Bug 504898 - RA: agent unable to revoke a cert
RA: agent unable to revoke a cert
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: RA (Show other bugs)
1.1
All Linux
high Severity medium
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-06-09 20:45 EDT by Ade Lee
Modified: 2015-01-05 20:17 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:36:21 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix (5.27 KB, patch)
2009-06-10 12:43 EDT, Ade Lee
no flags Details | Diff

  None (edit)
Description Ade Lee 2009-06-09 20:45:03 EDT
Description of problem:

This problem occurs due to port separation changes.

The message received back from the CA is as follows:

HTTP/1.1 404 Not Found^M
Server: Apache-Coyote/1.1^M
Content-Type: text/html;charset=utf-8^M
Content-Length: 1156^M
Date: Tue, 09 Jun 2009 12:57:40 GMT^M
Connection: close^M
^M
<html><head><title>Apache Tomcat/5.5.23 - Error report</title><style><!--H1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} H2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} H3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} BODY {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} B {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} P {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;}A {color : black;}A.name {color : black;}HR {color : #525D76;}--></style> </head><body><h1>HTTP Status 404 - Use HTTPS port '9443' instead of '9444' when performing Agent tasks!</h1><HR size="1" noshade="noshade"><p><b>type</b> Status report</p><p><b>message</b> <u>Use HTTPS port '9443' instead of '9444' when performing Agent tasks!</u></p><p><b>description</b> <u>The requested resource (Use HTTPS port '9443' instead of '9444' when performing Agent tasks!) is not available.</u></p><HR size="1" noshade="noshade"><h3>Apache Tomcat/5.5.23</h3></body></html>
Subject: CN=oliver.dsdev.sjc.redhat.com,O=oliver pki-ca domain 05282
Issuer : CN=Certificate Authority,O=oliver pki-ca domain 05282
bulk cipher RC4, 128 secret key bits, 128 key bits, status: 1

Note the message: 

The requested resource (Use HTTPS port '9443' instead of '9444' when performing Agent tasks!) is not available

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Ade Lee 2009-06-10 12:43:32 EDT
Created attachment 347255 [details]
patch to fix 

mharmsen, please review
Comment 2 Matthew Harmsen 2009-06-10 13:06:21 EDT
attachment (id=347255) +mharmsen

CAVEAT:

For the line:

    $domain_xml = get_domain_xml($host, $https_ee_port);

Please check for an empty value before proceeding, something like the following:

    if( $domain_xml eq "" )
        $::symbol{errorString} = "missing security domain.  CA must be installed prior to RA installation";
        return 0;
    }


COMMENT:

For the most part, we have always tried to keep RA and TPS pages in sync, it might be best if the corresponding TPS pages were changed to this logic as well, presuming, of course, that it won't break anything in the TPS.
Comment 3 Ade Lee 2009-06-10 14:41:15 EDT
done on both.  Tested TPS installation is ok.

[builder@dhcp231-124 pki]$ svn ci -m "Bugzilla Bug #504898 - RA: agent unable to revoke a cert" 
Sending        base/ra/lib/perl/PKI/Conn/CA.pm
Sending        base/ra/lib/perl/PKI/RA/CAInfoPanel.pm
Sending        base/tps/lib/perl/PKI/TPS/CAInfoPanel.pm
Sending        dogtag/ra/pki-ra.spec
Sending        dogtag/tps/pki-tps.spec
Transmitting file data .....
Committed revision 578.
Comment 4 Kashyap Chamarthy 2009-06-11 17:07:52 EDT
Verified. RA was able to revoke user certificates.

Note You need to log in before you can comment on or make changes to this bug.