Bug 509998
Summary: | attempt to import user certificate in IE on vista fails with error. | ||
---|---|---|---|
Product: | [Retired] Dogtag Certificate System | Reporter: | Kashyap Chamarthy <kchamart> |
Component: | CA | Assignee: | Jack Magne <jmagne> |
Status: | CLOSED NOTABUG | QA Contact: | Chandrasekar Kannan <ckannan> |
Severity: | medium | Docs Contact: | |
Priority: | urgent | ||
Version: | unspecified | CC: | awnuk, benl |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-07-07 22:57:41 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 443788 |
Description
Kashyap Chamarthy
2009-07-07 10:53:02 UTC
this should be an urgent bug... raising to urgent for investigation In order to even enroll a certificate properly, we have to import and trust the CA's certificate. If this is done, I'm sure this problem does not happen. Chandra and I kicked this around. The CA's EE UI provides a fairly easy way to import and trust the CA's cert chain. This should make the main thrust of this issue go away. The end of the report mentions some funny behavior when picking a key size too big for the selected provider. I believe we have another bug open for that issue with Andrew. We could pursue that there. Therefore close this for now, but we can bring it back if we decide to later. okay, I realized a mistake I was making Instead of doing a "Import CA certificate chain" , I navigated to List Certificates -> then pointed to 0x1 (CA cert) -> Import into browser -From the EE "Retrieval" tab, if I select the "Import the CA chain", and choose to auto-select the certificate store to import it -> It'll import into "Intermediate Certificate Authorities" instead of "Trusted Root Certificate Authorities" citing self-signed as reason. (on XP if we auto-select, CA cert is installed in "Trusted Root Certificate Authorities" ) -Of course, on vista, if we select the "Place all certificates in the following store" and point to "Trusted Root Certificate Authorities" - the root CA installs fine there. |