IE does provide backwards compatibility in recognizing its enrollment objects.
Created attachment 337246 [details] proposed fix
attachment (id=337246) +mharmsen
svn commit pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec Sending pki/dogtag/ca-ui/dogtag-pki-ca-ui.spec Transmitting file data . Committed revision 352. svn commit pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template Sending pki/dogtag/ca-ui/shared/webapps/ca/ee/ca/ProfileSelect.template Transmitting file data . Committed revision 353.
XP SP2 IE 7(XP SP2) Base Cryptographic Provider v1.0(1024) -OK(successfully imported cert into IE) Base Cryptographic Provider v1.0(2048) - Fails to submit the request with Error -80090009 - CA debug log says "java.lang.NullPointerException Strong Cryptographic Provider(1024) -OK (successfully imported cert into IE) Strong Cryptographic Provider(2048) -OK (successfully imported cert into IE) -------------------------------------------------- IE 8(XP SP2) Base Cryptographic Provider v1.0(1024) - OK (successfully imported cert into IE) Base Cryptographic Provider v1.0(2048) - Fails with Error -80090009 - CA debug log says "java.lang.NullPointerException Strong Cryptographic Provider(1024) - OK(successfully imported cert into IE) Strong Cryptographic Provider(2048) - OK(successfully imported cert into IE) ------------------ Re-opening since it failed with 2048(Strong Cryptographic Provider)
for ie7-2048 key, MS Base Crypto 1.0 Error-80090009 pki-ca debug log when tried with Base Cryptographic Provider v1.0(2048) ----------------------------------------------------------------------- [root@el3pki pki-ca]# tail -f /var/log/pki-ca/debug [04/Jul/2009:23:37:11][http-9444-Processor23]: DirAclAuthz: authorization passed [04/Jul/2009:23:37:11][http-9444-Processor23]: SignedAuditEventFactory: create() message=[AuditEvent=AUTHZ_SUCCESS][SubjectID=$Unidentified$][Outcome=Success][aclResource=certServer.ee.profile][Op=read] authorization success [04/Jul/2009:23:37:11][http-9444-Processor23]: SignedAuditEventFactory: create() message=[AuditEvent=ROLE_ASSUME][SubjectID=$Unidentified$][Outcome=Success][Role=<null>] assume privileged role [04/Jul/2009:23:37:11][http-9444-Processor23]: ProfileSelectServlet: SubId=profile [04/Jul/2009:23:37:11][http-9444-Processor23]: ProfileSelectServlet: profileId=caUserCert [04/Jul/2009:23:37:11][http-9444-Processor23]: Property policyset.userCertSet.2.constraint.params.notBeforeGracePeriod missing value [04/Jul/2009:23:37:11][http-9444-Processor23]: ProfileSelectServlet: keyArchivalEnabled is true [04/Jul/2009:23:37:11][http-9444-Processor23]: CMSServlet: curDate=Sat Jul 04 23:37:11 IST 2009 id=caProfileSelect time=23 [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet:service() uri = /ca/ee/ca/profileSubmit [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='cert_request' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_e' value='wuser3' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='cert_request_type' value='pkcs10' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_ou' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='requestor_phone' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_c' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_cn' value='wuser3' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_ou3' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_ou2' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_ou1' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='requestor_name' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_uid' value='wuser3' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='Send' value='Submit' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='profileId' value='caUserCert' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='requestor_email' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='keyLength' value='2048' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='cryptprovider' value='1' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='renewal' value='false' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='sn_o' value='' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet::service() param name='xmlOutput' value='false' [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet: caProfileSubmit start to service. [04/Jul/2009:23:37:57][http-9444-Processor23]: xmlOutput false [04/Jul/2009:23:37:57][http-9444-Processor23]: Start of ProfileSubmitServlet Input Parameters [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter cert_request='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_e='wuser3' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter cert_request_type='pkcs10' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_ou='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter requestor_phone='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_c='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_cn='wuser3' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_ou3='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_ou2='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_ou1='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter requestor_name='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_uid='wuser3' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter Send='Submit' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter profileId='caUserCert' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter requestor_email='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter keyLength='2048' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter cryptprovider='1' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter renewal='false' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter sn_o='' [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet Input Parameter xmlOutput='false' [04/Jul/2009:23:37:57][http-9444-Processor23]: End of ProfileSubmitServlet Input Parameters [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: start serving [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: SubId=profile [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: isRenewal false [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: profileId caUserCert [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: authenticator not found [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmistServlet: set Inputs into profile Context [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: set sslClientCertProvider [04/Jul/2009:23:37:57][http-9444-Processor23]: xx Start parsePKCS10 [04/Jul/2009:23:37:57][http-9444-Processor23]: EnrollProfile: parsePKCS10: signature verification enabled [04/Jul/2009:23:37:57][http-9444-Processor23]: EnrollProfile: parsePKCS10 setting thread token [04/Jul/2009:23:37:57][http-9444-Processor23]: EnrollProfile: parsePKCS10 java.lang.NullPointerException [04/Jul/2009:23:37:57][http-9444-Processor23]: EnrollProfile: parsePKCS10 restoring thread token Invalid Request at com.netscape.cms.profile.common.EnrollProfile.parsePKCS10(EnrollProfile.java:913) at com.netscape.cms.profile.common.EnrollProfile.createRequests(EnrollProfile.java:102) at com.netscape.cms.servlet.profile.ProfileSubmitServlet.process(ProfileSubmitServlet.java:995) at com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:500) at javax.servlet.http.HttpServlet.service(HttpServlet.java:803) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:269) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at com.netscape.cms.servlet.filter.EERequestFilter.doFilter(EERequestFilter.java:124) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:215) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:188) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:210) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:172) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:117) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:542) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:108) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:151) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:870) at org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHandler.processConnection(Http11BaseProtocol.java:665) at org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcpEndpoint.java:528) at org.apache.tomcat.util.net.LeaderFollowerWorkerThread.runIt(LeaderFollowerWorkerThread.java:81) at org.apache.tomcat.util.threads.ThreadPool$ControlRunnable.run(ThreadPool.java:685) at java.lang.Thread.run(Thread.java:636) [04/Jul/2009:23:37:57][http-9444-Processor23]: ProfileSubmitServlet: createRequests Invalid Request [04/Jul/2009:23:37:57][http-9444-Processor23]: CMSServlet: curDate=Sat Jul 04 23:37:57 IST 2009 id=caProfileSubmit time=3 ------------------------------------------------------
high for investigation ..
Requesting 2048 RSA key with 'Base Cryptographic Provider v1.0' using caUserCert profile pops error message box "The error '80090009' occurred. Your credentials could not generated." I see this the 1st time. If the re-use the same page to do another time, I see a invalid submission to the CA. Tested on windows 2003 / IE7