Bug 249412

Summary: CA reports error to Auto Enrollment Proxy on certificate request attempt
Product: Red Hat Certificate System Reporter: Issue Tracker <tao>
Component: CAAssignee: Christina Fu <cfu>
Status: CLOSED NOTABUG QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.1CC: benl, jgalipea, tao
Target Milestone: rcKeywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-12-11 20:18:04 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 445047    

Description Issue Tracker 2007-07-24 15:44:12 UTC 
Escalated to Bugzilla from IssueTracker
Comment 1 Issue Tracker 2007-07-24 15:44:23 UTC 
Description of problem:
The auto enrollment proxy (v1.0.0) is set up and it appears that we are connecting to August Schell's Red Hat 7.1 CA. A manual request is submitted to the CA (right-click in Personal(Local Computer) Store and select Request New Certificate) When 'Finish' is clicked, a message is presented that says: "The certificate request cannot be created. The requested property value is empty."  The error log on the Microsoft console (included as log0601407.txt) indicates that a HTTP message was received back that says "The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it." 

The Red Hat CA error log file contains the following information:

[14/Jun/2007:12:43:55] security ( 5979): get_auth_user_ssl: unable to map cert to LDAP entry. Reason: No such object, Issuer: "CN=ASE-test DOD CA-17,OU=PKI,OU=DoD,O=U.S. Government,C=US", User: "CN=ASE-test DOD CA-17 Agent,UID=rh-admin,OU="PKI, OU=DoD",O=U.S. Government,C=US"
[14/Jun/2007:12:43:55] warning ( 5979): for host 10.10.10.200 trying to POST /ca/profileSubmitSSLClient, send-file reports: can't find /opt/redhat-cs/cert-id/web-apps/agent/ca/profileSubmitSSLClient (File not found)


How reproducible:
Submit a manual request to the CA from the proxy.

Steps to Reproduce:

Actual results:
says "The requested object does not exist on this server. The link you followed is either outdated, inaccurate, or the server has been instructed not to let you have it." 

Expected results:
A domain controller certificate.

Additional info:
This event sent from IssueTracker by ble  [SEG - Certificate System Engineering]
 issue 124069
Comment 2 Issue Tracker 2007-07-24 15:44:28 UTC 
This is a feature request, so I would like to keep it open to document the
customers requirement to have 7.1 support.  I only have privelges to set
it to w/o seg.  I can't set it to w/o product management nor can I set it
to w/o engineering.  Could you please set it to either  one of those.

Internal Status set to 'Waiting on SEG'

This event sent from IssueTracker by ble  [SEG - Certificate System
Engineering]
 issue 124069
Comment 3 Red Hat Bugzilla 2007-10-27 15:33:21 UTC 
User nkwan's account has been closed