Bug 493012 - Authentication plugin hangs, later throws Exception, when SSL is enabled for authentication plugin
Authentication plugin hangs, later throws Exception, when SSL is enabled for ...
Status: CLOSED WORKSFORME
Product: Dogtag Certificate System
Classification: Community
Component: Authentication (Show other bugs)
1.1
All Linux
high Severity medium
: ---
: ---
Assigned To: Andrew Wnuk
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-03-31 06:02 EDT by Kashyap Chamarthy
Modified: 2015-01-04 18:37 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-06-16 11:16:31 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kashyap Chamarthy 2009-03-31 06:02:18 EDT
Description of problem:

Pkiconsole(CA)  hangs for a long duration when SSL is enabled(ldap.ldapcpnn.port=636) for any of the authentication plugin. Later throws the below execption

"SERVER_NORESPONSE-java.util.
MissingResouceException: Can't find resource for bundle com.netscape.admin.
certsrv.CMSAdminResources,key SERVER_NORESPONSE"



How reproducible:
Always

Steps to Reproduce:
1. Request a Server certificate via Directory Server "Manage Certificates" console, approve the PKCS#10 request in the CA agent pages.
2. Install the server certificate in Directory Server which was approved in CA agent pages.
3. Now get the base64 encoded CA Cert from CA agent pages and install it in the "CA Certs" console, and restart the directory server instance.
4. Enable SSL/TLS in the Configuration->Settings tab of the directory server console. Also enable the "Use this ciper family-pointing to the directory server cert.
5. Now, in the CA admin console, go to "Authentication" tab, and edit "UserDirEnrollment" plugin and enable the ssl(ldap.ldapcpnn.port=636) and try to save the configuration.
  
Actual results:
pkiconsole hangs for a long time, and later throws an exception:

"SERVER_NORESPONSE-java.util.
MissingResouceException: Can't find resource for bundle com.netscape.admin.
certsrv.CMSAdminResources,key SERVER_NORESPONSE"

Expected results:
The plugin should accept the SSL changes successfully.

Otherinfo:
-- CA debug also hangs for a minute,when tried a 
#tail -f /var/log/pki-ca/debug
but, does not provide much info about any errors. 
-- There are no selinux alerts for this, I verified.

Please let me know if any other info. is required.
Comment 1 Andrew Wnuk 2009-06-15 21:20:47 EDT
The only thing missing in above procedure is that I was prompt to restart directory server after finishing (4), which I did.

I finished above procedure and I have have no problems with directory enrollment authenticated over SSL.

It works for me.

Note You need to log in before you can comment on or make changes to this bug.