Bug 501699

Summary:

Renewal request in RA throws error - certificate not found in database"

Product:

[Retired] Dogtag Certificate System

Reporter:

Kashyap Chamarthy <kchamart>

Component:

Assignee:

Ade Lee <alee>

Status:

CLOSED ERRATA

QA Contact:

Chandrasekar Kannan <ckannan>

Severity:

medium

Docs Contact:

Priority:

high

Version:

unspecified

CC:

benl, cfu, mharmsen

Target Milestone:

---

Target Release:

---

Hardware:

All

OS:

Linux

Whiteboard:

Fixed In Version:

Doc Type:

Bug Fix

Doc Text:

Story Points:

---

Clone Of:

Environment:

Last Closed:

2009-07-22 23:35:29 UTC

Type:

---

Regression:

---

Mount Type:

---

Documentation:

---

CRM:

Verified Versions:

Category:

---

oVirt Team:

---

RHEL 7.3 requirements from Atomic Host:

Cloudforms Team:

---

Target Upstream Version:

Embargoed:

Bug Depends On:

Bug Blocks:

443788

Attachments:

Description	Flags
patch to fix	none

Description Kashyap Chamarthy 2009-05-20 11:58:30 UTC

Description of problem:

Renewal request in RA throws error 

Request process error
Error: certificate not found in database"



Steps to Reproduce:

1. Submit a user certificate request in the RA Services: User Enrollment
2. Go to the Agent pages, and approve the certificate request
3. Go to "SSL End user services" pages and import the certificate into the browser
4. Now, try to submit a renewal request in the End User pages. User Enrollment -> Renewal - User and click on the "Renewal" button
  
Actual results:

The below error is thrown:

Request process error
Error: certificate not found in database"

Expected results:
A window should be prompted to choose the certificate from the browser list to be renewed

=====================================================

Log info: pki-ra error_log

[root@rhel5t pki-ra]# tail -f error_log 
[Wed May 20 17:20:01 2009] [info] Subsequent (No.2) HTTPS request received for child 10 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:01 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:01 2009] [info] Subsequent (No.2) HTTPS request received for child 9 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:01 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:01 2009] [info] Subsequent (No.2) HTTPS request received for child 7 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:01 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:01 2009] [info] Subsequent (No.3) HTTPS request received for child 62 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:01 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:01 2009] [info] Subsequent (No.2) HTTPS request received for child 60 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:01 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:16 2009] [info] Connection to child 1 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:16 2009] [info] Connection to child 10 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:16 2009] [info] Connection to child 9 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:16 2009] [info] Connection to child 7 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:16 2009] [info] Connection to child 62 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:16 2009] [info] Connection to child 60 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:22 2009] [info] Connection to child 4 established (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:22 2009] [info] Initial (No.1) HTTPS request received for child 4 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:22 2009] [info] Connection to child 8 established (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:22 2009] [info] Initial (No.1) HTTPS request received for child 8 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:22 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:22 2009] [info] Connection to child 14 established (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:22 2009] [info] Initial (No.1) HTTPS request received for child 14 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:22 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:22 2009] [info] Connection to child 15 established (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:22 2009] [info] Initial (No.1) HTTPS request received for child 15 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:22 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:22 2009] [info] Connection to child 6 established (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:22 2009] [info] Initial (No.1) HTTPS request received for child 6 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:22 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:22 2009] [info] Subsequent (No.2) HTTPS request received for child 4 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:22 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:22 2009] [info] Connection to child 0 established (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:22 2009] [info] Initial (No.1) HTTPS request received for child 0 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:22 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:24 2009] [info] Subsequent (No.2) HTTPS request received for child 8 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:24 2009] [info] Subsequent (No.2) HTTPS request received for child 14 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:24 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:24 2009] [info] Subsequent (No.2) HTTPS request received for child 15 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:24 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:24 2009] [info] Subsequent (No.2) HTTPS request received for child 6 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:24 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:24 2009] [info] Subsequent (No.3) HTTPS request received for child 8 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:24 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:24 2009] [info] Subsequent (No.3) HTTPS request received for child 4 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:24 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:24 2009] [info] Subsequent (No.2) HTTPS request received for child 0 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:24 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:27 2009] [info] Subsequent (No.3) HTTPS request received for child 14 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:27 2009] [info] Subsequent (No.3) HTTPS request received for child 15 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:27 2009] [info] Subsequent (No.3) HTTPS request received for child 6 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:27 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:27 2009] [info] Subsequent (No.4) HTTPS request received for child 8 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:27 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:27 2009] [info] Subsequent (No.4) HTTPS request received for child 6 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:27 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:27 2009] [info] Subsequent (No.4) HTTPS request received for child 14 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:27 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:27 2009] [info] Subsequent (No.4) HTTPS request received for child 4 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:27 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:27 2009] [info] Subsequent (No.3) HTTPS request received for child 0 (server rhel5t.pnq.redhat.com:12890)
[Wed May 20 17:20:27 2009] [error] [client 10.65.1.29] File does not exist: /var/lib/pki-ra/docroot/img, referer: https://rhel5t.pnq.redhat.com:12890/css/pki-360.css
[Wed May 20 17:20:42 2009] [info] Connection to child 8 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:42 2009] [info] Connection to child 6 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:43 2009] [info] Connection to child 15 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:43 2009] [info] Connection to child 14 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:43 2009] [info] Connection to child 4 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)
[Wed May 20 17:20:43 2009] [info] Connection to child 0 closed (server rhel5t.pnq.redhat.com:12890, client 10.65.1.29)

Comment 1 Ade Lee 2009-06-01 16:18:05 UTC

This is a port separation issue.

We call get_cert_record() in ../../base/ra/lib/perl/PKI/Service/Op.pm
which in turn uses the cert presented for authentication to populate the cert.

Problem is - this page 
(https://oliver.dsdev.sjc.redhat.com:12890/ee/user/renewal.cgi) is no longer on the client auth pages.

Comment 2 Ade Lee 2009-06-08 06:13:25 UTC

Created attachment 346819 [details]
patch to fix

mharmsen, please review

Comment 4 Matthew Harmsen 2009-06-08 16:29:39 UTC

attachment (id=346819) +mharmsen

Comment 6 Ade Lee 2009-06-08 17:05:09 UTC

[builder@oliver pki]$ svn ci -m "Bugzilla Bug #501699 - Renewal request in RA throws error - certificate not found in database" base
Sending        base/ra/forms/ee/user/renew.cgi
Sending        base/ra/forms/ee/user/renewal.cgi
Transmitting file data ..
Committed revision 566.

[builder@oliver pki]$ svn ci -m "Bugzilla Bug #501699 - Renewal request in RA throws error - certificate not found in database" redhat
Sending        redhat/ra-ui/redhat-pki-ra-ui.el4sol9.spec
Sending        redhat/ra-ui/redhat-pki-ra-ui.spec
Sending        redhat/ra-ui/shared/docroot/ee/user/renew.vm
Transmitting file data ...
Committed revision 15540.

[builder@oliver pki]$ svn ci -m "Bugzilla Bug #501699 - Renewal request in RA throws error - certificate not found in database" dogtag
Sending        dogtag/ra/pki-ra.spec
Sending        dogtag/ra-ui/dogtag-pki-ra-ui.spec
Sending        dogtag/ra-ui/shared/docroot/ee/user/renew.vm
Transmitting file data ...
Committed revision 567.

Comment 7 Kashyap Chamarthy 2009-06-10 06:21:20 UTC

Verified(June-9-build). We need to clear the browser cache before clicking "Renew"