Red Hat Bugzilla – Bug 440348
FF3 error after installing new CA instance
Last modified: 2015-01-05 20:19:54 EST
Description of problem:
After installing a CA instance, you restart the server. The process looks like
# service pki-ca restart
Stopping pki-ca: ............................... [ OK ]
Starting pki-ca: [ OK ]
PKI service(s) are available at https://cpu1.example.com:9443
I'm attaching a screenshot, but this is the actual error:
cpu1.example.com:9443 uses an invalid security certificate.
The certificate is not trusted because the issuer certificate is not trusted.
(Error code: sec_error_untrusted_issuer)
The admin should have already been prompted to install and trust the root before
he gets to this error. As it stands, he has to manually trust this page until
he gets around to importing the root, which is an easy task for forget.
Version-Release number of selected component (if applicable):
Created attachment 300150 [details]
screenshot of FF3 error
Duplicated on FF3.
This bug has been resolved as the result of the work done on bug#440079. That
bug's fix allows the user to import and trust the CA's cert chain before
finishing the configuration wizard. Once the server is restarted, the user can
go to the CA's main page without FF3 complaining about an invalid server
Verified on Firefox 3.0.10. (with build 1-June-09). No such error is thrown by Firefox after creating/configuring and restarting a new CA instance.