Bug 518431

Summary: ca.p7c bin file is prompted while importing CA Agent certificate in browser
Product: [Retired] Dogtag Certificate System Reporter: Kashyap Chamarthy <kchamart>
Component: CAAssignee: Andrew Wnuk <awnuk>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: high    
Version: 1.1CC: awnuk, benl, dpal, mharmsen
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-09-14 18:28:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
Bug Depends On:    
Bug Blocks: 443788, 512842    
Description Flags
ca.p7c bin file download prompt
proposed fix none

Description Kashyap Chamarthy 2009-08-20 12:05:34 UTC
Description of problem:

ca.p7c bin file is prompted while importing CA Agent certificate in browser. (see screen shot attached)

firefox throws warning about the agent cert installed - "certificate cannot be trusted, or cannot be verified or expired.."

Environment: CS8.0 + Errata-1 bits

How reproducible:
every time.

Steps to Reproduce:
1. Install/configure CA subsystem

Actual results:
At the certificate import panel, ca.p7c(pkcs#7) file is prompted
- CA agent cert is not trusted.

Expected results:

- ca.p7c should not be prompted
- CA agent certificate should be trusted by firefox cert store.

Comment 1 Kashyap Chamarthy 2009-08-20 12:06:21 UTC
Created attachment 358075 [details]
ca.p7c bin file download prompt

Comment 2 Andrew Wnuk 2009-08-21 00:47:07 UTC
Created attachment 358179 [details]
proposed fix

Comment 4 Matthew Harmsen 2009-08-21 00:55:59 UTC
attachment (id=358179) +mharmsen

Comment 6 Andrew Wnuk 2009-08-21 01:01:23 UTC
svn commit pki/dogtag/common/pki-common.spec                                   Sending        pki/dogtag/common/pki-common.spec
Transmitting file data .
Committed revision 764.

svn commit pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java                              
Sending        pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
Transmitting file data .
Committed revision 765.

svn commit pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java                       
Sending        pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
Transmitting file data .
Committed revision 766.

Comment 8 Kashyap Chamarthy 2009-08-31 09:11:57 UTC
Verified(on newest build from 27-08-09).
ca.p7c is not prompted when the CA configuration is complete.

Comment 11 errata-xmlrpc 2009-09-14 18:28:11 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.