Description of problem: when ssl securing the directory server and using the certutil to create the certificate, if the CA cert is created with adding the basic constraints extension (-2 flag), the certificate ends up under the Server Certs tab instead of the CA Certs tab in the admin console. Subsequently trying to install the CA certificate under the CA Certs tab when it already exists under the Server Certs tab results in the following null pointer exception. Exception occurred during event dispatching: java.lang.NullPointerException at com.netscape.management.client.security.CertificateInfoPanels.getGeneralInfo(Unknown Source) at com.netscape.management.client.security.CertInstallCertInfoPage.pageShown(Unknown Source) at com.netscape.management.client.components.WizardNavigator.setPanel(Unknown Source) at com.netscape.management.client.components.WizardNavigator.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2012) at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2335) at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:404) at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:253) at java.awt.Component.processMouseEvent(Component.java:6101) at javax.swing.JComponent.processMouseEvent(JComponent.java:3276) at java.awt.Component.processEvent(Component.java:5866) at java.awt.Container.processEvent(Container.java:2105) at java.awt.Component.dispatchEventImpl(Component.java:4462) at java.awt.Container.dispatchEventImpl(Container.java:2163) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4125) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055) at java.awt.Container.dispatchEventImpl(Container.java:2149) at java.awt.Window.dispatchEventImpl(Window.java:2478) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.EventQueue.dispatchEvent(EventQueue.java:604) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:194) at java.awt.Dialog$1.run(Dialog.java:1072) at java.awt.Dialog$3.run(Dialog.java:1126) at java.security.AccessController.doPrivileged(Native Method) at java.awt.Dialog.show(Dialog.java:1124) at com.netscape.management.client.components.Wizard.show(Unknown Source) at java.awt.Component.show(Component.java:1457) at java.awt.Component.setVisible(Component.java:1409) at java.awt.Window.setVisible(Window.java:842) at java.awt.Dialog.setVisible(Dialog.java:1011) at com.netscape.management.client.security.CertInstallWizard.setVisible(Unknown Source) at com.netscape.management.client.security.CACertificatePane.installInvoked(Unknown Source) at com.netscape.management.client.security.CertificateListPane$1.actionPerformed(Unknown Source) at javax.swing.AbstractButton.fireActionPerformed(AbstractButton.java:2012) at javax.swing.AbstractButton$Handler.actionPerformed(AbstractButton.java:2335) at javax.swing.DefaultButtonModel.fireActionPerformed(DefaultButtonModel.java:404) at javax.swing.DefaultButtonModel.setPressed(DefaultButtonModel.java:259) at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(BasicButtonListener.java:253) at java.awt.AWTEventMulticaster.mouseReleased(AWTEventMulticaster.java:289) at java.awt.Component.processMouseEvent(Component.java:6101) at javax.swing.JComponent.processMouseEvent(JComponent.java:3276) at java.awt.Component.processEvent(Component.java:5866) at java.awt.Container.processEvent(Container.java:2105) at java.awt.Component.dispatchEventImpl(Component.java:4462) at java.awt.Container.dispatchEventImpl(Container.java:2163) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4125) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055) at java.awt.Container.dispatchEventImpl(Container.java:2149) at java.awt.Window.dispatchEventImpl(Window.java:2478) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.EventQueue.dispatchEvent(EventQueue.java:604) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:194) at java.awt.Dialog$1.run(Dialog.java:1072) at java.awt.Dialog$3.run(Dialog.java:1126) at java.security.AccessController.doPrivileged(Native Method) at java.awt.Dialog.show(Dialog.java:1124) at com.netscape.management.client.util.AbstractDialog.show(Unknown Source) at com.netscape.management.client.security.CertificateDialog.show(Unknown Source) at java.awt.Component.show(Component.java:1457) at java.awt.Component.setVisible(Component.java:1409) at java.awt.Window.setVisible(Window.java:842) at java.awt.Dialog.setVisible(Dialog.java:1011) at com.netscape.management.client.security.CertificateDialog.setVisible(Unknown Source) at com.netscape.admin.dirserv.task.KeyCert.run(Unknown Source) at com.netscape.management.client.TaskModel.actionObjectRun(Unknown Source) at com.netscape.management.client.TaskPage$TaskList$ButtonMouseListener.mouseClicked(Unknown Source) at java.awt.AWTEventMulticaster.mouseClicked(AWTEventMulticaster.java:270) at java.awt.Component.processMouseEvent(Component.java:6104) at javax.swing.JComponent.processMouseEvent(JComponent.java:3276) at java.awt.Component.processEvent(Component.java:5866) at java.awt.Container.processEvent(Container.java:2105) at java.awt.Component.dispatchEventImpl(Component.java:4462) at java.awt.Container.dispatchEventImpl(Container.java:2163) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.LightweightDispatcher.retargetMouseEvent(Container.java:4461) at java.awt.LightweightDispatcher.processMouseEvent(Container.java:4134) at java.awt.LightweightDispatcher.dispatchEvent(Container.java:4055) at java.awt.Container.dispatchEventImpl(Container.java:2149) at java.awt.Window.dispatchEventImpl(Window.java:2478) at java.awt.Component.dispatchEvent(Component.java:4288) at java.awt.EventQueue.dispatchEvent(EventQueue.java:604) at java.awt.EventDispatchThread.pumpOneEventForFilters(EventDispatchThread.java:275) at java.awt.EventDispatchThread.pumpEventsForFilter(EventDispatchThread.java:200) at java.awt.EventDispatchThread.pumpEventsForHierarchy(EventDispatchThread.java:190) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:185) at java.awt.EventDispatchThread.pumpEvents(EventDispatchThread.java:177) at java.awt.EventDispatchThread.run(EventDispatchThread.java:138) Version-Release number of selected component (if applicable): 8.1 How reproducible: Always Steps to Reproduce: 1. Follow the instructions here: http://www.redhat.com/docs/manuals/dir-server/ag/8.0/Managing_SSL-Using_certutil.html and do not include -2 flag when creating the CA certificate. 2. Export the CA certificate: certutil -d . -L -n "CA certificate" -a > cacert.asc 3. From the DS console, manage certificates, CA Certs tab. Click install and browse to the cacert.asc file. Click Next. Actual results: Certificate information screen is blank and console throws a null pointer exception Expected results: Error - certificate already exists - or appropriate error. Additional info:
Created attachment 329744 [details] diffs
Created attachment 329880 [details] cvs commit log Reviewed by: nhosoi (Thanks!) Fix Description: The problem is that the certificate is not recognized by NSS as a CA certificate because it is missing some flags and the basic constraint extension for CAs. The wizard code wrongly assumed that any certificate being installed in this context is a CA cert. I changed the code to handle other types of certs. However, this doesn't fix the problem where the CA cert shows up under Server Certs instead of CA Certs, because only "real" CA certs with the proper settings will show up under the CA Certs list. Platforms tested: RHEL5 Flag Day: no Doc impact: no
fix verfied RHEL 5 DS 8.1
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHEA-2009-0455.html