requestor_email=$useremail&requestor_phone=$phone&cert_request=$(cat -v $TEMP_NSS_DB/$rand-encoded-request.pem)\" \
+                    -k \"https://$tmp_ca_host:$target_secure_port/ca/ee/ca/profileSubmit\" > $TmpDir/$test_out" 0 "Submit Certificate request to $profile"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        rlAssertNotGrep "Sorry, your request has been rejected" "$admin_out"
+        local request_id=$(cat -v  $TmpDir/$test_out | grep 'requestList.requestId' |  awk -F '=\"' '{print $2}' | awk -F '\";' '{print $1}')
+        rlLog "request_id=$request_id"
+        rlLog "Approve $request_id using $valid_agent_cert"
+        local Second=`date +'%S' -d now`
+        local Minute=`date +'%M' -d now`
+        local Hour=`date +'%H' -d now`
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local Year=`date +'%Y' -d now`
+        local start_year=$Year
+        let end_year=$Year+1
+        local end_day="1"
+        local notBefore="$start_year-$Month-$Day $Hour:$Minute:$Second"
+        local notAfter="$end_year-$Month-$end_day $Hour:$Minute:$Second"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                    --dump-header  $admin_out \
+                     -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                     -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\""
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                    --dump-header  $admin_out \
+                    -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                    -d \"requestId=$request_id&op=approve&submit=submit&name=$cert_requestdn&notBefore=$notBefore&notAfter=$notAfter&authInfoAccessCritical=false&authInfoAccessGeneralNames=&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false&exKeyUsageCritical=false&exKeyUsageOIDs=$cert_ext_exKeyUsageOIDs&&subjAltNameExtCritical=false&subjAltNames=$cert_ext_subjAltNames&signingAlg=SHA1withRSA&requestNotes=submittingcertfor$userid\" \
+                     -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileProcess\" > $TmpDir/$test_out" 0 "Submit Certificare request"
+        rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+        local serial_number=$(cat -v  $TmpDir/$test_out | tr '\\n' '\n' | grep 'Serial Number' |  awk -F 'Serial Number: ' '{print $2}')
+        local serial_number_without_hex=$(echo $serial_number | cut -dx -f2)
+        local serial_number_without_hex_lower=${serial_number_without_hex,,}
+        rlLog "serial_number=$serial_number"
+        rlRun "verify_cert \"$serial_number\" \"$cert_requestdn\"" 0 "Verify cert"
+        local STRIP_HEX=$(echo $serial_number | cut -dx -f2)
+        local serial=$STRIP_HEX
+        local CONV_UPP_VAL=${STRIP_HEX^^}
+        local decimal_serial_number=$(echo "ibase=16;$CONV_UPP_VAL"|bc)
+        local Day=`date +'%d' -d now`
+        local Month=`date +'%m' -d now`
+        local revocationReason="1"
+        rlLog "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"$serial=on&day=0&month=$Month&year=0&revocationReason=$revocationReason&csrRequestorComments=&submit=Submit&op=doRevoke&templateType=RevocationSuccess&serialNumber=$serial&revokeAll=(|(certRecordId=$decimal_serial_number))&totalRecordCount=1&verifiedRecordCount=1&invalidityDate=0\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/$test_out" 0 "Revoke cert with serial Number $serial_number"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem \
+                --dump-header  $admin_out \
+                -E $valid_agent_cert:$CERTDB_DIR_PASSWORD \
+                -d \"$serial=on&day=0&month=$Month&year=0&revocationReason=$revocationReason&csrRequestorComments=&submit=Submit&op=doRevoke&templateType=RevocationSuccess&serialNumber=$serial&revokeAll=(|(certRecordId=$decimal_serial_number))&totalRecordCount=1&verifiedRecordCount=1&invalidityDate=0\" -k \"https://$tmp_ca_host:$target_secure_port/ca/agent/ca/doRevoke\" > $TmpDir/$test_out" 0 "Revoke cert with serial Number $serial_number"
+        rlAssertGrep "header.revoked = \"yes\"" "$TmpDir/$test_out"
+        rlAssertGrep "header.error = null" "$TmpDir/$test_out"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_subca_ee-retrieval-0013: CA Cert Retrieval - Search revoked certs with revoked by reason Unspecified & key compromise"
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(|(x509cert.certRevoInfo=0)(x509cert.certRevoInfo=1)))"
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedOnInUse=''
+        local revokedByInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse='on'
+        local revocationReason='0,1'
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp='<='
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+	rlAssertGrep "record.revocationReason=0" "$TmpDir/$test_out"
+	rlAssertGrep "record.revocationReason=1" "$TmpDir/$test_out"
+	rlAssertNotGrep "record.revocationReason=2" "$TmpDir/$test_out"
+	rlAssertNotGrep "record.revocationReason=3" "$TmpDir/$test_out"
+	rlAssertNotGrep "record.revocationReason=4" "$TmpDir/$test_out"
+	rlAssertNotGrep "record.revocationReason=5" "$TmpDir/$test_out"
+	rlAssertNotGrep "record.revocationReason=6" "$TmpDir/$test_out"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.subject=" | wc -l)
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-0014: CA Cert Retrieval - Search certs issued by Valid agent cert"
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(certIssuedBy=$valid_agent_cert))"
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedOnInUse=''
+        local revokedByInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local issuedByInUse='on'
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse=''
+        local validityOp='<='
+        local count=''
+        local unit="2592000000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.issuedBy=\"$valid_agent_cert\"" | wc -l)	
+	rlAssertGrep "record.issuedBy=\"$valid_agent_cert\"" "$TmpDir/$test_out"
+	rlAssertGreater "Verify No of records displayed is greater than 10" $no_of_records 10
+	rlPhaseEnd
+
+	rlPhaseStartSetup "Create custom user profile which is valid for 15 days"
+        local profile="caUserCert$RANDOM"
+        local pki_user="pki_foo_bar2"
+        local pki_user_fullName="pki1 Foo Bar2"
+        local profilename="$profile Enrollment Profile"
+        rlRun "python -m PkiLib.pkiprofilecli \
+            --new user --profileId "$profile" \
+            --profilename=\"$profilename\" \
+            --notBefore 5 \
+            --notAfter 5 \
+            --validfor 15 \
+            --maxvalidity 30  \
+            --outputfile $TmpDir/$profile\.xml"
+        rlLog "Add $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_admin_cert \
+                ca-profile-add $TmpDir/$profile\.xml > $ca_profile_out"
+        rlAssertGrep "Added profile $profile" "$ca_profile_out"
+        rlLog "Enable $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out"
+        rlLog "Verify by creating a user cert using the profile"
+        rlAssertGrep "Enabled profile \"$profile\"" "$ca_profile_out"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                myreq_type:pkcs10 \
+                algo:rsa \
+                key_size:2048 \
+                subject_cn:\"$pki_user_fullName\" \
+                subject_uid:$pki_user \
+                subject_email:$pki_user@example.org \
+                subject_ou: \
+                subject_o: \
+                subject_c: \
+                archive:false \
+                req_profile:$profile \
+                target_host:$tmp_ca_host \
+                protocol: \
+                port:$tmp_ca_port \
+                cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD \
+                certdb_nick:$valid_agent_cert \
+                cert_info:$cert_info"
+        local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cert_subject=$(cat $cert_info | grep cert_subject | cut -d- -f2)
+	local NotAfterDate=$(date +"%A, %B %d, %Y" --date "15 days")
+        rlRun "pki -h $tmp_ca_host -p $tmp_ca_port cert-show $cert_serialNumber --pretty > $cert_out"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Cert,O=redhat" "$cert_out"
+        rlAssertGrep "Subject: $cert_subject" "$cert_out"
+        rlAssertGrep "Status: VALID" "$cert_out"
+        rlAssertGrep "Not  After: $NotAfterDate" "$cert_out"
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-0015: CA Cert Retrieval - Search certs with a validity period of 15 days"
+        local op=srchCerts
+        local serialNumberRangeInUse=''
+        local serialFrom=''
+        local serialTo=''
+        local queryCertFilter="(&(x509cert.duration<=1296000000))"
+        local subjectInUse=''
+        local eMail=''
+        local commonName=''
+        local userID=''
+        local orgUnit=''
+        local org=''
+        local locality=''
+        local state=''
+        local country=''
+        local match='partial'
+        local revokedBy=""
+        local revokedOnInUse=''
+        local revokedByInUse=''
+        local revokedOnFrom=''
+        local revokedOnTo=''
+        local revocationReasonInUse=''
+        local revocationReason=''
+        local issuedByInUse=''
+        local issuedBy=''
+        local issuedOnInUse=''
+        local issuedOnFrom=''
+        local issuedOnTo=''
+        local validNotBeforeInUse=''
+        local validNotBeforeFrom=''
+        local validNotBeforeTo=''
+        local validNotAfterInUse=''
+        local validNotAfterFrom=''
+        local validNotAfterTo=''
+        local validityLengthInUse='on'
+        local validityOp='<='
+        local count='15'
+        local unit="86400000"
+        local certTypeInUse=''
+        local SubordinateEmailCA=''
+        local SubordinateSSLCA=''
+        local SecureEmail=''
+        local SSLClient=''
+        local SSLServer=''
+        local maxResults='1000'
+        local timeLimit='5'
+        rlLog "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert"
+        rlRun "curl --basic --dump-header $admin_out -d \"op=$op&queryCertFilter=$queryCertFilter&serialNumberRangeInUse=$serialNumberRangeInUse&serialFrom=$serialFrom&serialTo=$serialTo&subjectInUse=$subjectInUse&eMail=$eMail&commonName=$commonName&userID=$userID&orgUnit=$orgUnit&org=$org&locality=$locality&state=$state&country=$country&match=$match&revokedBy=$revokedBy&revokedOnInUse=$revokedOnInUse&revokedByInUse=$revokedByInUse&revokedOnFrom=$revokedOnFrom&revokedOnTo=$revokedOnTo&revocationReasonInUse=$revocationReasonInUse&revocationReason=$revocationReason&issuedByInUse=$issuedByInUse&issuedBy=$issuedBy&issuedOnInUse=$issuedOnInUse&issuedOnFrom=$issuedOnFrom&issuedOnTo=$issuedOnTo&validNotBeforeInUse=$validNotBeforeInUse&validNotBeforeFrom=$validNotBeforeFrom&validNotBeforeTo=$validNotBeforeTo&validNotAfterInUse=$validNotAfterInUse&validNotAfterFrom=$validNotAfterFrom&validNotAfterTo=$validNotAfterTo&validityLengthInUse=$validityLengthInUse&validityOp=$validityOp&count=$count&unit=$unit&certTypeInUse=$certTypeInUse&SubordinateEmailCA=$SubordinateEmailCA&SubordinateSSLCA=$SubordinateSSLCA&SecureEmail=$SecureEmail&SSLClient=$SSLClient&SSLServer=$SSLServer&maxResults=$maxResults&timeLimit=$timeLimit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/srchCerts > $TmpDir/$test_out" 0 "Search certs revoked by $valid_agent_cert with a validity period of 15 days"
+        local no_of_records=$(cat $TmpDir/$test_out | grep "record.issuedBy=\"$valid_agent_cert\"" | wc -l)
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlAssertGrep "record.subject=\"$cert_subject\"" "$TmpDir/$test_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-0015: CA Cert Retrieval - Import CA Certificate chain"
+	local op='download'
+	local mimetype='application/x-x509-ca-cert'
+	local test_out=cacert.out
+	rlLog "curl --basic --dump-header $admin_out -d \"op=$op&mimeType=$mimetype&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCAChain 1> $TmpDir/$test_out"
+	rlRun "curl --basic --dump-header $admin_out -d \"op=$op&mimeType=$mimetype&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCAChain 1> $TmpDir/$test_out"
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-0016: CA Cert Retrieval - Download CA certificate in binary format"
+	local op='downloadBin'
+	local mimetype='application/x-x509-ca-cert'
+	local test_out=cacert.out
+	rlLog "curl --basic --dump-header $admin_out -d \"op=$op&mimeType=$mimetype&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCAChain 1> $TmpDir/$test_out"
+	rlRun "curl --basic --dump-header $admin_out -d \"op=$op&mimeType=$mimetype&submit=Submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCAChain 1> $TmpDir/$test_out"
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_ee-retrieval-0017: CA Cert Retrieval - Import latest CRL"
+	local crlIssuingPoint='MasterCRL'
+	local certSerialNumber=''
+	local op='importCRL'
+	local crlDisplayType='cachedCRL'
+	local pageStart='1'
+	local pageSize='50'
+	local submit='Submit'
+	local test_out='crl.out'
+	rlLog "curl --basic --dump-header $admin_out -d \"crlIssuingPoint=$crlIssuingPoint&certSerialNumber=$certSerialNumber&op=$op&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize&submit=$submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCRL 1> $TmpDir/$test_out"
+	rlRun "curl --basic --dump-header $admin_out -d \"crlIssuingPoint=$crlIssuingPoint&certSerialNumber=$certSerialNumber&op=$op&crlDisplayType=$crlDisplayType&pageStart=$pageStart&pageSize=$pageSize&submit=$submit\" -k https://$tmp_ca_host:$target_secure_port/ca/ee/ca/getCRL 1> $TmpDir/$test_out"
+	rlAssertGrep "HTTP/1.1 200 OK" "$admin_out"
+	rlPhaseEnd
+
+        rlPhaseStartCleanup "Delete Temporary Directory and enable nonce"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+	enable_ca_nonce $tomcat_name
+        rlPhaseEnd
+
+}
+verify_cert()
+{
+        local serial_number=$1
+        local request_dn=$2
+        STRIP_HEX=$(echo $serial_number | cut -dx -f2)
+        CONV_LOW_VAL=${STRIP_HEX,,}
+        rlRun "pki -h $tmp_ca_host -p $target_unsecure_port cert-show $serial_number > $cert_show_out" 0 "Executing pki cert-show $serial_number"
+        rlAssertGrep "Serial Number: 0x$CONV_LOW_VAL" "$cert_show_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Certificate,O=redhat" "$cert_show_out"
+        rlAssertGrep "Subject: $request_dn" "$cert_show_out"
+        rlAssertGrep "Status: VALID" "$cert_show_out"
+}
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/logs/subca-ad-logs.sh b/tests/dogtag/acceptance/legacy/subca-tests/logs/subca-ad-logs.sh
new file mode 100755
index 000000000..9d3303782
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/subca-tests/logs/subca-ad-logs.sh
@@ -0,0 +1,201 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/legacy/subca-tests/subca-ad-logs
+#   Description: Subordinate CA Ad logs
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#   The following legacy test needs be tested:
+#   subca-ad-tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mniranja@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_admin-subca-log_tests()
+{
+	# Creating Temporary Directory
+        rlPhaseStartSetup "Create Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "export PYTHONPATH=$PYTHONPATH:/opt/rhqa_pki/"
+        rlPhaseEnd
+
+	# Local Variables
+        local cs_Type=$1
+        local cs_Role=$2
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        if [ $cs_Role="MASTER" ]; then
+                 SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
+        elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then
+                SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        fi
+        local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME)
+        local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT)
+        local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local valid_agent_cert=$SUBCA_INST\_agentV
+        local valid_audit_cert=$SUBCA_INST\_auditV
+        local valid_operator_cert=$SUBCA_INST\_operatorV
+        local valid_admin_cert=$SUBCA_INST\_adminV
+	local valid_admin_user=$SUBCA_INST\_adminV
+	local valid_admin_pwd=$SUBCA_INST\_adminV_password
+	local valid_agent_user=$SUBCA_INST\_agentV
+	local valid_agent_pwd=$SUBCA_INST\_agentV_password
+	local valid_audit_user=$SUBCA_INST\_auditV
+	local valid_audit_pwd=$SUBCA_INST\_auditV_password
+	local valid_operator_user=$SUBCA_INST\_operatorV
+	local valid_operator_pwd=$SUBCA_INST\_operatorV_password
+	local cert_find_info="$TmpDir/cert_find_info"
+	local PKIDAEMON_STATUS="$TmpDir/pkidaemon-status"
+	local admin_out="$TmpDir/admin_out"
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local cert_info="$TmpDir/cert_info"
+        local ca_profile_out="$TmpDir/ca-profile-out"
+        local cert_out="$TmpDir/cert-show.out"
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')        
+	local SSL_DIR=$CERTDB_DIR
+
+
+	rlPhaseStartTest "pki_console_log-001: SUBCA Admin Interface - Add a new log file"
+	rlLog "Create a new log of type system"
+	local logfile=log$RANDOM
+	local level=0
+	local rolloverinterval=1
+	local logtype="system"
+	local flushinterval=5
+	local filename=/tmp/$logfile
+	local logenable="True"
+	local signedAuditCertNickname="caauditsigningcert"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_ca_host:$target_secure_port/ca/log >> $admin_out" 0 "Create $logfile file of type $logtype"
+	rlLog "List all logs"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_ca_host:$target_secure_port/ca/log > $admin_out" 0 "List all logs configured"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "$logfile=file:visible" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_log-002: SUBCA Admin Interface - List all logs"
+	rlLog "List all logs"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		 -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_ca_host:$target_secure_port/ca/log > $admin_out" 0 "List all logs configured"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "Transactions=file:visible" "$admin_out"
+	rlAssertGrep "SignedAudit=file:visible" "$admin_out"
+	rlAssertGrep "System=file:visible" "$admin_out"
+	rlAssertGrep "$logfile=file:visible" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_log-003: SUBCA Admin Interface - Edit log file configuration"
+        local level=0
+        local rolloverinterval=1
+        local logtype="system"
+        local flushinterval=5
+        local filename=/tmp/$logfile
+        local logenable="false"
+	local maxfilesize=3000
+	local buffersize=512
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_MODIFY&OP_SCOPE=logRule&RS_ID=$logfile&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&bufferSize=$buffersize&maxFileSize=$maxfilesize&fileName=$filename&enable=$logenable&implName=file&type=$logtype&RULENAME=$logfile\" -k https://$tmp_ca_host:$target_secure_port/ca/log >> $admin_out" 0 "Modify $logfile file"
+	rlLog "Changes require restart of CA instance"
+	rlRun "rhcs_stop_instance $tomcat_name"
+	rlRun "rhcs_start_instance $tomcat_name"
+	rlLog "Read $logfile and verify values are updated"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_READ&OP_SCOPE=logRule&RS_ID=$logfile\" -k  https://$tmp_ca_host:$target_secure_port/ca/log > $admin_out" 0 "Read $logfile file"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "maxFileSize=$maxfilesize" "$admin_out"
+	rlAssertGrep "enable=$logenable" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_log-004: SUBCA Admin Interface - View log file"
+	rlLog "Read $logfile"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_READ&OP_SCOPE=logRule&RS_ID=$logfile\" -k  https://$tmp_ca_host:$target_secure_port/ca/log > $admin_out" 0 "Read $logfile file"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "implName=file" "$admin_out"
+	rlAssertGrep "type=$logtype" "$admin_out"
+	rlAssertGrep "enable=$logenable" "$admin_out"
+	rlAssertGrep "level=Debug" "$admin_out"
+	rlAssertGrep "bufferSize=$buffersize" "$admin_out"
+	rlAssertGrep "maxFileSize=$maxfilesize" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_log-005: SUBCA Admin Interface - Delete log file"
+	rlLog "Delete log $logfile file"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=logRule&RS_ID=$logfile\" -k  https://$tmp_ca_host:$target_secure_port/ca/log > $admin_out" 0 "Read $logfile file"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlLog "List all logs"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                 -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=logRule\" -k https://$tmp_ca_host:$target_secure_port/ca/log > $admin_out" 0 "List all logs configured"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "Transactions=file:visible" "$admin_out"
+        rlAssertGrep "SignedAudit=file:visible" "$admin_out"
+        rlAssertGrep "System=file:visible" "$admin_out"
+        rlAssertNotGrep "$logfile=file:visible" "$admin_out"	
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_log-006: SUBCA Admin Interface - Adding a log file with agent privileges should fail"
+        local logfile=log$RANDOM
+        local level=0
+        local rolloverinterval=1
+        local logtype="system"
+        local flushinterval=5
+        local filename=/tmp/$logfile
+        local logenable="True"
+        local signedAuditCertNickname="caauditsigningcert"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_agent_user:$valid_agent_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_ca_host:$target_secure_port/ca/log > $admin_out" 0 "Create $logfile file of type $logtype"   
+        rlAssertGrep "You are not authorized to perform this operation" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_log-007: SUBCA Admin Interface - Adding a log file with audit privileges should fail"
+        local logfile=log$RANDOM
+        local level=0
+        local rolloverinterval=1
+        local logtype="system"
+        local flushinterval=5
+        local filename=/tmp/$logfile
+        local logenable="True"
+        local signedAuditCertNickname="caauditsigningcert"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_audit_user:$valid_audit_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=logRule&RS_ID=$logfile&unselected.events=&level=$level&rolloverInterval=$rolloverinterval&flushInterval=$flushinterval&mandatory.events=&bufferSize=512&maxFileSize=2000&fileName=$filename&enable=$logenable&signedAuditCertNickname=$signedAuditCertNickname&implName=file&type=$logtype&logSigning=true&events=&RULENAME=$logfile\" -k https://$tmp_ca_host:$target_secure_port/ca/log > $admin_out" 0 "Create $logfile file of type $logtype"
+        rlAssertGrep "You are not authorized to perform this operation" "$admin_out"
+        rlPhaseEnd
+
+	rlPhaseStartCleanup "Delete Temporary Directory"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlPhaseEnd
+}
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh b/tests/dogtag/acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh
new file mode 100755
index 000000000..2c70ba911
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh
@@ -0,0 +1,1607 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ca-profile-cli
+#   Description: PKI CA PROFILE CLI tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki key cli commands needs to be tested:
+#  pki ca-profile-add
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mniranja@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_admin-subca-profile_tests()
+{
+	 # Creating Temporary Directory
+        rlPhaseStartSetup "Create Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "export PYTHONPATH=$PYTHONPATH:/opt/rhqa_pki/"
+        rlPhaseEnd
+
+	# Local Variables
+        local cs_Type=$1
+        local cs_Role=$2
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        if [ $cs_Role="MASTER" ]; then
+                 SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
+        elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then
+                SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        fi
+        local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME)
+        local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT)
+        local tmp_ca_agent=$SUBCA_INST\_agentV
+        local tmp_ca_admin=$SUBCA_INST\_adminV
+        local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local valid_agent_user=$SUBCA_INST\_agentV
+        local valid_agent_cert=$SUBCA_INST\_agentV
+        local valid_audit_user=$SUBCA_INST\_auditV
+        local valid_operator_user=$SUBCA_INST\_operatorV
+        local valid_admin_user=$SUBCA_INST\_adminV
+        local valid_admin_cert=$SUBCA_INST\_adminV
+	local cert_find_info="$TmpDir/cert_find_info"
+	local valid_admin_pwd=$SUBCA_INST\_adminV_password
+	local valid_agent_pwd=$SUBCA_INST\_agentV_password
+	local valid_audit_pwd=$SUBCA_INST\_auditV_password
+	local valid_operator_pwd=$SUBCA_INST\_operatorV_password
+	local admin_out="$TmpDir/admin_out"
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local cert_info="$TmpDir/cert_info"
+        local ca_profile_out="$TmpDir/ca-profile-out"
+        local cert_out="$TmpDir/cert-show.out"
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')        
+	local SSL_DIR=$CERTDB_DIR
+
+	rlPhaseStartTest "pki_console_profile-001: SUBCA - Admin Interface - list all profiles"
+	rlLog "List all Profiles"
+	local default_profiles=(caUserCert caECUserCert caUserSMIMEcapCert caDualCert caECDualCert AdminCert caSignedLogCert caTPSCert caRARouterCert caRouterCert caServerCert caSubsystemCert caStorageCert)
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_SEARCH&OP_SCOPE=rules&\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile >> $admin_out" 0 "List all defaul Profiles"
+	for i in ${default_profiles[@]}; do
+		rlAssertGrep "$i" "$admin_out"	
+	done
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_profile-002: SUBCA - Admin Interface - View Profile Details"
+	local profile="caUserSMIMEcapCert"
+	rlLog "View Profile Details $profile"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_READ&OP_SCOPE=policies&RS_ID=$profile\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "View details of Profile $profile"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlLog "Verify Policy & Constraints"
+	rlAssertGrep "SubjectNameDefault:SubjectNameConstraint" "$admin_out"
+	rlAssertGrep "NoDefault:RenewalGracePeriodConstraint" "$admin_out"
+	rlAssertGrep "ValidityDefault:ValidityConstraint" "$admin_out"
+	rlAssertGrep "KeyDefault:KeyConstraint" "$admin_out"
+	rlAssertGrep "AuthorityKeyIdentifierDefault:NoConstraint" "$admin_out"
+	rlAssertGrep "AIAExtensionDefault:NoConstraint" "$admin_out"
+	rlAssertGrep "KeyUsageDefault:KeyUsageExtensionConstraint" "$admin_out"
+	rlAssertGrep "ExtendedKeyUsageExtensionDefault:NoConstraint" "$admin_out"
+	rlAssertGrep "SubjectAltNameConstraint:NoConstraint" "$admin_out"
+	rlAssertGrep "SigningAlg:NoConstraint" "$admin_out"
+	local scope=profileInput
+	rlLog "Verify $scope"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_READ&OP_SCOPE=profileInput&RS_ID=$profile\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "View details of Profile $profile"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "KeyGeneration" "$admin_out"
+	rlAssertGrep "SubjectName" "$admin_out"
+	rlAssertGrep "RequestorInformation" "$admin_out"
+	local scope=profileOutput
+	rlLog "Verify $scope"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_READ&OP_SCOPE=$scope&RS_ID=$profile\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "View details of Profile $profile"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "CertificateOutput" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_profile-003: SUBCA - Admin Interface - Verify Deleting enabled profile fails"
+	local profile="caUserSMIMEcapCert"
+	local op_scope=rules
+	local op_type='OP_DELETE'
+	rlLog "View Profile Details $profile"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=$op_type&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "View details of Profile $profile"
+	rlAssertGrep "Cannot delete enabled profile: $profile" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_profile-004: SUBCA - Admin Interface - Create a new user Profile using caUserCertEnrollImpl with Profile Authencation set to AgentCertAuth"
+        local profile="caUserCert$RANDOM"
+        local op_scope=rules
+	local class=caUserCertEnrollImpl
+	rlLog "Create new profile $profile"
+	rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_ADD&OP_SCOPE=rules&RS_ID=$profile&impl=$class&name=$profile&visible=true&auth=AgentCertAuth&desc=$profile\" \
+		-k  https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Create a new profile for user cert enrollment"
+	rlLog "List all default Profiles"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=rules&\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile >> $admin_out" 0 "List all default Profiles"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"	
+	rlAssertGrep "$profile=$profile:visible:disabled" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_profile-005: SUBCA - Admin Interface - Add Authority Info Access Extension Default Policy"
+	local op_scope=policies
+	local policy=authInfoAccessExtDefaultImpl
+	local policyname=AuthorityInfoAccessExtensionDefault
+	local constraintname=NoConstraint
+	local constraint=noConstraintImpl
+	rlLog "Add Policy" 
+	rlRun "curl --capath "$CERTDB_DIR" \
+		--basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_ADD&OP_SCOPE=policies&RS_ID=$profile;set1:p6;$policy;$constraint\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Authority Info Access Extension Default Policy to $profile" 0 "Add Authority Info Access Extension Policy"
+	local op_scope=defaultPolicy
+	rlLog "Add $policy Details"
+	rlRun "curl --capath "$CERTDB_DIR" \
+		--basic --user "$valid_admin_user:$valid_admin_pwd" -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p6;$policy;$constraint&authInfoAccessCritical=false&authInfoAccessNumADs=1&authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1&authInfoAccessADLocationType_0=URIName&authInfoAccessADLocation_0=&authInfoAccessADEnable_0=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+	rlLog "Add Policy Constraint"
+	local op_scope=constraintPolicy
+	rlRun "curl --capath "$CERTDB_DIR" --basic \
+		--user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p6;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile"
+	rlLog "Read all policies of $profile"
+	rlRun "curl --capath "$CERTDB_DIR" --basic \
+		--user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_READ&OP_SCOPE=policies&RS_ID=$profile\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "$policyname:$constraintname" "$admin_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-006: SUBCA - Admin Interface - Add Authority key Identifier Extension Default Policy"
+        local op_scope=policies
+        local policy=authorityKeyIdentifierExtDefaultImpl
+        local policyname=AuthorityKeyIdentifierExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=policies&RS_ID=$profile;set1:p7;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Authority Key Identifier Extension Default Policy to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p7;$policy;$constraint\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p7;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile"
+        rlLog "Get all policies of $profile"
+	local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_console_profile-007: SUBCA - Admin Interface - Add Auto request Assignment Default"
+        local op_scope=policies
+        local policy=autoAssignDefaultImpl
+        local policyname=AutoRequestAssignmentDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=policies&RS_ID=$profile;set1:p8;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Authority Info Access Extension Default Policy to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p8;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details" 0 
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p8;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+	rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_console_profile-008: SUBCA - Admin Interface - Add Basic Constraints Extension Default"
+        local op_scope=policies
+        local policy=basicConstraintsExtDefaultImpl
+        local policyname=BasicConstraintsExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=policies&RS_ID=$profile;set1:p9;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Basic Constraints Extension to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p9;$policy;$constraint&basicConstraintsCritical=false&basicConstraintsIsCA=false&basicConstraintsPathLen=-1\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p9;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-009: SUBCA - Admin Interface - Add Certificate Version Default Policy"
+        local policy=certificateVersionDefaultImpl
+        local policyname=CertificateVersionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+	local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Certificate Version Default Policy to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint&basicConstraintsCritical=false&basicConstraintsIsCA=false&basicConstraintsPathLen=-1\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+		
+	rlPhaseStartTest "pki_console_profile-0010: SUBCA - Admin Interface - Add CRL Distribution Points Extension Default Policy & add custom CRL Url"
+        local policy=crlDistributionPointsExtDefaultImpl
+        local policyname=CRLDistributionPointsExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+	local crlurl='https://pki2.example.org:30042/crl/Mastercrl.bin'
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p11;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy CRL Distribution Points Extension Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p11;$policy;$constraint&crlDistPointsCritical=false&crlDistPointsNum=1&crlDistPointsPointType_0=URIName&crlDistPointsPointName_0=$crlurl&crlDistPointsReasons_0=&crlDistPointsIssuerType_0=&crlDistPointsIssuerName_0=&crlDistPointsEnable_0=true\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p11;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0011: SUBCA - Admin Interface - Add Extended Key Usage Extension Default Policy"
+        local policy=extendedKeyUsageExtDefaultImpl
+        local policyname=ExtendedKeyUsageExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        local crlurl='https://pki2.example.org:30042/crl/Mastercrl.bin'
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p12;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Extended Key Usage Extension Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p12;$policy;$constraint&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.2, 1.3.6.1.5.5.7.3.4\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details" 0 
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p12;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0012: SUBCA - Admin Interface - Add Freshest CRL Extension Default"
+        local policy=freshestCRLExtDefaultImpl
+        local policyname=FreshestCRLExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        local crlurl="https://$tmp_ca_host:$target_secure_port/crl/Mastercrl.bin"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p13;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Freshest CRL Extension to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p13;$policy;$constraint&freshestCRLCritical=false&freshestCRLPointNum=1&freshestCRLPointType_0=URIName&freshestCRLPointName_0=$crlurl&freshestCRLPointIssuerType_0=&freshestCRLPointIssuerName_0=&freshestCRLPointEnable_0='true'\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p13;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_console_profile-0013: SUBCA - Admin Interface - Add Key Usage Extension Default"
+        local policy=keyUsageExtDefaultImpl
+        local policyname=KeyUsageExtensionDefault
+        local constraintname=KeyUsageExtensionConstraint
+        local constraint=keyUsageExtConstraintImpl
+	rlLog "Delete Existing Key Usage Policy"
+	rlRun "curl --capath "$CERTDB_DIR" \
+		--basic --user "$valid_admin_user:$valid_admin_pwd" \
+		-d \"OP_TYPE=OP_DELETE&OP_SCOPE=policies&RS_ID=$profile&POLICYID=set1:p5\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Key Usage Policy"
+	rlLog "Add Key Usage Policy"
+        local op_scope=policies
+        local crlurl="https://$tmp_ca_host:$target_secure_port/crl/Mastercrl.bin"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p14;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Key Usage Extension Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p14;$policy;$constraint&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p14;$policy;$constraint&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0014: SUBCA - Admin Interface - Add Issuer Alternative Name Extension Default"
+        local policy=issuerAltNameExtDefaultImpl
+        local policyname=IssuerAlternativeNameExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p15;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Issuer Alternative Name Extension Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p15;$policy;$constraint&issuerAltNameExtCritical=false&issuerAltExtType=RFC822Name&issuerAltExtPattern=$request.requestor_email\$\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p15;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_console_profile-0014: SUBCA - Admin Interface - Add Name Constraints Extension Default"
+        local policy=nameConstraintsExtDefaultImpl
+        local policyname=IssuerAlternativeNameExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        local crlurl="https://$tmp_ca_host:$target_secure_port/crl/Mastercrl.bin"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p15;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Name Constraints Extension Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p15;$policy;$constraint&nameConstraintsCritical=false&nameConstraintsNumPermittedSubtrees=1&nameConstraintsPermittedSubtreeMinValue_0=1&nameConstraintsPermittedSubtreeNameChoice_0=URIName&nameConstraintsPermittedSubtreeNameValue_0=https://$tmp_ca_host:80&nameConstraintsPermittedSubtreeEnable_0=false&nameConstraintsNumExcludedSubtrees=1&nameConstraintsExcludedSubtreeMinValue_0=&nameConstraintsExcludedSubtreeMaxValue_0=&nameConstraintsExcludedSubtreeNameChoice_0=&nameConstraintsExcludedSubtreeNameValue_0=&nameConstraintsExcludedSubtreeEnable_0=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p15;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0015: SUBCA - Admin Interface - Add Netscape Certificate Type Extension Default Policy"
+        local policy=nsCertTypeExtDefaultImpl
+        local policyname=NetscapeCertificateTypeExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p16;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Netscape Certificate Type Extension Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p16;$policy;$constraint&nsCertCritical=true&nsCertSSLClient=true&nsCertSSLServer=true&nsCertEmail=true&nsCertObjectSigning=false&nsCertSSLCA=false&nsCertEmailCA=false&nsCertObjectSigningCA=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p16;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+	
+
+        rlPhaseStartTest "pki_console_profile-0016: SUBCA - Admin Interface - Add OCSP No check Extension Default Policy"
+        local policy=ocspNoCheckExtDefaultImpl
+        local policyname=OCSPNoCheckExtensionDefault
+        local constraintname=ExtensionConstraint
+        local constraint=extensionConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p17;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy OCSP No check Extension Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p17;$policy;$constraint&ocspNoCheckCritical=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p17;$policy;$constraint&extCritical=false&extOID=1.1.1.1.1\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0017: SUBCA - Admin Interface - Add Signing Algorithm Default Policy"
+        local policy=signingAlgDefaultImpl
+        local policyname=SigningAlgorithmDefault
+        local constraintname=SigningAlgorithmConstraint
+        local constraint=signingAlgConstraintImpl
+        rlLog "Delete Existing Key Usage Policy"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=policies&RS_ID=$profile&POLICYID=set1:p4\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Signing Algorithm Usage Policy"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p18;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Signing Algorithm Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p18;$policy;$constraint&signingAlg=SHA256withRSA\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p18;$policy;$constraint&signingAlgsAllowed=SHA1withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0018: SUBCA - Admin Interface - Add OCSP No check Extension Default Policy"
+        local policy=ocspNoCheckExtDefaultImpl
+        local policyname=OCSPNoCheckExtensionDefault
+        local constraintname=ExtensionConstraint
+        local constraint=extensionConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p17;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy OCSP No check Extension Default to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p17;$policy;$constraint&ocspNoCheckCritical=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p17;$policy;$constraint&extCritical=false&extOID=1.1.1.1.1\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                	--user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0019: SUBCA - Admin Interface - Add signing Algorithm"
+        local policy=signingAlgDefaultImpl	
+        local policyname=SigningAlgorithmDefault
+        local constraintname=SigningAlgorithmConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p18;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Signing Algorithm to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p18;$policy;$constraint&signingAlg=SHA256withRSA\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p18;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0020: SUBCA - Admin Interface - Add Subject Alternative Name Extension Policy"
+        local policy=subjectAltNameExtDefaultImpl
+        local policyname=SubjectAlternativeNameExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p19;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject Alternative Name Extension to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p19;$policy;$constraint&subjAltNameExtCritical=false&subjAltNameNumGNs=1&subjAltExtType_0=RFC822Name&subjAltExtPattern_0=\$request.requestor_email\$&subjAltExtGNEnable_0=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p19;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0021: SUBCA - Admin Interface - Add Subject Directory Attributes Extension Policy"
+        local policy=subjectDirAttributesExtDefaultImpl
+        local policyname=SubjectDirectoryAttributesExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p20;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject Directory Attributes Extension to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p20;$policy;$constraint&subjDirAttrsCritical=false&subjDirAttrsNum=1&subjDirAttrName_0=email&subjDirAttrPattern_0=\$request.requestor_email\$&subjDirAttrEnable=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p20;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0022: SUBCA - Admin Interface - Add Subject Info Access Extension Policy"
+        local policy=subjectInfoAccessExtDefaultImpl
+        local policyname=SubjectInfoAccessExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p21;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject Info access extension default a1to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p21;$policy;$constraint&subjInfoAccessCritical=false&subjInfoAccessNumADs=1&subjInfoAccessADMethod_0=1.2.3.4.5.6&subjInfoAccessADLocationType_0=URINAME&subjInfoAccessADLocation_0=&subjInfoAccessADEnable_0=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p21;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0023: SUBCA - Admin Interface - Add Subject key Identifier Policy"
+        local policy=subjectKeyIdentifierExtDefaultImpl
+        local policyname=SubjectKeyIdentifierDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p22;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject key Identifier to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p22;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p22;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd	
+
+        rlPhaseStartTest "pki_console_profile-0024: SUBCA - Admin Interface - Add Subject Name Default Policy"
+        local policy=subjectNameDefaultImpl
+        local policyname=SubjectNameDefault
+        local constraintname=SubjectNameConstraint
+        local constraint=subjectNameConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p23;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject Info access extension default a1to $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p23;$policy;$constraint&CN=TEST\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p23;$policy;$constraint&pattern=cn=\*\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0025: SUBCA - Admin Interface - Add Validity Default Policy"
+        local policy=validityDefaultImpl
+        local policyname=ValidityDefault
+        local constraintname=ValidityConstraint
+        local constraint=validityConstraintImpl
+        local op_scope=policies
+        rlLog "Delete Existing Key Usage Policy"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=policies&RS_ID=$profile&POLICYID=set1:p2\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Validity Default usage Policy"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p24;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Validity Default policy $profile"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p24;$policy;$constraint&range=180&startTime=60\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p24;$policy;$constraint&range=365&notBeforeGracePeriod=0&notBeforeCheck=false&notAfterCheck=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0026: SUBCA - Admin Interface - Add Certificate Request Input"
+        local Input=certReqInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i4;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Certificate Request Input $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i4=CertificateRequestInput" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0027: SUBCA - Admin Interface - Add CMC Request Input"
+        local Input=cmcCertReqInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i5;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add CMC Request Input $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i5=CertificateRequestInput" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0028: SUBCA - Admin Interface - Add Dual Key Generation Input"
+        local Input=dualKeyGenInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i6;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Dual Key Generation Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i6=DualKeyGeneration" "$admin_out"
+        rlPhaseEnd#
+
+        rlPhaseStartTest "pki_console_profile-0029: SUBCA - Admin Interface - Add File Signing  Input"
+        local Input=fileSigningInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i7;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add File Signing Input $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "i7=FileSigningInput" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0030: SUBCA - Admin Interface - Add Key Generation Input"
+        local Input=keyGenInputImpl
+        local op_scope=profileInput
+        rlLog "Delete Existing Key Generation Input"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=profileInput&RS_ID=$profile&INPUTID=i1\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Validity Default usage Policy"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i1;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Key Generation Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i1=KeyGeneration" "$admin_out"
+        rlPhaseEnd	
+
+        rlPhaseStartTest "pki_console_profile-0031: SUBCA - Admin Interface - Add Subject DN  Input"
+        local Input=subjectDNInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i8;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Subject DN Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i8=SubjectName" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0032: SUBCA - Admin Interface - Add Subject Name Input"
+        local Input=subjectNameInputImpl
+        local op_scope=profileInput
+        rlLog "Delete Existing Subject Name Input"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=profileInput&RS_ID=$profile&INPUTID=i2\" \
+		-k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Subject Name Input"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i2;$Input&sn_uid=true&sn_e=true&sn_cn=true&sn_ou3=true&sn_ou2=true&sn_ou1=true&sn_ou=true&sn_o=true&sn_c=true\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Subject Name Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i2=SubjectName" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0033: SUBCA - Admin Interface - Add Certificate Output"
+        local Input=certOutputImpl
+        local op_scope=profileOutput
+        rlLog "Delete Existing Certificate Output"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=profileOutput&RS_ID=$profile&OUTPUTID=o1\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Certificate Output"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;o1;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Certificate Output to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "o1=CertificateOutput" "$admin_out"
+        rlPhaseEnd
+
+
+        rlPhaseStartTest "pki_console_profile-0034: SUBCA - Admin Interface - Add CMMF Output"
+        local Input=cmmfOutputImpl
+        local op_scope=profileOutput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;o1;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Certificate Output to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "o1=CertificateOutput" "$admin_out"
+        rlPhaseEnd
+	
+	rlPhaseStartTest "pki_console_profile-0035: SUBCA - Admin Interface - Delete an existing Policy from Profile"
+        local op_scope=policies
+	rlLog "Read all the existing Policies"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+	rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlLog "Delete signing Algorithm Policy from the profile"
+	local policyId=$(cat -v $admin_out | grep SigningAlgorithmDefault | awk -F ":" '{print $2}' | awk -F "=" '{print $1}')
+	rlLog "policyId=$policyId"
+        rlLog "Delete Existing Key Usage Policy"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=policies&RS_ID=$profile&POLICYID=set1:$policyId\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Validity Default usage Policy"
+        rlLog "Read all the existing Policies"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"	
+	rlAssertNotGrep "SigningAlgorithmDefault:SigningAlgorithmConstraint" "$admin_out"
+	rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_profile-0036: SUBCA - Admin Interface - Delete Dual Key Generation Input from Profile"
+        local op_scope=profileInput
+	rlLog "Read Existing Certificate Input"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	local inputId=$(cat -v $admin_out | grep DualKeyGeneration | awk -F "=" '{print $1}')	
+	rlLog "Delete Dual Key Generation Input"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=profileInput&RS_ID=$profile&INPUTID=$inputId\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Dual Key Generation Input"
+        rlLog "Read Existing Certificate Input to verify Dual Key Generation Input is deleted"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"	
+        rlAssertNotGrep "DualKeyGeneration" "$admin_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0037: SUBCA - Admin Interface - Delete Certificate request output from Existing Profile"
+        local Input=certOutputImpl
+        local op_scope=profileOutput
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+	rlAssertGrep "o1=CertificateOutput" "$admin_out"
+        rlLog "Delete Existing Certificate Output"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_DELETE&OP_SCOPE=profileOutput&RS_ID=$profile&OUTPUTID=o1\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Delete Existing Certificate Output"
+	rlLog "Read Existing Outputs to verify Certificate Output is not present"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertNotGrep "o1=CertificateOutput" "$admin_out"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_profile-0038: SUBCA - Admin Interface - Enable Existing Profile"
+	rlLog "Enable a Disabled profile"
+	local action=Approve
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+	rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" -d \"profileId=$profile&Approve=$action\"  https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove > $admin_out"
+        rlLog "Verify if $profile is enabled by enabling using pki command"
+        rlRun "pki -h $tmp_ca_host -p $tmp_ca_port -d $CERTDB_DIR -c $CERTDB_DIR_PASSWORD  -n $valid_agent_cert ca-profile-enable $profile > $ca_profile_out 2>&1" 255,1 "Execute pki ca-profile-enable $profile"
+        rlAssertGrep "BadRequestException: Profile already enabled" "$ca_profile_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0039: SUBCA - Admin Interface - Disable Existing Profile"
+        rlLog "Disable a Enabled profile"
+        local action=Disable
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                -E \"$tmp_ca_agent:$CERTDB_DIR_PASSWORD\" \
+                -d \"profileId=$profile&Disable=$action\"  https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove"
+        rlLog "Disable profile $profile and verify profile is already disabled"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port  \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-disable $profile > $ca_profile_out 2>&1" \
+                255,1 "Disable already disabled profile $profile"
+        rlAssertGrep "BadRequestException: Profile already disabled" "$ca_profile_out"	
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_console_profile-0040: SUBCA - Admin Interface - Create a new profile as Admin Only user with caEnrollImpl with No Profile Authentication"
+        local profile="caUserCert$RANDOM"
+        local op_scope=rules
+        local op_type='OP_DELETE'
+        local class=caEnrollImpl
+        rlLog "Create new profile $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=rules&RS_ID=$profile&impl=$class&name=$profile&visible=true&auth=&desc=$profile\" \
+                -k  https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Create a new profile for user cert enrollment"
+        rlLog "List all default Profiles"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=rules&\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile >> $admin_out" 0 "List all default Profiles"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$profile=$profile:visible:disabled" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0041: SUBCA - Admin Interface - Add Key Generation Input "
+        rlLog "Add Key Generation Input"
+        local Input=keyGenInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i1;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Key Generation Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i1=KeyGeneration" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0042: SUBCA - Admin Interface - Add subject Name Input "
+        rlLog "Add Subject Name Input"
+        local Input=subjectNameInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i2;$Input&sn_uid=true&sn_e=true&sn_cn=true&sn_ou3=true&sn_ou2=true&sn_ou1=true&sn_ou=true&sn_o=true&sn_c=true\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Subject Name Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i2=SubjectName" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0043: SUBCA - Admin Interface - Add Requestor Information Input "
+        rlLog "Add Requestor Information"
+        local Input=submitterInfoInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i3;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Subject Name Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i3=RequestorInformation" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0044: SUBCA - Admin Interface - Add Certificate Output "
+        local Input=certOutputImpl
+        local op_scope=profileOutput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;o1;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Certificate Output to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "o1=CertificateOutput" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0045: SUBCA - Admin Interface - Add User Supplied Subject Name Input Default Policy"
+        local policy=userSubjectNameDefaultImpl
+        local policyname=UserSuppliedSubjectNameDefault
+        local constraintname=SubjectNameConstraint
+        local constraint=subjectNameConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p1;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject Info access extension default a1to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p1;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p1;$policy;$constraint&pattern=UID=.*\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0046: SUBCA - Admin Interface - Add NoDefault Policy"
+        local policy=noDefaultImpl
+        local policyname=NoDefault
+        local constraintname=RenewalGracePeriodConstraint
+        local constraint=renewGracePeriodConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p2;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy NoDefault to $profile"
+        rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p2;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p2;$policy;$constraint&renewal.graceBefore=30&renewal.graceAfter=30\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+        rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        #rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0047: SUBCA - Admin Interface - Add Validity Default Policy"
+        local policy=validityDefaultImpl
+        local policyname=ValidityDefault
+        local constraintname=ValidityConstraint
+        local constraint=validityConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p3;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Validity Default policy $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p3;$policy;$constraint&range=180&startTime=0\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p3;$policy;$constraint&range=365&notBeforeGracePeriod=0&notBeforeCheck=false&notAfterCheck=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0048: SUBCA - Admin Interface - Add Extended Key Usage Extension Default Policy"
+        local policy=extendedKeyUsageExtDefaultImpl
+        local policyname=ExtendedKeyUsageExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p4;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Extended Key Usage Extension Default to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p4;$policy;$constraint&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details" 0 
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p4;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0049: SUBCA - Admin Interface - Add Subject Alternative Name Extension Policy"
+        local policy=subjectAltNameExtDefaultImpl
+        local policyname=SubjectAlternativeNameExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p5;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject Alternative Name Extension to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p5;$policy;$constraint&subjAltNameExtCritical=false&subjAltNameNumGNs=1&subjAltExtType_0=RFC822Name&subjAltExtPattern_0='$request.requestor_email$'&subjAltExtGNEnable_0=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p5;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd	
+
+        rlPhaseStartTest "pki_console_profile-0049: SUBCA - Admin Interface - Add User Key Default Policy(Admin Only)"
+        local policy=userKeyDefaultImpl
+        local policyname=UserSuppliedKeyDefault
+        local constraintname=KeyConstraint
+        local constraint=keyConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p6;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Userkey Default to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p6;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p6;$policy;$constraint&keyType=-&keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0050: SUBCA - Admin Interface - Add Authority key Identifier Extension Default Policy"
+        local op_scope=policies
+        local policy=authorityKeyIdentifierExtDefaultImpl
+        local policyname=AuthorityKeyIdentifierExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=policies&RS_ID=$profile;set1:p7;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Authority Key Identifier Extension Default Policy to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p7;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p7;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0051: SUBCA - Admin Interface - Add Authority Info Access Extension Default Policy"
+        local op_scope=policies
+        local policy=authInfoAccessExtDefaultImpl
+        local policyname=AuthorityInfoAccessExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        rlLog "Add Policy" 
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=policies&RS_ID=$profile;set1:p8;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Authority Info Access Extension Default Policy to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p8;$policy;$constraint&authInfoAccessCritical=false&authInfoAccessNumADs=1&authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1&authInfoAccessADLocationType_0=URIName&authInfoAccessADLocation_0=&authInfoAccessADEnable_0=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p8;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Read all policies of $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=policies&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0052: SUBCA - Admin Interface - Add Key Usage Extension Default"
+        local policy=keyUsageExtDefaultImpl
+        local policyname=KeyUsageExtensionDefault
+        local constraintname=KeyUsageExtensionConstraint
+        local constraint=keyUsageExtConstraintImpl
+        rlLog "Add Key Usage Policy"
+        local op_scope=policies
+        local crlurl="https://$tmp_ca_host:$target_secure_port/crl/Mastercrl.bin"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p9;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Key Usage Extension Default to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p9;$policy;$constraint&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p9;$policy;$constraint&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0053: SUBCA - Admin Interface - Add Signing Algorithm Default Policy"
+        local policy=signingAlgDefaultImpl
+        local policyname=SigningAlgorithmDefault
+        local constraintname=SigningAlgorithmConstraint
+        local constraint=signingAlgConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Signing Algorithm Default to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint&signingAlg=SHA256withRSA\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint&signingAlgsAllowed=SHA1withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_pwd" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0054: SUBCA - Enroll a user certificate with newly created profile"
+        rlLog "Enable a Disabled profile"
+        local action=Approve
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"profileId=$profile&Approve=$action\"  https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove > $admin_out 2>&1"
+        rlLog "Verify $profile is by disabling the profile using pki cli"
+        rlLog "Verify if $profile is enabled by enabling using pki command"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port  \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out 2>&1" 255,1 "Execute pki ca-profile-enable $profile"
+        rlAssertGrep "BadRequestException: Profile already enabled" "$ca_profile_out"
+	local temp_user=foo_User_$RANDOM	
+        rlLog "Generate a cert with subject name CN=Foo User_1,UID=$Temp_user,E=$temp_user@example.org,OU=FOO,O=Example.org,C=US"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                req_type:pkcs10 \
+                algo:rsa \
+                key_size:1024 \
+                subject_cn:\"Foo User_1\" \
+                subject_uid:FooUser_1 \
+                subject_email:FooUser_1@example.org \
+                subject_ou:FOO \
+		subject_o:Example.org \
+                subject_c:US \
+                archive:false \
+                req_profile:$profile \
+                target_host:$tmp_ca_host \
+                protocol: \
+                port:$tmp_ca_port \
+                cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD \
+                certdb_nick:\"$valid_agent_cert\" \
+                cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+        rlRun "pki -h $tmp_ca_host -p $tmp_ca_port cert-show $cert_serialNumber > $cert_out" 0 "Executing pki cert-show $cert_serialNumber"
+        rlAssertGrep "Certificate \"$cert_serialNumber\"" "$cert_out"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Certificate,O=redhat" "$cert_out"
+        rlAssertGrep "Subject: $pkcs10_requestdn" "$cert_out"
+        rlAssertGrep "Status: VALID" "$cert_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0055: SUB CA Admin Interface - Creating a new profile by user member of Certificate Agents should fail"
+        local profile="caUserCert$RANDOM"
+        local op_scope=rules
+        local class=caEnrollImpl
+        rlLog "Create new profile $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_agent_user:$valid_agent_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=rules&RS_ID=$profile&impl=$class&name=$profile&visible=true&auth=&desc=$profile\" \
+                -k  https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Create a new profile as $valid_agent_user"
+	rlAssertGrep "You are not authorized to perform this operation" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_console_profile-0056: SUB CA Admin Interface - Creating a new profile by user member of Auditors group should fail"
+        local profile="caUserCert$RANDOM"
+        local op_scope=rules
+        local class=caEnrollImpl
+        rlLog "Create new profile $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_audit_user:$valid_audit_pwd" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=rules&RS_ID=$profile&impl=$class&name=$profile&visible=true&auth=&desc=$profile\" \
+                -k  https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Create a new profile as $valid_audit_user"
+        rlAssertGrep "You are not authorized to perform this operation" "$admin_out"
+        rlPhaseEnd
+
+	rlPhaseStartCleanup "Delete temp dir"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlPhaseEnd
+
+}
diff --git a/tests/dogtag/acceptance/legacy/subca-tests/profiles/subca-ag-profiles.sh b/tests/dogtag/acceptance/legacy/subca-tests/profiles/subca-ag-profiles.sh
new file mode 100755
index 000000000..6c02064f6
--- /dev/null
+++ b/tests/dogtag/acceptance/legacy/subca-tests/profiles/subca-ag-profiles.sh
@@ -0,0 +1,691 @@
+#!/bin/bash
+# vim: dict=/usr/share/beakerlib/dictionary.vim cpt=.,w,b,u,t,i,k
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   runtest.sh of /CoreOS/rhcs/acceptance/cli-tests/pki-ca-profile-cli
+#   Description: PKI CA PROFILE CLI tests
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+# The following pki key cli commands needs to be tested:
+#  pki ca-profile-add
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Author: Niranjan Mallapadi <mniranja@redhat.com>
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+#
+#   Copyright (c) 2013 Red Hat, Inc. All rights reserved.
+#
+#   This copyrighted material is made available to anyone wishing
+#   to use, modify, copy, or redistribute it subject to the terms
+#   and conditions of the GNU General Public License version 2.
+#
+#   This program is distributed in the hope that it will be
+#   useful, but WITHOUT ANY WARRANTY; without even the implied
+#   warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR
+#   PURPOSE. See the GNU General Public License for more details.
+#
+#   You should have received a copy of the GNU General Public
+#   License along with this program; if not, write to the Free
+#   Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
+#   Boston, MA 02110-1301, USA.
+#
+# ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+# Include rhts environment
+. /usr/bin/rhts-environment.sh
+. /usr/share/beakerlib/beakerlib.sh
+. /opt/rhqa_pki/rhcs-shared.sh
+. /opt/rhqa_pki/pki-cert-cli-lib.sh
+. /opt/rhqa_pki/env.sh
+
+run_agent-subca-profile_tests()
+{
+
+	 # Creating Temporary Directory
+        rlPhaseStartSetup "Create Temporary Directory"
+        rlRun "TmpDir=\`mktemp -d\`" 0 "Creating tmp directory"
+        rlRun "pushd $TmpDir"
+        rlRun "export PYTHONPATH=$PYTHONPATH:/opt/rhqa_pki/"
+        rlPhaseEnd
+
+        # Local Variables
+        local cs_Type=$1
+        local cs_Role=$2
+        get_topo_stack $cs_Role $TmpDir/topo_file
+        if [ $cs_Role="MASTER" ]; then
+                 SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_SUBCA | cut -d= -f2)
+        elif [ $cs_Role="SUBCA2" || $cs_Role="SUBCA1" ]; then
+                SUBCA_INST=$(cat $TmpDir/topo_file | grep MY_CA | cut -d= -f2)
+        fi
+        local tomcat_name=$(eval echo \$${SUBCA_INST}_TOMCAT_INSTANCE_NAME)
+        local target_unsecure_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local target_secure_port=$(eval echo \$${SUBCA_INST}_SECURE_PORT)
+        local tmp_ca_agent=$SUBCA_INST\_agentV
+        local tmp_ca_admin=$SUBCA_INST\_adminV
+        local tmp_ca_port=$(eval echo \$${SUBCA_INST}_UNSECURE_PORT)
+        local tmp_ca_host=$(eval echo \$${cs_Role})
+        local valid_agent_cert=$SUBCA_INST\_agentV
+        local valid_audit_cert=$SUBCA_INST\_auditV
+        local valid_operator_cert=$SUBCA_INST\_operatorV
+        local valid_admin_cert=$SUBCA_INST\_adminV
+	local cert_find_info="$TmpDir/cert_find_info"
+        local revoked_agent_cert=$SUBCA_INST\_agentR
+        local revoked_admin_cert=$SUBCA_INST\_adminR
+        local expired_admin_cert=$SUBCA_INST\_adminE
+        local expired_agent_cert=$SUBCA_INST\_agentE
+	#users
+	local valid_agent_user=$SUBCA_INST\_agentV
+	local valid_audit_user=$SUBCA_INST\_auditV
+	local valid_operator_user=$SUBCA_INST\_operatorV
+	local valid_admin_user=$SUBCA_INST\_adminV
+	local admin_out="$TmpDir/admin_out"
+        local TEMP_NSS_DB="$TmpDir/nssdb"
+        local TEMP_NSS_DB_PWD="redhat"
+        local cert_info="$TmpDir/cert_info"
+        local ca_profile_out="$TmpDir/ca-profile-out"
+        local cert_out="$TmpDir/cert-show.out"
+        local rand=$RANDOM
+        local tmp_junk_data=$(openssl rand -base64 50 |  perl -p -e 's/\n//')        
+	local SSL_DIR=$CERTDB_DIR
+
+	rlPhaseStartSetup "CA Admin Interface - Create a new profile as Admin Only user with caEnrollImpl with No Profile Authentication"
+        local profile="caUserCert$RANDOM"
+        local op_scope=rules
+        local class=caEnrollImpl
+        rlLog "Create new profile $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=rules&RS_ID=$profile&impl=$class&name=$profile&visible=true&auth=&desc=$profile\" \
+                -k  https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Create a new profile for user cert enrollment"
+        rlLog "List all default Profiles"
+        rlRun "curl --capath "$CERTDB_DIR" --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_SEARCH&OP_SCOPE=rules&\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile >> $admin_out" 0 "List all default Profiles"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$profile=$profile:visible:disabled" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Key Generation Input "
+        rlLog "Add Key Generation Input"
+        local Input=keyGenInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i1;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Key Generation Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i1=KeyGeneration" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add subject Name Input "
+        rlLog "Add Subject Name Input"
+        local Input=subjectNameInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i2;$Input&sn_uid=true&sn_e=true&sn_cn=true&sn_ou3=true&sn_ou2=true&sn_ou1=true&sn_ou=true&sn_o=true&sn_c=true\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Subject Name Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i2=SubjectName" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Requestor Information Input "
+        rlLog "Add Requestor Information"
+        local Input=submitterInfoInputImpl
+        local op_scope=profileInput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;i3;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Subject Name Input to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "i3=RequestorInformation" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Certificate Output "
+        local Input=certOutputImpl
+        local op_scope=profileOutput
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;o1;$Input\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Certificate Output to $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "o1=CertificateOutput" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add User Supplied Subject Name Input Default Policy"
+        local policy=userSubjectNameDefaultImpl
+        local policyname=UserSuppliedSubjectNameDefault
+        local constraintname=SubjectNameConstraint
+        local constraint=subjectNameConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p1;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject Info access extension default a1to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p1;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p1;$policy;$constraint&pattern=UID=.*\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add NoDefault Policy"
+        local policy=noDefaultImpl
+        local policyname=NoDefault
+        local constraintname=RenewalGracePeriodConstraint
+        local constraint=renewGracePeriodConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p2;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy NoDefault to $profile"
+        rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p2;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+        rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p2;$policy;$constraint&renewal.graceBefore=30&renewal.graceAfter=30\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+        rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        #rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Validity Default Policy"
+        local policy=validityDefaultImpl
+        local policyname=ValidityDefault
+        local constraintname=ValidityConstraint
+        local constraint=validityConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p3;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Validity Default policy $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p3;$policy;$constraint&range=180&startTime=0\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p3;$policy;$constraint&range=365&notBeforeGracePeriod=0&notBeforeCheck=false&notAfterCheck=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Extended Key Usage Extension Default Policy"
+        local policy=extendedKeyUsageExtDefaultImpl
+        local policyname=ExtendedKeyUsageExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p4;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Extended Key Usage Extension Default to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p4;$policy;$constraint&exKeyUsageCritical=false&exKeyUsageOIDs=1.3.6.1.5.5.7.3.2,1.3.6.1.5.5.7.3.4\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details" 0 
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p4;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Subject Alternative Name Extension Policy"
+        local policy=subjectAltNameExtDefaultImpl
+        local policyname=SubjectAlternativeNameExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p5;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile" 0 "Add Policy Subject Alternative Name Extension to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p5;$policy;$constraint&subjAltNameExtCritical=false&subjAltNameNumGNs=1&subjAltExtType_0=RFC822Name&subjAltExtPattern_0='$request.requestor_email$'&subjAltExtGNEnable_0=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p5;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd	
+
+        rlPhaseStartSetup "Admin Interface - Add User Key Default Policy(Admin Only)"
+        local policy=userKeyDefaultImpl
+        local policyname=UserSuppliedKeyDefault
+        local constraintname=KeyConstraint
+        local constraint=keyConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p6;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Userkey Default to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p6;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p6;$policy;$constraint&keyType=-&keyParameters=1024,2048,3072,4096,nistp256,nistp384,nistp521\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Authority key Identifier Extension Default Policy"
+        local op_scope=policies
+        local policy=authorityKeyIdentifierExtDefaultImpl
+        local policyname=AuthorityKeyIdentifierExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=policies&RS_ID=$profile;set1:p7;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Authority Key Identifier Extension Default Policy to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p7;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p7;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Authority Info Access Extension Default Policy"
+        local op_scope=policies
+        local policy=authInfoAccessExtDefaultImpl
+        local policyname=AuthorityInfoAccessExtensionDefault
+        local constraintname=NoConstraint
+        local constraint=noConstraintImpl
+        rlLog "Add Policy" 
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=policies&RS_ID=$profile;set1:p8;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Authority Info Access Extension Default Policy to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p8;$policy;$constraint&authInfoAccessCritical=false&authInfoAccessNumADs=1&authInfoAccessADMethod_0=1.3.6.1.5.5.7.48.1&authInfoAccessADLocationType_0=URIName&authInfoAccessADLocation_0=&authInfoAccessADEnable_0=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p8;$policy;$constraint\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Read all policies of $profile"
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=policies&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Key Usage Extension Default"
+        local policy=keyUsageExtDefaultImpl
+        local policyname=KeyUsageExtensionDefault
+        local constraintname=KeyUsageExtensionConstraint
+        local constraint=keyUsageExtConstraintImpl
+        rlLog "Add Key Usage Policy"
+        local op_scope=policies
+        local crlurl="https://$tmp_ca_host:$target_secure_port/crl/Mastercrl.bin"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p9;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Key Usage Extension Default to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p9;$policy;$constraint&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p9;$policy;$constraint&keyUsageCritical=true&keyUsageDigitalSignature=true&keyUsageNonRepudiation=true&keyUsageKeyEncipherment=true&keyUsageDataEncipherment=false&keyUsageKeyAgreement=false&keyUsageKeyCertSign=false&keyUsageCrlSign=false&keyUsageEncipherOnly=false&keyUsageDecipherOnly=false\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Admin Interface - Add Signing Algorithm Default Policy"
+        local policy=signingAlgDefaultImpl
+        local policyname=SigningAlgorithmDefault
+        local constraintname=SigningAlgorithmConstraint
+        local constraint=signingAlgConstraintImpl
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Signing Algorithm Default to $profile"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        local op_scope=defaultPolicy
+        rlLog "Add $policy Details"
+        rlRun "curl --capath "$CERTDB_DIR" \
+                --basic --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint&signingAlg=SHA256withRSA\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Add Policy Details"
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Add Policy Constraint"
+        local op_scope=constraintPolicy
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_ADD&OP_SCOPE=$op_scope&RS_ID=$profile;set1:p10;$policy;$constraint&signingAlgsAllowed=SHA1withRSA,MD5withRSA,MD2withRSA,SHA1withDSA,SHA256withRSA,SHA512withRSA,SHA1withEC,SHA256withEC,SHA384withEC,SHA512withEC\" -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0
+	rlAssertNotGrep "The server encountered an internal error" "$admin_out"
+        rlLog "Get all policies of $profile"
+        local op_scope=policies
+        rlRun "curl --capath "$CERTDB_DIR" --basic \
+                --user "$valid_admin_user:$valid_admin_user\_password" \
+                -d \"OP_TYPE=OP_READ&OP_SCOPE=$op_scope&RS_ID=$profile\" \
+                -k https://$tmp_ca_host:$target_secure_port/ca/caprofile > $admin_out" 0 "Read all existing policies of $profile"
+        rlRun "process_curl_output $admin_out" 0 "Process curl output file"
+        rlAssertGrep "$policyname:$constraintname" "$admin_out"
+        rlPhaseEnd
+
+        rlPhaseStartSetup "Enroll a user certificate with newly created profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port  \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out 2>&1" 0  "Execute pki ca-profile-enable $profile"
+	local temp_user=foo_User_$RANDOM	
+        rlLog "Generate a cert with subject name CN=Foo User_1,UID=$Temp_user,E=$temp_user@example.org,OU=FOO,O=Example.org,C=US"
+        rlRun "generate_new_cert tmp_nss_db:$TEMP_NSS_DB \
+                tmp_nss_db_pwd:$TEMP_NSS_DB_PWD \
+                req_type:pkcs10 \
+                algo:rsa \
+                key_size:1024 \
+                subject_cn:\"Foo User_1\" \
+                subject_uid:FooUser_1 \
+                subject_email:FooUser_1@example.org \
+                subject_ou:FOO \
+		subject_o:Example.org \
+                subject_c:US \
+                archive:false \
+                req_profile:$profile \
+                target_host:$tmp_ca_host \
+                protocol: \
+                port:$tmp_ca_port \
+                cert_db_dir:$CERTDB_DIR \
+                cert_db_pwd:$CERTDB_DIR_PASSWORD \
+                certdb_nick:\"$valid_agent_cert\" \
+                cert_info:$cert_info"
+	local cert_serialNumber=$(cat $cert_info| grep cert_serialNumber | cut -d- -f2)
+        local cert_requestdn=$(cat $cert_info | grep cert_requestdn | cut -d- -f2)
+        rlRun "pki -h $tmp_ca_host -p $tmp_ca_port cert-show $cert_serialNumber > $cert_out" 0 "Executing pki cert-show $cert_serialNumber"
+        rlAssertGrep "Certificate \"$cert_serialNumber\"" "$cert_out"
+        rlAssertGrep "Serial Number: $cert_serialNumber" "$cert_out"
+        rlAssertGrep "Issuer: CN=PKI $SUBCA_INST Signing Certificate,O=redhat" "$cert_out"
+        rlAssertGrep "Subject: $pkcs10_requestdn" "$cert_out"
+        rlAssertGrep "Status: VALID" "$cert_out"
+        rlPhaseEnd
+
+	rlPhaseStartTest "pki_subca_agent_profile-001: SUBCA - Verify Disabling the profile with Admin only cert fails"
+	rlRun "export SSL_DIR=$CERTDB_DIR"
+        rlLog "Disable a Enabled profile"
+        local action=Disable
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                -E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"profileId=$profile&Disable=$action\"  https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove"
+        rlLog "Disable profile $profile and verify profile is already disabled"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port  \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out 2>&1" \
+                255,1 "Enable already Enabled profile $profile"
+        rlAssertGrep "BadRequestException: Profile already enabled" "$ca_profile_out"
+	rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_agent_profile-002: SUBCA - Verify Enabling the profile with Admin cert fails"
+	rlLog "Disable profile using Agent Cert"
+	local action="Disable"
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                -E \"$valid_agent_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"profileId=$profile&$action=$action\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove > $admin_out"
+        rlLog "Enable a Disabled profile"
+        local action=Approve
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+		-E \"$valid_admin_cert:$CERTDB_DIR_PASSWORD\" \
+		-d \"profileId=$profile&$action=$action\"  \
+		https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove > $admin_out"
+        rlLog "Verify if $profile is enabled by enabling using pki command"
+        rlRun "pki -h $tmp_ca_host \
+		-p $tmp_ca_port \
+		-d $CERTDB_DIR \
+		-c $CERTDB_DIR_PASSWORD  \
+		-n $valid_agent_cert ca-profile-disable $profile > $ca_profile_out 2>&1" 255,1 "Execute pki ca-profile-enable $profile"
+        rlAssertGrep "BadRequestException: Profile already disabled" "$ca_profile_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_agent_profile-003: SUBCA - Verify Disabling the profile with Audit cert fails"
+        rlLog "Enable $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out"
+        rlAssertGrep "Enabled profile \"$profile\"" "$ca_profile_out"
+        rlLog "Disable a Enabled profile"
+        local action=Disable
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                -E \"$valid_audit_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"profileId=$profile&$action=$action\"  https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove"
+        rlLog "Disable profile $profile and verify profile is already disabled"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port  \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out 2>&1" \
+                255,1 "Enable already Enabled profile $profile"
+        rlAssertGrep "BadRequestException: Profile already enabled" "$ca_profile_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_agent_profile-004: SUBCA - Verify Enabling a disabled profile with Audit cert fails"
+        rlLog "Disable $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-disable $profile > $ca_profile_out"
+        rlAssertGrep "Disabled profile \"$profile\"" "$ca_profile_out"
+        rlLog "Enable a Disabled profile"
+        local action=Approve
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                -E \"$valid_audit_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"profileId=$profile&Approve=$action\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove > $admin_out"
+        rlLog "Verify if $profile is disabled by disabling using pki command"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD  \
+                -n $valid_agent_cert ca-profile-disable $profile > $ca_profile_out 2>&1" 255,1 "Execute pki ca-profile-disable $profile"
+        rlAssertGrep "BadRequestException: Profile already disabled" "$ca_profile_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_agent_profile-005: SUBCA - Verify Disabling the enabled profile with Operator cert fails"
+        rlLog "Enable $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out"
+        rlAssertGrep "Enabled profile \"$profile\"" "$ca_profile_out"
+        rlLog "Disable a Enabled profile"
+        local action=Disable
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                -E \"$valid_operator_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"profileId=$profile&Disable=$action\"  https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove"
+        rlLog "verify profile is in enabled state by enabling it again using pki ca-profile-enable"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port  \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-enable $profile > $ca_profile_out 2>&1" \
+                255,1 "Enable already Enabled profile $profile"
+        rlAssertGrep "BadRequestException: Profile already enabled" "$ca_profile_out"
+        rlPhaseEnd
+
+        rlPhaseStartTest "pki_subca_agent_profile-006: SUBCA - Verify Enabling a disabled profile with Operator cert fails"
+        rlLog "Disable $profile"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD \
+                -n $valid_agent_cert \
+                ca-profile-disable $profile > $ca_profile_out"
+        rlLog "Enable a Disabled profile"
+        local action=Approve
+        rlRun "curl --cacert $CERTDB_DIR/ca_cert.pem  \
+                -E \"$valid_operator_cert:$CERTDB_DIR_PASSWORD\" \
+                -d \"profileId=$profile&Approve=$action\"  \
+                https://$tmp_ca_host:$target_secure_port/ca/agent/ca/profileApprove > $admin_out"
+        rlLog "Verify if $profile is disabled by disabling using pki command which should fail"
+        rlRun "pki -h $tmp_ca_host \
+                -p $tmp_ca_port \
+                -d $CERTDB_DIR \
+                -c $CERTDB_DIR_PASSWORD  \
+                -n $valid_agent_cert ca-profile-disable $profile > $ca_profile_out 2>&1" 255,1 "Execute pki ca-profile-enable $profile"
+        rlAssertGrep "BadRequestException: Profile already disabled" "$ca_profile_out"
+        rlPhaseEnd
+	
+	rlPhaseStartCleanup "Delete temp dir"
+        rlRun "popd"
+        rlRun "rm -r $TmpDir" 0 "Removing tmp directory"
+        rlPhaseEnd	
+
+}
diff --git a/tests/dogtag/runtest.sh b/tests/dogtag/runtest.sh
index f129a7be1..e6b2cfadf 100755
--- a/tests/dogtag/runtest.sh
+++ b/tests/dogtag/runtest.sh
@@ -197,10 +197,18 @@
 . ./acceptance/legacy/subca-tests/crlissuingpoint/subca-ad-crlissuingpoints.sh
 . ./acceptance/legacy/subca-tests/publishing/subca-ad-publishing.sh
 . ./acceptance/legacy/subca-tests/crls/subca-ag-crls.sh
+. ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-certificates.sh
+. ./acceptance/legacy/subca-tests/cert-enrollment/subca-ag-requests.sh
+. ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-enrollments.sh
+. ./acceptance/legacy/subca-tests/cert-enrollment/subca-ee-retrieval.sh
+. ./acceptance/legacy/subca-tests/profiles/subca-ad-profiles.sh
+. ./acceptance/legacy/subca-tests/profiles/subca-ag-profiles.sh
+. ./acceptance/legacy/subca-tests/logs/subca-ad-logs.sh
 . ./acceptance/legacy/drm-tests/acls/drm-ad-acls.sh
 . ./acceptance/legacy/drm-tests/agent/drm-ag-tests.sh
 . ./acceptance/legacy/drm-tests/internaldb/drm-ad-internaldb.sh
 . ./acceptance/legacy/drm-tests/usergroups/drm-ad-usergroups.sh
+. ./acceptance/legacy/drm-tests/logs/drm-ad-logs.sh
 . ./acceptance/bugzilla/bug_setup.sh
 . ./acceptance/bugzilla/bug_uninstall.sh
 . ./acceptance/bugzilla/tomcatjss-bugs/bug-1058366.sh
@@ -1544,6 +1552,11 @@ rlJournalStart
 		subsystemType=kra
 		run_admin-kra-internaldb_tests $subsystemType $MYROLE
 	fi
+	PKI_LEGACY_KRA_AD_LOGS_UPPERCASE=$(echo $PKI_LEGACY_KRA_AD_LOGS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_KRA_AD_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=kra
+		run_admin-kra-log_tests $subsystemType $MYROLE
+	fi
 	PKI_LEGACY_SUBCA_ADMIN_ACLS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_ACLS | tr [a-z] [A-Z])
         if [ "$PKI_LEGACY_SUBCA_ADMIN_ACLS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
                 subsystemType=ca
@@ -1574,6 +1587,41 @@ rlJournalStart
                 subsystemType=ca
                 run_agent-subca-crls_tests $subsystemType $MYROLE
         fi
+	PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_CERTIFICATES | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_SUBCA_AG_CERTIFICATES_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		run_subca-ag-certificates_tests $subsystemType $MYROLE
+	fi
+	PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AG_REQUESTS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_SUBCA_AG_REQUESTS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		run_subca-ag-requests_tests $subsystemType $MYROLE
+	fi
+	PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_ENROLLMENT | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_SUBCA_EE_ENROLLMENT_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		run_ee-subca-enrollment_tests $subsystemType $MYROLE
+	fi
+	PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_EE_RETRIEVAL | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_SUBCA_EE_RETRIEVAL_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		run_ee-subca-retrieval_tests $subsystemType $MYROLE
+	fi
+	PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_PROFILE | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_SUBCA_ADMIN_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		run_admin-subca-profile_tests $subsystemType $MYROLE
+	fi
+	PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_AGENT_PROFILE | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_SUBCA_AGENT_PROFILE_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		run_agent-subca-profile_tests $subsystemType $MYROLE
+	fi
+	PKI_LEGACY_SUBCA_ADMIN_LOGS_UPPERCASE=$(echo $PKI_LEGACY_SUBCA_ADMIN_LOGS | tr [a-z] [A-Z])
+	if [ "$PKI_LEGACY_SUBCA_ADMIN_LOGS_UPPERCASE" = "TRUE" ] || [ "$TEST_ALL_UPPERCASE" = "TRUE" ]; then
+		subsystemType=ca
+		run_admin-subca-log_tests $subsystemType $MYROLE
+	fi	
 	rlPhaseEnd
 	######## DEV UNIT TESTS ############
 	DEV_JAVA_TESTS_UPPERCASE=$(echo $DEV_JAVA_TESTS | tr [a-z] [A-Z])