Bug 495676 - pkisilent ConfigureCA failure on AdminCertImportPanel
pkisilent ConfigureCA failure on AdminCertImportPanel
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: Scripts (Show other bugs)
1.1
All Linux
high Severity medium
: ---
: ---
Assigned To: Matthew Harmsen
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-04-14 07:11 EDT by Roman Kisilenko
Modified: 2015-01-04 18:37 EST (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:34:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Relevant console output snippet (7.97 KB, text/plain)
2009-04-14 07:13 EDT, Roman Kisilenko
no flags Details
pkisilent install logs (700.00 KB, application/x-tar)
2009-06-05 11:21 EDT, Jenny Galipeau
no flags Details

  None (edit)
Description Roman Kisilenko 2009-04-14 07:11:54 EDT
Description of problem:
pkisilent fails when importing admin certificate during CA configuration. 

Version-Release number of selected component (if applicable): 
pki-silent-1.1.0-1.fc10

How reproducible: Always

Steps to Reproduce:
1. Configure CA using pkisilent
  
Actual results:
CA is not configured, failure during AdminCertImportPanel step

Expected results:
CA properly configured

Additional info:
1. See attached file for console output relevant to the issue.
2. Exception is 
java.security.cert.CertificateEncodingException: Security library failed to decode certificate package: (-8183) security library: improperly formatted DER-encoded message.
	at org.mozilla.jss.CryptoManager.importCertPackageNative(Native Method)
	at org.mozilla.jss.CryptoManager.importCertPackage(CryptoManager.java:973)
	at ComCrypto.importCert(ComCrypto.java:256)
	at ConfigureCA.AdminCertImportPanel(ConfigureCA.java:1037)
	at ConfigureCA.ConfigureCAInstance(ConfigureCA.java:1323)
	at ConfigureCA.main(ConfigureCA.java:1566)
3. Looking at the source code it is obvious that pkisilent tool does not take into account that agent and user web interfaces are on different ports now in dogtag 1.1, it attempts to import cert via 9443 port instead of 9444 thus getting 404 error and wrong data.

Workaround:
Edit /var/lib/pki-ca/webapps/ca/WEB-INF/web.xml and alter user web UI port to 9443 instead of 9444 prior to running pkisilent.
Comment 1 Roman Kisilenko 2009-04-14 07:13:45 EDT
Created attachment 339461 [details]
Relevant console output snippet
Comment 2 Matthew Harmsen 2009-05-19 15:16:11 EDT
This issue is being addressed by Bugzilla Bug #500748.
Comment 3 Jenny Galipeau 2009-06-05 11:21:05 EDT
no exceptions with pkisilent for ca and all subsystems - see attached logs.
Verified
Comment 4 Jenny Galipeau 2009-06-05 11:21:31 EDT
Created attachment 346670 [details]
pkisilent install logs

Note You need to log in before you can comment on or make changes to this bug.