Bug 1462812

Summary: pki Client cert import --ca-server is failing for HTTPS port and protocol.
Product: Red Hat Enterprise Linux 8 Reporter: Amol K <akahat>
Component: pki-coreAssignee: RHCS Maintainers <rhcs-maint>
Status: CLOSED NEXTRELEASE QA Contact: Asha Akkiangady <aakkiang>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.3CC: akahat, ascheel, mharmsen
Target Milestone: rcKeywords: GSSTriaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2020-11-24 16:53:09 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Attachment 1, Scenario 1
none
Attachment 2, Scenario 2 none

Description Amol K 2017-06-19 15:26:53 UTC 
Description of problem:

While importing the certificate using the https port and protocol it throws the traceback as Error: Certificate database not initialized.

Version-Release number of selected component (if applicable):
PKI Command-Line Interface 10.4.1-9.el7


How reproducible:
Always

Steps to Reproduce:
## First scenario:

1. pki -d nssdb -c Secret123 -h pki1.example.com -p 20080 client-init 
# Initiated the client directory with HTTP port.

2. pki -d nssdb -c Secret123 -h pki1.example.com -p 20080 client-cert-import --ca-server 
# Imported the CA Signing cert using HTTP port and imported the admin cert using '--serial 0x6'

# If I try to import another user's certificate with https port and protocol it throws an exception.
3. pki -d nssdb -c Secret123 -h pki1.example.com -p 20443 -P https -n "PKI CA Administrator for Example.Org" client-cert-import --serial 0x54
# see log attachment 1 [details]

## Second Scenario:
If I started with the HTTPS client-init.
1. pki -d nssdb -c Secret123 -h pki1.example.com -p 20443 -P https client-init
------------------
Client initialized
------------------

2.  pki -d nssdb/ -c Secret123 -h pki1.example.com -p 20080 -P https client-cert-import --ca-server
FATAL: SSL alert sent: RECORD_OVERFLOW
IOException: SocketException cannot write on socket

# see log attachment2 [details]

Actual results:
Error: Certificate database not initialized.

Expected results:
It should import the certificate in the client directory.

Additional info:
Comment 2 Amol K 2017-06-19 15:27:52 UTC 
Created attachment 1289139 [details]
Attachment 1 [details], Scenario 1
Comment 3 Amol K 2017-06-19 15:28:29 UTC 
Created attachment 1289140 [details]
Attachment 2 [details], Scenario 2
Comment 4 Asha Akkiangady 2017-06-22 16:47:54 UTC 
Amol,

Scenario 2 step #2 is tested with https with unsecure port. Please re-test.

Thanks,
Asha
Comment 5 Amol K 2017-06-22 17:23:11 UTC 
Hi Asha, 

Yes, scenario 2 step #2 is not valid in this bug. 

Following is the correct one:

2. [root@pki1 ~]# pki -d nssdb/ -c Secret123 -h pki1.example.com -p 20443 -P https client-cert-import --serial 0x6 "Admin Cert"
Error: Certificate database not initialized.

Sorry for the inconvenience.
Comment 6 Matthew Harmsen 2017-10-25 22:53:44 UTC 
[20171025] - RHEL 7.5 pre-Alpha Offline Triage ==> 7.6
Comment 7 Matthew Harmsen 2018-07-04 00:19:10 UTC 
Moved to RHEL 7.7.