Bug 1548124
Summary: | CMCAuth throws org.mozilla.jss.crypto.TokenException: Unable to insert certificate into temporary database | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Geetika Kapoor <gkapoor> | |
Component: | pki-core | Assignee: | Christina Fu <cfu> | |
Status: | CLOSED ERRATA | QA Contact: | Asha Akkiangady <aakkiang> | |
Severity: | urgent | Docs Contact: | ||
Priority: | urgent | |||
Version: | 7.5 | CC: | cfu, mharmsen, msauton | |
Target Milestone: | rc | Keywords: | TestCaseProvided, ZStream | |
Target Release: | --- | |||
Hardware: | All | |||
OS: | Linux | |||
Whiteboard: | ||||
Fixed In Version: | Doc Type: | No Doc Update | ||
Doc Text: |
undefined
|
Story Points: | --- | |
Clone Of: | ||||
: | 1550581 (view as bug list) | Environment: | ||
Last Closed: | 2018-10-30 11:05:27 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: | ||||
Bug Depends On: | ||||
Bug Blocks: | 1550581 |
Description
Geetika Kapoor
2018-02-22 19:15:31 UTC
Some basic test scenarios: Agent signed (CMCAuth): a. Sign cmc request with agent cert that's expired b. Sign cmc request with agent cert that's signed by an unknown (untrusted) CA ( I don't expect any of the above to pass SSL client authentication) c. Sign cmc request with agent cert that's revoked (depending on the configuration, revoked ssl client cert might have been caught at ssl client auth as well; but failing that, I believe agent auth checks that; please confirm and document the behavior) User signed (CMCUserSignedAuth): a. Sign cmc request with user cert that's expired b. Sign cmc request with user cert that's signed by an unknown (untrusted) CA (I don't expect any of the above to pass SSL client authentication) c. Sign cmc request with user cert that's revoked (depending on the configuration, revoked ssl client cert might have been caught at ssl client auth as well; but failing that, CMCUserSignedAuth checks that; please confirm and document the behavior) https://pagure.io/dogtagpki/issue/2949#comment-496497 cherry-picked to DOGTAG_10_5_BRANCH Test Env: rpm -qa pki-ca pki-ca-10.5.9-5.el7.noarch Test case: CMCUserSignedAuth works as expected without issues. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2018:3195 |