Bug 1535313
Summary: | Not able to import certificate on secure port. | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Amol K <akahat> |
Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 8.2 | CC: | aakkiang, edewata, gkapoor, gswami, mharmsen |
Target Milestone: | rc | Flags: | gkapoor:
needinfo-
|
Target Release: | 8.2 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | pki-core-10.6-8020020200210191644.c7c3114f | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-04-28 15:45:17 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Amol K
2018-01-17 06:16:22 UTC
Per PKI Team Meeting of 20180118 moving to RHEL 7.6. Moved to RHEL 7.7. It's not clear when the issue was fixed, but it seems to be working in PKI 10.8 (RHEL 8.2). Done Endi. Thanks Geetika! Tested Version: ------------------------------- [root@pki1 ~]# rpm -qi pki-ca Name : pki-ca Version : 10.8.2 Release : 1.module+el8.2.0+5758+57f3761f Architecture: noarch Install Date: Wed 19 Feb 2020 04:39:43 AM EST Group : Unspecified Size : 2641321 License : GPLv2 and LGPLv2 Signature : RSA/SHA256, Mon 17 Feb 2020 03:17:05 AM EST, Key ID 199e2f91fd431d51 Source RPM : pki-core-10.8.2-1.module+el8.2.0+5758+57f3761f.src.rpm Build Date : Mon 17 Feb 2020 01:36:04 AM EST Build Host : arm64-036.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : http://www.dogtagpki.org/ Summary : PKI CA Package ------------------------------------ Case 1: ========== ---------------------------------------- [root@pki1 ~]# pki-server status topology-02-CA Instance ID: topology-02-CA Active: True Unsecure Port: 20080 Secure Port: 20443 Tomcat Port: 20005 CA Subsystem: Type: Root CA (Security Domain) SD Registration URL: https://pki1.example.com:20443 Enabled: True Unsecure URL: http://pki1.example.com:20080/ca/ee/ca Secure Agent URL: https://pki1.example.com:20443/ca/agent/ca Secure EE URL: https://pki1.example.com:20443/ca/ee/ca Secure Admin URL: https://pki1.example.com:20443/ca/services PKI Console URL: https://pki1.example.com:20443/ca -------------------------------- -------------------------------- [root@pki1 ~]# pki -v -d /tmp/testdb -c SECret.123 -P https -p 20443 client-cert-import testuser --serial 0x31 INFO: PKI options: -v -d /tmp/testdb -c SECret.123 INFO: PKI command: https -P https -p 20443 client-cert-import testuser --serial 0x31 INFO: Java command: /usr/lib/jvm/jre-1.8.0-openjdk/bin/java -cp /usr/share/pki/lib/* -Djava.util.logging.config.file=/usr/share/pki/etc/logging.properties com.netscape.cmstools.cli.MainCLI -d /tmp/testdb -c SECret.123 -v -P https -p 20443 client-cert-import testuser --serial 0x31 INFO: Server URL: https://pki1.example.com:20443 INFO: NSS database: /tmp/testdb INFO: Message format: null INFO: Command: client-cert-import testuser --serial 0x31 INFO: Module: client INFO: Module: cert-import INFO: Initializing NSS INFO: Logging into internal token INFO: Using internal token INFO: Importing certificate 0x31 from https://pki1.example.com:20443 INFO: HTTP request: GET /ca/rest/certs/49 HTTP/1.1 INFO: Accept: application/xml INFO: Host: pki1.example.com:20443 INFO: Connection: Keep-Alive INFO: User-Agent: Apache-HttpClient/4.5.5 (Java/1.8.0_242) INFO: Server certificate: CN=pki1.example.com,OU=topology-02-CA,O=topology-02_Foobarmaster.org WARNING: UNTRUSTED ISSUER encountered on 'CN=pki1.example.com,OU=topology-02-CA,O=topology-02_Foobarmaster.org' indicates a non-trusted CA cert 'CN=CA Signing Certificate,OU=topology-02-CA,O=topology-02_Foobarmaster.org' Trust this certificate (y/N)? y INFO: Importing certificate as CN=pki1.example.com,OU=topology-02-CA,O=topology-02_Foobarmaster.org INFO: Trusting certificate INFO: HTTP response: HTTP/1.1 200 INFO: Content-Type: application/xml;charset=UTF-8 INFO: Transfer-Encoding: chunked INFO: Date: Thu, 20 Feb 2020 09:19:38 GMT Imported certificate "testuser" [root@pki1 ~]# -------------------------------- ---------------------------------------- [root@pki1 ~]# certutil -L -d /tmp/nssdb/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI PKI CA Administrator for Example.Org u,u,u RootCA CT,C,C testuser ,, [root@pki1 ~]# ---------------------------------------- As observed in POC , it could be seen that fix is working as expected. Hence, marking this Bugzilla as verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:1644 |