Bug 440348

Summary: FF3 error after installing new CA instance
Product: [Retired] Dogtag Certificate System Reporter: Bob Lord <blord>
Component: CAAssignee: Jack Magne <jmagne>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: high    
Version: unspecifiedCC: benl
Target Milestone: 1.0   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-22 23:28:09 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788    
Attachments:
Description Flags
screenshot of FF3 error none

Description Bob Lord 2008-04-02 23:28:01 UTC 
Description of problem:
After installing a CA instance, you restart the server.  The process looks like
this:
==
  # service pki-ca restart
  Stopping pki-ca: ...............................           [  OK  ]
  Starting pki-ca:                                           [  OK  ]

  PKI service(s) are available at https://cpu1.example.com:9443
==

I'm attaching a screenshot, but this is the actual error:
==
  cpu1.example.com:9443 uses an invalid security certificate.

  The certificate is not trusted because the issuer certificate is not trusted.

  (Error code: sec_error_untrusted_issuer)
==

The admin should have already been prompted to install and trust the root before
he gets to this error.  As it stands, he has to manually trust this page until
he gets around to importing the root, which is an easy task for forget.

Version-Release number of selected component (if applicable):
1.0.0

How reproducible:
Always
Comment 1 Bob Lord 2008-04-02 23:28:01 UTC 
Created attachment 300150 [details]
screenshot of FF3 error
Comment 2 Jack Magne 2008-04-04 17:38:23 UTC 
Duplicated on FF3.
Comment 4 Jack Magne 2008-05-08 00:20:00 UTC 
This bug has been resolved as the result of the work done on bug#440079. That
bug's fix allows the user to import and trust the CA's cert chain before
finishing the configuration wizard. Once the server is restarted, the user can
go to the CA's main page without FF3 complaining about an invalid server
certificate.
Comment 5 Kashyap Chamarthy 2009-06-04 12:39:07 UTC 
Verified on Firefox 3.0.10. (with build 1-June-09). No such error is thrown by Firefox after creating/configuring and restarting a new CA instance.