Bug 510232 - clone ca server cert - wizard ignores SubjectName and Nickname customization
clone ca server cert - wizard ignores SubjectName and Nickname customization
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: Cloning (Show other bugs)
unspecified
All Linux
high Severity medium
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-07-08 08:50 EDT by Chandrasekar Kannan
Modified: 2015-01-04 18:39 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:37:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix (1.92 KB, patch)
2009-07-08 17:47 EDT, Ade Lee
no flags Details | Diff

  None (edit)
Description Chandrasekar Kannan 2009-07-08 08:50:15 EDT
- create a ca
- create a clone ca.

During the clone ca wizard, attempt to customize the clone CA's server cert
subject name and nickname. cert issued ignores that.

log file...

[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet: process
[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet:service() uri = /ca/admin/console/config/wizard
[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet::service() param name='sslserver' value='CN=beta.dsdev.sjc.redhat.com,OU=caclone02,O=caclone02'
[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet::service() param name='sslserver_nick' value='Server-Cert cert-pki-clone-ca-02'
[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet::service() param name='p' value='11'
[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet::service() param name='op' value='next'
[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet: op=next
[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet: size=19
[08/Jul/2009:04:23:58][http-37545-Processor22]: WizardServlet: in next 11
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: in update()
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertRequestPanel cleanup: get certificate repository
[08/Jul/2009:04:23:58][http-37545-Processor22]: getConn: mNumConns now 2
[08/Jul/2009:04:23:58][http-37545-Processor22]: In findCertRecordsInList
[08/Jul/2009:04:23:58][http-37545-Processor22]: In DBVirtualList filter attrs sortKey pageSize filter: (certStatus=*) attrs: null pageSize 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: returnConn: mNumConns now 3
[08/Jul/2009:04:23:58][http-37545-Processor22]: getEntries returning 1
[08/Jul/2009:04:23:58][http-37545-Processor22]: mTop 15
[08/Jul/2009:04:23:58][http-37545-Processor22]: Getting Virtual List size: 16
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 0 mTop 15
[08/Jul/2009:04:23:58][http-37545-Processor22]: getPage 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getEntries returning 11
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 1 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 2 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 3 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 4 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 5 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 6 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 7 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 8 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 9 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 10 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 11 mTop 0
[08/Jul/2009:04:23:58][http-37545-Processor22]: getPage 11
[08/Jul/2009:04:23:58][http-37545-Processor22]: getEntries returning 6
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 12 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 13 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 14 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 15 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertRequestPanel cleanUp exception in resetting serial number: java.lang.NumberFormatException: For input string: "ffe0001"
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: clone configuration detected
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: configCertWithTag start
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: configCertWithTag ct=signing tag=sslserver
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: configCertWithTag ct=ocsp_signing tag=sslserver
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: configCertWithTag ct=sslserver tag=sslserver
[08/Jul/2009:04:23:58][http-37545-Processor22]: configCertWithTag: Setting nickname for sslserver to Server-Cert cert-pki-clone-ca-02
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: configCert called
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: in configCert caType is local
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: subsystem ca
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: updateConfig() for certTag sslserver
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel: updateConfig() done
[08/Jul/2009:04:23:58][http-37545-Processor22]: Creating local certificate... certTag=sslserver
[08/Jul/2009:04:23:58][http-37545-Processor22]: Repository: in getNextSerialNumber. 
[08/Jul/2009:04:23:58][http-37545-Processor22]: getConn: mNumConns now 2
[08/Jul/2009:04:23:58][http-37545-Processor22]: Repository: getSerialNumber.
[08/Jul/2009:04:23:58][http-37545-Processor22]: returnConn: mNumConns now 3
[08/Jul/2009:04:23:58][http-37545-Processor22]: Repository:setSerialNumber 2
[08/Jul/2009:04:23:58][http-37545-Processor22]: Repository: in InitCache
[08/Jul/2009:04:23:58][http-37545-Processor22]: Repository: Instance of Certificate Repository.
[08/Jul/2009:04:23:58][http-37545-Processor22]: Repository: minSerial ffe0001 maxSerial: fff0000
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:  in getLastSerialNumberInRange: low 268304385 high 268369920
[08/Jul/2009:04:23:58][http-37545-Processor22]: getConn: mNumConns now 2
[08/Jul/2009:04:23:58][http-37545-Processor22]: In findCertRecordsInList with Jumpto 268369920
[08/Jul/2009:04:23:58][http-37545-Processor22]: In DBVirtualList filter attrs startFrom sortKey pageSize filter: (certstatus=*) attrs: null pageSize -5 startFrom 09268369920
[08/Jul/2009:04:23:58][http-37545-Processor22]: returnConn: mNumConns now 3
[08/Jul/2009:04:23:58][http-37545-Processor22]: getEntries returning 6
[08/Jul/2009:04:23:58][http-37545-Processor22]: mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: Getting Virtual List size: 16
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:getLastSerialNumberInRange: recList size 16
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:getLastSerialNumberInRange: ltSize 16
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 0 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: reverse direction getting index 5
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:getLastCertRecordSerialNo:  serialno  268369921
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 1 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: reverse direction getting index 4
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:getLastCertRecordSerialNo:  serialno  15
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 2 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: reverse direction getting index 3
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:getLastCertRecordSerialNo:  serialno  14
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 3 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: reverse direction getting index 2
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:getLastCertRecordSerialNo:  serialno  13
[08/Jul/2009:04:23:58][http-37545-Processor22]: getElementAt: 4 mTop 10
[08/Jul/2009:04:23:58][http-37545-Processor22]: reverse direction getting index 1
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:getLastCertRecordSerialNo:  serialno  12
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertificateRepository:getLastCertRecordSerialNo: returning 268304384
[08/Jul/2009:04:23:58][http-37545-Processor22]: Repository:  mLastSerialNo: 268304384
[08/Jul/2009:04:23:58][http-37545-Processor22]: Repository: getNextSerialNumber: returning retSerial 268304385
[08/Jul/2009:04:23:58][http-37545-Processor22]: Creating local certificate... issuerdn=CN=Certificate Authority,O=DsdevSjcRedhat Domain
[08/Jul/2009:04:23:58][http-37545-Processor22]: Creating local certificate... dn=CN=beta.dsdev.sjc.redhat.com,o=clone
[08/Jul/2009:04:23:58][http-37545-Processor22]: Cert Template: [
  Version: V3
  Subject: CN=beta.dsdev.sjc.redhat.com,O=clone
  Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4

  Key:  RSA Public Key
  Algorithm: RSA
  modulus:
    00b837d8 211c2685 0a3af3b0 ec2739a4 cf1a9daa 35cc6725 e0b53bfb bd8b99c8
    706f4679 df9571dc c6fe69ab 8fa0d81b 671f1056 4c13e7ef f6e97d60 e57c3da9
    35402e7f c125487f 057ed46e 7ab8c5ab b3ba4761 aafc3409 2e726eff f33edce1
    d1e07520 ab42b690 c5e6ffb3 b4f622d3 4f48f7ce a17e0471 03ed148b f8df9aa0
    12fc122a c28f063b be4dafd8 bedc4910 b7c7e151 3206fc55 526af240 804dea33
    db063653 30ddcda0 d1c260cd ccfa0b95 e30d533d b3a26084 46e63af1 d913a960
    f25043ae 1c3572c6 6dc8f17d 82653ccf d31c3591 747ad497 5452c2b1 67a5e611
    108898de 7d83f639 df695a40 c83cfbd1 eb133ebb 21774e3a f0038552 a846872d
    1b

  publicExponent:
    010001

  Validity: [From: Wed Jul 08 04:23:58 PDT 2009,
               To: Wed Jul 08 04:23:58 PDT 2009]
  Issuer: CN=Certificate Authority,O=DsdevSjcRedhat Domain
  SerialNumber: [    0ffe0001 ]

]
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertUtil: createLocalRequest for serial: 268304385
[08/Jul/2009:04:23:58][http-37545-Processor22]: certUtil: newRequest called
[08/Jul/2009:04:23:58][http-37545-Processor22]: certUtil: calling setRequestStatus
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertUtil profile name= serverCert.profile
[08/Jul/2009:04:23:58][http-37545-Processor22]: AuthInfoAccess: createExtension i=0
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertUtil createSelfSignedCert: got CA private key
[08/Jul/2009:04:23:58][http-37545-Processor22]: key algorithm is RSA
[08/Jul/2009:04:23:58][http-37545-Processor22]: CA Signing Key type rsa
[08/Jul/2009:04:23:58][http-37545-Processor22]: Signing RSA certificate
[08/Jul/2009:04:23:58][http-37545-Processor22]: CertUtil createSelfSignedCert: got cert signed
[08/Jul/2009:04:23:58][http-37545-Processor22]: getConn: mNumConns now 2
[08/Jul/2009:04:23:58][http-37545-Processor22]: returnConn: mNumConns now 3
[08/Jul/2009:04:23:58][http-37545-Processor22]: NamePanel configCert: finished adding certificate record.
[08/Jul/2009:04:23:58][http-37545-Processor22]: certUtil: before updateRequest
Comment 1 Chandrasekar Kannan 2009-07-08 08:50:48 EDT
this customization is important for hsms
Comment 2 Ade Lee 2009-07-08 17:47:53 EDT
Created attachment 350995 [details]
patch to fix

dn not being set .. setting this fixes setting the nickname too.

cfu, please review
Comment 3 Jack Magne 2009-07-08 18:03:35 EDT
Attachment (id=350995) +jmagne.
Comment 4 Ade Lee 2009-07-08 18:10:05 EDT
[builder@dhcp231-124 pki]$ svn ci -m "Bugzilla Bug #510232 - clone ca server cert - wizard ignores SubjectName and Nickname customization" 
Sending        base/common/src/com/netscape/cms/servlet/csadmin/NamePanel.java
Sending        dogtag/common/pki-common.spec
Transmitting file data ..
Committed revision 688.

Note You need to log in before you can comment on or make changes to this bug.