Bug 518431 - ca.p7c bin file is prompted while importing CA Agent certificate in browser
Summary: ca.p7c bin file is prompted while importing CA Agent certificate in browser
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: CA
Version: 1.1
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Andrew Wnuk
QA Contact: Chandrasekar Kannan
Depends On:
Blocks: 443788 512842
TreeView+ depends on / blocked
Reported: 2009-08-20 12:05 UTC by Kashyap Chamarthy
Modified: 2015-01-04 23:39 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-09-14 18:28:11 UTC

Attachments (Terms of Use)
ca.p7c bin file download prompt (37.37 KB, image/png)
2009-08-20 12:06 UTC, Kashyap Chamarthy
no flags Details
proposed fix (3.16 KB, patch)
2009-08-21 00:47 UTC, Andrew Wnuk
no flags Details | Diff

System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2009:1443 normal SHIPPED_LIVE pki-ca, pki-ca-ui, pki-kra-ui, pki-common, jss bug fix update 2009-09-14 18:28:03 UTC

Description Kashyap Chamarthy 2009-08-20 12:05:34 UTC
Description of problem:

ca.p7c bin file is prompted while importing CA Agent certificate in browser. (see screen shot attached)

firefox throws warning about the agent cert installed - "certificate cannot be trusted, or cannot be verified or expired.."

Environment: CS8.0 + Errata-1 bits

How reproducible:
every time.

Steps to Reproduce:
1. Install/configure CA subsystem

Actual results:
At the certificate import panel, ca.p7c(pkcs#7) file is prompted
- CA agent cert is not trusted.

Expected results:

- ca.p7c should not be prompted
- CA agent certificate should be trusted by firefox cert store.

Comment 1 Kashyap Chamarthy 2009-08-20 12:06:21 UTC
Created attachment 358075 [details]
ca.p7c bin file download prompt

Comment 2 Andrew Wnuk 2009-08-21 00:47:07 UTC
Created attachment 358179 [details]
proposed fix

Comment 4 Matthew Harmsen 2009-08-21 00:55:59 UTC
attachment (id=358179) +mharmsen

Comment 6 Andrew Wnuk 2009-08-21 01:01:23 UTC
svn commit pki/dogtag/common/pki-common.spec                                   Sending        pki/dogtag/common/pki-common.spec
Transmitting file data .
Committed revision 764.

svn commit pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java                              
Sending        pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
Transmitting file data .
Committed revision 765.

svn commit pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java                       
Sending        pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
Transmitting file data .
Committed revision 766.

Comment 8 Kashyap Chamarthy 2009-08-31 09:11:57 UTC
Verified(on newest build from 27-08-09).
ca.p7c is not prompted when the CA configuration is complete.

Comment 11 errata-xmlrpc 2009-09-14 18:28:11 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.