Bug 493012 - Authentication plugin hangs, later throws Exception, when SSL is enabled for authentication plugin
Summary: Authentication plugin hangs, later throws Exception, when SSL is enabled for ...
Keywords:
Status: CLOSED WORKSFORME
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Authentication
Version: 1.1
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Andrew Wnuk
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2009-03-31 10:02 UTC by Kashyap Chamarthy
Modified: 2015-01-04 23:37 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-06-16 15:16:31 UTC
Embargoed:


Attachments (Terms of Use)

Description Kashyap Chamarthy 2009-03-31 10:02:18 UTC
Description of problem:

Pkiconsole(CA)  hangs for a long duration when SSL is enabled(ldap.ldapcpnn.port=636) for any of the authentication plugin. Later throws the below execption

"SERVER_NORESPONSE-java.util.
MissingResouceException: Can't find resource for bundle com.netscape.admin.
certsrv.CMSAdminResources,key SERVER_NORESPONSE"



How reproducible:
Always

Steps to Reproduce:
1. Request a Server certificate via Directory Server "Manage Certificates" console, approve the PKCS#10 request in the CA agent pages.
2. Install the server certificate in Directory Server which was approved in CA agent pages.
3. Now get the base64 encoded CA Cert from CA agent pages and install it in the "CA Certs" console, and restart the directory server instance.
4. Enable SSL/TLS in the Configuration->Settings tab of the directory server console. Also enable the "Use this ciper family-pointing to the directory server cert.
5. Now, in the CA admin console, go to "Authentication" tab, and edit "UserDirEnrollment" plugin and enable the ssl(ldap.ldapcpnn.port=636) and try to save the configuration.
  
Actual results:
pkiconsole hangs for a long time, and later throws an exception:

"SERVER_NORESPONSE-java.util.
MissingResouceException: Can't find resource for bundle com.netscape.admin.
certsrv.CMSAdminResources,key SERVER_NORESPONSE"

Expected results:
The plugin should accept the SSL changes successfully.

Otherinfo:
-- CA debug also hangs for a minute,when tried a 
#tail -f /var/log/pki-ca/debug
but, does not provide much info about any errors. 
-- There are no selinux alerts for this, I verified.

Please let me know if any other info. is required.

Comment 1 Andrew Wnuk 2009-06-16 01:20:47 UTC
The only thing missing in above procedure is that I was prompt to restart directory server after finishing (4), which I did.

I finished above procedure and I have have no problems with directory enrollment authenticated over SSL.

It works for me.


Note You need to log in before you can comment on or make changes to this bug.