Bug 490600 - pkisilent configuration fails to enable the CA web interface
pkisilent configuration fails to enable the CA web interface
Status: CLOSED WONTFIX
Product: Red Hat Certificate System
Classification: Red Hat
Component: Other (Show other bugs)
7.3
All Linux
medium Severity medium
: rc
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
:
Depends On:
Blocks: 530474
  Show dependency treegraph
 
Reported: 2009-03-17 04:53 EDT by Stuart Sears
Modified: 2017-04-10 10 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-08-28 21:48:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Stuart Sears 2009-03-17 04:53:24 EDT
Description of problem:

using pkisilent-1.1.0-1.el4 to automate a CA installation, as follows:
(this was used in kickstart %post)

INSTANCE=rhpki-ca
PREOP=$( grep '^preop.pin' /var/lib/${INSTANCE}/conf/CS.cfg | cut -d= -f2 )
DBPASS=$( grep 'internal' /var/lib/${INSTANCE}/conf/password.conf | cut -d: -f2 )

export PREOP DBPASS INSTANCE

cd /usr/share/pki

perl /usr/share/pki/pkisilent ConfigureCA \
-cs_hostname certsystem.example.com \
-cs_port 9443 \
-client_certdb_dir /var/lib/${INSTANCE}/alias \
-client_certdb_pwd ${DBPASS} \
-domain_name "Prorail\ PKI" \
-admin_user admin \
-admin_password apassword \
-agent_name "CA Administrator of Instance ${INSTANCE}" \
-agent_key_size 2048 \
-agent_key_type rsa \
-ldap_host localhost \
-ldap_port 389 \
-bind_dn "cn=Directory\ Manager" \
-bind_password "somepassword" \
-base_dn "o=ca,dc=example,dc=com" \
-db_name ${INSTANCE} \
-key_size 2048 \
-key_type rsa \
-save_p12 true \
-backup_pwd anotherpassword \
-subsystem-name ca \
-ca_sign_cert_subject_name "cn=Certificate Authority,o=Example PKI" \
-ca_subsystem_cert_subject_name "cn=CA Subsystem Certificate,o=Example PKI" \
-ca_ocsp_cert_subject_name "cn=OCSP Signing Certificate,o=Example PKI" \
-ca_server_cert_subject_name "cn=CA server,o=Example PKI"

Version-Release number of selected component (if applicable):
pkisilent-1.1.0-1.el4 (Certificate System 7.3 x86 RHEL4.7AS)

How reproducible:
every time

Steps to Reproduce:
1. up2date (or pki_install...) rhpki-ca
2. unpack the pkisilent tarball (in this case into /usr/share/pki
3. then connect to https://certificate.system:9443 in a web browser.

 
Actual results:

only 'Agent Services' appears as an option.
Clicking upon this link immediately redirects to http://certificate.system:9080 
where you are prompted for the installation PIN - which has already been used for pkisilent. Following the wizard through, you find that all the fields have been filled in with the details used in the pkisilent command.

Expected results:

The web interface offers both 'SSL Users End User Services' and 'Agent Services'.
I appreciate that there is still a need to create and import end-user certs to use the 'Agent Services' functionality, but the end user options do not require this.


Additional info:
Comment 1 Stuart Sears 2009-03-17 05:16:56 EDT
oops. of course I meant:
Steps to Reproduce:
1. up2date (or pki_install...) rhpki-ca
2. unpack the pkisilent tarball (in this case into /usr/share/pki)
3. run the pkisilent installation command as detailed
3. connect to https://certificate.system:9443 in a web browser and click on the 'Agent Services' link

Note You need to log in before you can comment on or make changes to this bug.