Bug 440348 - FF3 error after installing new CA instance
FF3 error after installing new CA instance
Product: Dogtag Certificate System
Classification: Community
Component: CA (Show other bugs)
All Linux
high Severity medium
: 1.0
: ---
Assigned To: Jack Magne
Chandrasekar Kannan
Depends On:
Blocks: 443788
  Show dependency treegraph
Reported: 2008-04-02 19:28 EDT by Bob Lord
Modified: 2015-01-05 20:19 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-07-22 19:28:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
screenshot of FF3 error (30.37 KB, image/png)
2008-04-02 19:28 EDT, Bob Lord
no flags Details

  None (edit)
Description Bob Lord 2008-04-02 19:28:01 EDT
Description of problem:
After installing a CA instance, you restart the server.  The process looks like
  # service pki-ca restart
  Stopping pki-ca: ...............................           [  OK  ]
  Starting pki-ca:                                           [  OK  ]

  PKI service(s) are available at https://cpu1.example.com:9443

I'm attaching a screenshot, but this is the actual error:
  cpu1.example.com:9443 uses an invalid security certificate.

  The certificate is not trusted because the issuer certificate is not trusted.

  (Error code: sec_error_untrusted_issuer)

The admin should have already been prompted to install and trust the root before
he gets to this error.  As it stands, he has to manually trust this page until
he gets around to importing the root, which is an easy task for forget.

Version-Release number of selected component (if applicable):

How reproducible:
Comment 1 Bob Lord 2008-04-02 19:28:01 EDT
Created attachment 300150 [details]
screenshot of FF3 error
Comment 2 Jack Magne 2008-04-04 13:38:23 EDT
Duplicated on FF3.
Comment 4 Jack Magne 2008-05-07 20:20:00 EDT
This bug has been resolved as the result of the work done on bug#440079. That
bug's fix allows the user to import and trust the CA's cert chain before
finishing the configuration wizard. Once the server is restarted, the user can
go to the CA's main page without FF3 complaining about an invalid server
Comment 5 Kashyap Chamarthy 2009-06-04 08:39:07 EDT
Verified on Firefox 3.0.10. (with build 1-June-09). No such error is thrown by Firefox after creating/configuring and restarting a new CA instance.

Note You need to log in before you can comment on or make changes to this bug.