Description of problem: pkisilent fails when importing admin certificate during CA configuration. Version-Release number of selected component (if applicable): pki-silent-1.1.0-1.fc10 How reproducible: Always Steps to Reproduce: 1. Configure CA using pkisilent Actual results: CA is not configured, failure during AdminCertImportPanel step Expected results: CA properly configured Additional info: 1. See attached file for console output relevant to the issue. 2. Exception is java.security.cert.CertificateEncodingException: Security library failed to decode certificate package: (-8183) security library: improperly formatted DER-encoded message. at org.mozilla.jss.CryptoManager.importCertPackageNative(Native Method) at org.mozilla.jss.CryptoManager.importCertPackage(CryptoManager.java:973) at ComCrypto.importCert(ComCrypto.java:256) at ConfigureCA.AdminCertImportPanel(ConfigureCA.java:1037) at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1323) at ConfigureCA.main(ConfigureCA.java:1566) 3. Looking at the source code it is obvious that pkisilent tool does not take into account that agent and user web interfaces are on different ports now in dogtag 1.1, it attempts to import cert via 9443 port instead of 9444 thus getting 404 error and wrong data. Workaround: Edit /var/lib/pki-ca/webapps/ca/WEB-INF/web.xml and alter user web UI port to 9443 instead of 9444 prior to running pkisilent.
Created attachment 339461 [details] Relevant console output snippet
This issue is being addressed by Bugzilla Bug #500748.
no exceptions with pkisilent for ca and all subsystems - see attached logs. Verified
Created attachment 346670 [details] pkisilent install logs