490600 – pkisilent configuration fails to enable the CA web interface

Bug 490600 - pkisilent configuration fails to enable the CA web interface

Summary: pkisilent configuration fails to enable the CA web interface

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Certificate System
Classification:	Red Hat
Component:	Other
Sub Component:
Version:	7.3
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Ade Lee
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	530474
TreeView+	depends on / blocked

Reported:	2009-03-17 08:53 UTC by Stuart Sears
Modified:	2017-04-10 14:21 UTC (History)
CC List:	7 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2014-08-29 01:48:02 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description Stuart Sears 2009-03-17 08:53:24 UTC

Description of problem:

using pkisilent-1.1.0-1.el4 to automate a CA installation, as follows:
(this was used in kickstart %post)

INSTANCE=rhpki-ca
PREOP=$( grep '^preop.pin' /var/lib/${INSTANCE}/conf/CS.cfg | cut -d= -f2 )
DBPASS=$( grep 'internal' /var/lib/${INSTANCE}/conf/password.conf | cut -d: -f2 )

export PREOP DBPASS INSTANCE

cd /usr/share/pki

perl /usr/share/pki/pkisilent ConfigureCA \
-cs_hostname certsystem.example.com \
-cs_port 9443 \
-client_certdb_dir /var/lib/${INSTANCE}/alias \
-client_certdb_pwd ${DBPASS} \
-domain_name "Prorail\ PKI" \
-admin_user admin \
-admin_password apassword \
-agent_name "CA Administrator of Instance ${INSTANCE}" \
-agent_key_size 2048 \
-agent_key_type rsa \
-ldap_host localhost \
-ldap_port 389 \
-bind_dn "cn=Directory\ Manager" \
-bind_password "somepassword" \
-base_dn "o=ca,dc=example,dc=com" \
-db_name ${INSTANCE} \
-key_size 2048 \
-key_type rsa \
-save_p12 true \
-backup_pwd anotherpassword \
-subsystem-name ca \
-ca_sign_cert_subject_name "cn=Certificate Authority,o=Example PKI" \
-ca_subsystem_cert_subject_name "cn=CA Subsystem Certificate,o=Example PKI" \
-ca_ocsp_cert_subject_name "cn=OCSP Signing Certificate,o=Example PKI" \
-ca_server_cert_subject_name "cn=CA server,o=Example PKI"

Version-Release number of selected component (if applicable):
pkisilent-1.1.0-1.el4 (Certificate System 7.3 x86 RHEL4.7AS)

How reproducible:
every time

Steps to Reproduce:
1. up2date (or pki_install...) rhpki-ca
2. unpack the pkisilent tarball (in this case into /usr/share/pki
3. then connect to https://certificate.system:9443 in a web browser.

 
Actual results:

only 'Agent Services' appears as an option.
Clicking upon this link immediately redirects to http://certificate.system:9080 
where you are prompted for the installation PIN - which has already been used for pkisilent. Following the wizard through, you find that all the fields have been filled in with the details used in the pkisilent command.

Expected results:

The web interface offers both 'SSL Users End User Services' and 'Agent Services'.
I appreciate that there is still a need to create and import end-user certs to use the 'Agent Services' functionality, but the end user options do not require this.


Additional info:

Comment 1 Stuart Sears 2009-03-17 09:16:56 UTC

oops. of course I meant:
Steps to Reproduce:
1. up2date (or pki_install...) rhpki-ca
2. unpack the pkisilent tarball (in this case into /usr/share/pki)
3. run the pkisilent installation command as detailed
3. connect to https://certificate.system:9443 in a web browser and click on the 'Agent Services' link

Note You need to log in before you can comment on or make changes to this bug.