Bug 1462812 - pki Client cert import --ca-server is failing for HTTPS port and protocol.
pki Client cert import --ca-server is failing for HTTPS port and protocol.
Status: NEW
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: pki-core (Show other bugs)
7.4
Unspecified Unspecified
unspecified Severity unspecified
: rc
: ---
Assigned To: RHCS Maintainers
Asha Akkiangady
: GSSTriaged
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2017-06-19 11:26 EDT by Amol K
Modified: 2017-06-29 22:12 EDT (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed:
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Attachment 1, Scenario 1 (2.16 KB, text/plain)
2017-06-19 11:27 EDT, Amol K
no flags Details
Attachment 2, Scenario 2 (3.05 KB, text/plain)
2017-06-19 11:28 EDT, Amol K
no flags Details

  None (edit)
Description Amol K 2017-06-19 11:26:53 EDT
Description of problem:

While importing the certificate using the https port and protocol it throws the traceback as Error: Certificate database not initialized.

Version-Release number of selected component (if applicable):
PKI Command-Line Interface 10.4.1-9.el7


How reproducible:
Always

Steps to Reproduce:
## First scenario:

1. pki -d nssdb -c Secret123 -h pki1.example.com -p 20080 client-init 
# Initiated the client directory with HTTP port.

2. pki -d nssdb -c Secret123 -h pki1.example.com -p 20080 client-cert-import --ca-server 
# Imported the CA Signing cert using HTTP port and imported the admin cert using '--serial 0x6'

# If I try to import another user's certificate with https port and protocol it throws an exception.
3. pki -d nssdb -c Secret123 -h pki1.example.com -p 20443 -P https -n "PKI CA Administrator for Example.Org" client-cert-import --serial 0x54
# see log attachment 1 [details]

## Second Scenario:
If I started with the HTTPS client-init.
1. pki -d nssdb -c Secret123 -h pki1.example.com -p 20443 -P https client-init
------------------
Client initialized
------------------

2.  pki -d nssdb/ -c Secret123 -h pki1.example.com -p 20080 -P https client-cert-import --ca-server
FATAL: SSL alert sent: RECORD_OVERFLOW
IOException: SocketException cannot write on socket

# see log attachment2 [details]

Actual results:
Error: Certificate database not initialized.

Expected results:
It should import the certificate in the client directory.

Additional info:
Comment 2 Amol K 2017-06-19 11:27 EDT
Created attachment 1289139 [details]
Attachment 1 [details], Scenario 1
Comment 3 Amol K 2017-06-19 11:28 EDT
Created attachment 1289140 [details]
Attachment 2 [details], Scenario 2
Comment 4 Asha Akkiangady 2017-06-22 12:47:54 EDT
Amol,

Scenario 2 step #2 is tested with https with unsecure port. Please re-test.

Thanks,
Asha
Comment 5 Amol K 2017-06-22 13:23:11 EDT
Hi Asha, 

Yes, scenario 2 step #2 is not valid in this bug. 

Following is the correct one:

2. [root@pki1 ~]# pki -d nssdb/ -c Secret123 -h pki1.example.com -p 20443 -P https client-cert-import --serial 0x6 "Admin Cert"
Error: Certificate database not initialized.

Sorry for the inconvenience.

Note You need to log in before you can comment on or make changes to this bug.