Bug 489404

Summary: non-secure port redirects to secure port
Product: [Retired] Dogtag Certificate System Reporter: Rob Crittenden <rcritten>
Component: CAAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: urgent    
Version: 1.0CC: alee, awnuk, benl, cfu, jgalipea, jmagne, mharmsen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-07-22 23:32:58 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 443788, 445247    
Attachments:
Description Flags
Fix for broken non-secure port
none
Fix for broken non-secure port (spec files)
none
wget output none

Description Rob Crittenden 2009-03-09 21:14:11 UTC
The non-secure UI port (9180) always redirects to the secure port (9443). If you use a browser to go to the unsecure port you are immediately redirected to the secure on.

Trying to retrieve a URI directly results in an error.

For example:

This works:

% wget -O - --no-check-certificate "https://ca.example.com:9444/ca/ee/ca/displayBySerial?serialNumber=0xa&xmlOutput=false"

This fails with "Error encountered while loading output template."

% wget -O - --no-check-certificate "http://ca.example.com:9180/ca/ee/ca/displayBySerial?serialNumber=0xa&xmlOutput=false"

And this is logged in system:
7532.http-9444-Processor24 - [09/Mar/2009:15:30:01 EDT] [3] [3] Servlet caDisplayBySerial: Error encountered in DisplayBySerial. Error LDAP operation failure - cn=11,ou=certificateRepository, ou=ca, dc=ca.example.com-pki-ca nets7532.http-9180-Processor25 - [09/Mar/2009:17:11:32 EDT] [3] [20] CMSgateway:Could not load template /var/lib/pki-ca/webapps/ca/ee/ca/displayBySerial.template error java.io.FileNotFoundException: /var/lib/pki-ca/webapps/ca/ee/ca/displayBySerial.template (No such file or directory).
7532.http-9180-Processor25 - [09/Mar/2009:17:11:32 EDT] [3] [20] CMSgateway:Could not load template /var/lib/pki-ca/webapps/ca/ee/GenUnexpectedError.template error java.io.FileNotFoundException: /var/lib/pki-ca/webapps/ca/ee/GenUnexpectedError.template (No such file or directory).

Comment 1 Matthew Harmsen 2009-03-11 02:03:30 UTC
The redirect was not the problem (as use of this is intended for the GUI); the problem was that the non-secure port was broken - attaching patches with the fixes.

Comment 2 Matthew Harmsen 2009-03-11 02:05:06 UTC
Created attachment 334741 [details]
Fix for broken non-secure port

Comment 3 Matthew Harmsen 2009-03-11 02:05:38 UTC
Created attachment 334742 [details]
Fix for broken non-secure port (spec files)

Comment 4 Andrew Wnuk 2009-03-11 17:48:30 UTC
attachment (id=334741)
attachment (id=334742)
+awnuk

Comment 5 Matthew Harmsen 2009-03-11 19:18:55 UTC
cd pki/base

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
D      ca/shared/conf/server.xml.good
M      ca/shared/conf/server.xml
M      common/src/com/netscape/cmscore/apps/CMSEngine.java
M      setup/pkicreate
D      tks/shared/conf/server.xml.good
M      tks/shared/conf/server.xml
D      ocsp/shared/conf/server.xml.good
M      ocsp/shared/conf/server.xml
D      kra/shared/conf/server.xml.good
M      kra/shared/conf/server.xml

% svn commit
Sending        base/ca/shared/conf/server.xml
Deleting       base/ca/shared/conf/server.xml.good
Sending        base/common/src/com/netscape/cmscore/apps/CMSEngine.java
Sending        base/kra/shared/conf/server.xml
Deleting       base/kra/shared/conf/server.xml.good
Sending        base/ocsp/shared/conf/server.xml
Deleting       base/ocsp/shared/conf/server.xml.good
Sending        base/setup/pkicreate
Sending        base/tks/shared/conf/server.xml
Deleting       base/tks/shared/conf/server.xml.good
Transmitting file data ......
Committed revision 295.



cd pki/dogtag

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      ca/pki-ca.spec
M      common/pki-common.spec
M      setup/pki-setup.spec
M      tks/pki-tks.spec
M      ocsp/pki-ocsp.spec
M      kra/pki-kra.spec

% svn commit
Sending        dogtag/ca/pki-ca.spec
Sending        dogtag/common/pki-common.spec
Sending        dogtag/kra/pki-kra.spec
Sending        dogtag/ocsp/pki-ocsp.spec
Sending        dogtag/setup/pki-setup.spec
Sending        dogtag/tks/pki-tks.spec
Transmitting file data ......
Committed revision 296.

Comment 6 Jenny Severance 2009-06-04 13:38:20 UTC
Verified - set attached wget output - unsecure port successful.

Comment 7 Jenny Severance 2009-06-04 13:38:52 UTC
Created attachment 346533 [details]
wget output