Bug 489404 - non-secure port redirects to secure port
non-secure port redirects to secure port
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: CA (Show other bugs)
1.0
All Linux
urgent Severity medium
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788 445247
  Show dependency treegraph
 
Reported: 2009-03-09 17:14 EDT by Rob Crittenden
Modified: 2015-01-04 18:37 EST (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:32:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Fix for broken non-secure port (89.47 KB, patch)
2009-03-10 22:05 EDT, Matthew Harmsen
no flags Details | Diff
Fix for broken non-secure port (spec files) (5.54 KB, patch)
2009-03-10 22:05 EDT, Matthew Harmsen
no flags Details | Diff
wget output (36.72 KB, application/octet-stream)
2009-06-04 09:38 EDT, Jenny Galipeau
no flags Details

  None (edit)
Description Rob Crittenden 2009-03-09 17:14:11 EDT
The non-secure UI port (9180) always redirects to the secure port (9443). If you use a browser to go to the unsecure port you are immediately redirected to the secure on.

Trying to retrieve a URI directly results in an error.

For example:

This works:

% wget -O - --no-check-certificate "https://ca.example.com:9444/ca/ee/ca/displayBySerial?serialNumber=0xa&xmlOutput=false"

This fails with "Error encountered while loading output template."

% wget -O - --no-check-certificate "http://ca.example.com:9180/ca/ee/ca/displayBySerial?serialNumber=0xa&xmlOutput=false"

And this is logged in system:
7532.http-9444-Processor24 - [09/Mar/2009:15:30:01 EDT] [3] [3] Servlet caDisplayBySerial: Error encountered in DisplayBySerial. Error LDAP operation failure - cn=11,ou=certificateRepository, ou=ca, dc=ca.example.com-pki-ca nets7532.http-9180-Processor25 - [09/Mar/2009:17:11:32 EDT] [3] [20] CMSgateway:Could not load template /var/lib/pki-ca/webapps/ca/ee/ca/displayBySerial.template error java.io.FileNotFoundException: /var/lib/pki-ca/webapps/ca/ee/ca/displayBySerial.template (No such file or directory).
7532.http-9180-Processor25 - [09/Mar/2009:17:11:32 EDT] [3] [20] CMSgateway:Could not load template /var/lib/pki-ca/webapps/ca/ee/GenUnexpectedError.template error java.io.FileNotFoundException: /var/lib/pki-ca/webapps/ca/ee/GenUnexpectedError.template (No such file or directory).
Comment 1 Matthew Harmsen 2009-03-10 22:03:30 EDT
The redirect was not the problem (as use of this is intended for the GUI); the problem was that the non-secure port was broken - attaching patches with the fixes.
Comment 2 Matthew Harmsen 2009-03-10 22:05:06 EDT
Created attachment 334741 [details]
Fix for broken non-secure port
Comment 3 Matthew Harmsen 2009-03-10 22:05:38 EDT
Created attachment 334742 [details]
Fix for broken non-secure port (spec files)
Comment 4 Andrew Wnuk 2009-03-11 13:48:30 EDT
attachment (id=334741)
attachment (id=334742)
+awnuk
Comment 5 Matthew Harmsen 2009-03-11 15:18:55 EDT
cd pki/base

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
D      ca/shared/conf/server.xml.good
M      ca/shared/conf/server.xml
M      common/src/com/netscape/cmscore/apps/CMSEngine.java
M      setup/pkicreate
D      tks/shared/conf/server.xml.good
M      tks/shared/conf/server.xml
D      ocsp/shared/conf/server.xml.good
M      ocsp/shared/conf/server.xml
D      kra/shared/conf/server.xml.good
M      kra/shared/conf/server.xml

% svn commit
Sending        base/ca/shared/conf/server.xml
Deleting       base/ca/shared/conf/server.xml.good
Sending        base/common/src/com/netscape/cmscore/apps/CMSEngine.java
Sending        base/kra/shared/conf/server.xml
Deleting       base/kra/shared/conf/server.xml.good
Sending        base/ocsp/shared/conf/server.xml
Deleting       base/ocsp/shared/conf/server.xml.good
Sending        base/setup/pkicreate
Sending        base/tks/shared/conf/server.xml
Deleting       base/tks/shared/conf/server.xml.good
Transmitting file data ......
Committed revision 295.



cd pki/dogtag

% svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M      ca/pki-ca.spec
M      common/pki-common.spec
M      setup/pki-setup.spec
M      tks/pki-tks.spec
M      ocsp/pki-ocsp.spec
M      kra/pki-kra.spec

% svn commit
Sending        dogtag/ca/pki-ca.spec
Sending        dogtag/common/pki-common.spec
Sending        dogtag/kra/pki-kra.spec
Sending        dogtag/ocsp/pki-ocsp.spec
Sending        dogtag/setup/pki-setup.spec
Sending        dogtag/tks/pki-tks.spec
Transmitting file data ......
Committed revision 296.
Comment 6 Jenny Galipeau 2009-06-04 09:38:20 EDT
Verified - set attached wget output - unsecure port successful.
Comment 7 Jenny Galipeau 2009-06-04 09:38:52 EDT
Created attachment 346533 [details]
wget output

Note You need to log in before you can comment on or make changes to this bug.