The *pkispawn* utility now validates the path to external CA certificates during installation
Previously, during the installation of Certificate System using an external certificate authority certificate, the *pkispawn* utility did not validate the path to the certificate. If the path was incorrect, the following error was logged in the CA's debug log:
CertInfoProfile: Unable to populate certificate: Unable to get ca certificate: Unable to initialize, java.io.IOException: DerInput.getLength(): lengthTag=9, too big.
With this update, *pkispawn* validates the path to the certificate. As a result, *pkispawn* now reports a meaningful error message.
This bug has been copied from bug #1588655 and has been proposed to be backported to 7.5 z-stream (EUS).
Endi Sukma Dewata 2018-06-07 12:52:42 EDT
The fix is already available in 10.5 branch:
rpm -qa pki-*
1. perform 2 step external CA installation procedure and make sure it works .
2. With any failures in csr, certificate (ca_signing or external certificate) correct error message is logged.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.