Red Hat Bugzilla – Bug 492963
ESC responds to a problem in the cert request differently depending on which cert in the order has the problem
Last modified: 2015-01-04 18:37:37 EST
Description of problem:
In a tps config with 3 certs specified if the first or second cert profile has an error in it preventing the cert from being created the other 2 still written to the card and you have an enrollment succeed message If the 3rd cert has the problem then none are written to the card and you get an enrollment failed message.
Minor bug, but it should work the same in either case.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1.Create a cert profile that will have to actually be able to process the request. The easiest way to do so is have a policyset defined in the list but not defined in the body of the cert profile. Set this to the first profile created in the tps config. What the other 2 certs get written to the card.
3. Repeat the process but move this erroneous cert profile to the third cert getting created. See the different behavior.
Fix to bug: https://bugzilla.redhat.com/show_bug.cgi?id=579790, addresses this issue. Test text to follow.
Tested with ESC-1.1.0-13 on a Win XP 64 bit host, enrollment performed with the CS 8.1 TPS with the latest build.
1. When all 3 profiles are good, enrollment operation loads all 3 certificates successfully on the token.
2. When the profile of the first certificate is messed up (by defining the policy set in the list and policy not defined in the profile body), during the enrollment ESC throws error message "Enrollment of the smart card failed. The Smart Card Server cannot import the required certificates into your smart card". None of the certificates loaded on the smart card.
3. Moved the erroneous cert profile to the second cert getting created, during the enrollment ESC throws error message and no certificates loaded on the smart card.
4. Moved the erroneous cert profile to the third cert getting created, during the enrollment ESC throws error and none of the certificates loaded on the smart card.
Marking the bug verified.