Bug 518431 - ca.p7c bin file is prompted while importing CA Agent certificate in browser
Summary: ca.p7c bin file is prompted while importing CA Agent certificate in browser
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: CA
Version: 1.1
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Andrew Wnuk
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On:
Blocks: 443788 512842
TreeView+ depends on / blocked
 
Reported: 2009-08-20 12:05 UTC by Kashyap Chamarthy
Modified: 2015-01-04 23:39 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-09-14 18:28:11 UTC


Attachments (Terms of Use)
ca.p7c bin file download prompt (37.37 KB, image/png)
2009-08-20 12:06 UTC, Kashyap Chamarthy
no flags Details
proposed fix (3.16 KB, patch)
2009-08-21 00:47 UTC, Andrew Wnuk
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:1443 normal SHIPPED_LIVE pki-ca, pki-ca-ui, pki-kra-ui, pki-common, jss bug fix update 2009-09-14 18:28:03 UTC

Description Kashyap Chamarthy 2009-08-20 12:05:34 UTC
Description of problem:

ca.p7c bin file is prompted while importing CA Agent certificate in browser. (see screen shot attached)

firefox throws warning about the agent cert installed - "certificate cannot be trusted, or cannot be verified or expired.."


Environment: CS8.0 + Errata-1 bits


How reproducible:
every time.

Steps to Reproduce:
1. Install/configure CA subsystem

  
Actual results:
At the certificate import panel, ca.p7c(pkcs#7) file is prompted
- CA agent cert is not trusted.

Expected results:

- ca.p7c should not be prompted
- CA agent certificate should be trusted by firefox cert store.

Comment 1 Kashyap Chamarthy 2009-08-20 12:06:21 UTC
Created attachment 358075 [details]
ca.p7c bin file download prompt

Comment 2 Andrew Wnuk 2009-08-21 00:47:07 UTC
Created attachment 358179 [details]
proposed fix

Comment 4 Matthew Harmsen 2009-08-21 00:55:59 UTC
attachment (id=358179) +mharmsen

Comment 6 Andrew Wnuk 2009-08-21 01:01:23 UTC
svn commit pki/dogtag/common/pki-common.spec                                   Sending        pki/dogtag/common/pki-common.spec
Transmitting file data .
Committed revision 764.

svn commit pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java                              
Sending        pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
Transmitting file data .
Committed revision 765.

svn commit pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java                       
Sending        pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
Transmitting file data .
Committed revision 766.

Comment 8 Kashyap Chamarthy 2009-08-31 09:11:57 UTC
Verified(on newest build from 27-08-09).
ca.p7c is not prompted when the CA configuration is complete.

Comment 11 errata-xmlrpc 2009-09-14 18:28:11 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1443.html


Note You need to log in before you can comment on or make changes to this bug.