518431 – ca.p7c bin file is prompted while importing CA Agent certificate in browser

Bug 518431 - ca.p7c bin file is prompted while importing CA Agent certificate in browser

Summary: ca.p7c bin file is prompted while importing CA Agent certificate in browser

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Dogtag Certificate System
Classification:	Retired
Component:	CA
Sub Component:
Version:	1.1
Hardware:	All
OS:	Linux
Priority:	high
Severity:	medium
Target Milestone:	---
Assignee:	Andrew Wnuk
QA Contact:	Chandrasekar Kannan
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	443788 512842
TreeView+	depends on / blocked

Reported:	2009-08-20 12:05 UTC by Kashyap Chamarthy
Modified:	2015-01-04 23:39 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2009-09-14 18:28:11 UTC
Embargoed:

Attachments	(Terms of Use)
ca.p7c bin file download prompt (37.37 KB, image/png) 2009-08-20 12:06 UTC, Kashyap Chamarthy	no flags	Details
proposed fix (3.16 KB, patch) 2009-08-21 00:47 UTC, Andrew Wnuk	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2009:1443	0	normal	SHIPPED_LIVE	pki-ca, pki-ca-ui, pki-kra-ui, pki-common, jss bug fix update	2009-09-14 18:28:03 UTC

Description Kashyap Chamarthy 2009-08-20 12:05:34 UTC

Description of problem:

ca.p7c bin file is prompted while importing CA Agent certificate in browser. (see screen shot attached)

firefox throws warning about the agent cert installed - "certificate cannot be trusted, or cannot be verified or expired.."


Environment: CS8.0 + Errata-1 bits


How reproducible:
every time.

Steps to Reproduce:
1. Install/configure CA subsystem

  
Actual results:
At the certificate import panel, ca.p7c(pkcs#7) file is prompted
- CA agent cert is not trusted.

Expected results:

- ca.p7c should not be prompted
- CA agent certificate should be trusted by firefox cert store.

Comment 1 Kashyap Chamarthy 2009-08-20 12:06:21 UTC

Created attachment 358075 [details]
ca.p7c bin file download prompt

Comment 2 Andrew Wnuk 2009-08-21 00:47:07 UTC

Created attachment 358179 [details]
proposed fix

Comment 4 Matthew Harmsen 2009-08-21 00:55:59 UTC

attachment (id=358179) +mharmsen

Comment 6 Andrew Wnuk 2009-08-21 01:01:23 UTC

svn commit pki/dogtag/common/pki-common.spec                                   Sending        pki/dogtag/common/pki-common.spec
Transmitting file data .
Committed revision 764.

svn commit pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java                              
Sending        pki/base/common/src/com/netscape/cms/servlet/cert/GetCAChain.java
Transmitting file data .
Committed revision 765.

svn commit pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java                       
Sending        pki/base/common/src/com/netscape/cms/crl/CMSAuthInfoAccessExtension.java
Transmitting file data .
Committed revision 766.

Comment 8 Kashyap Chamarthy 2009-08-31 09:11:57 UTC

Verified(on newest build from 27-08-09).
ca.p7c is not prompted when the CA configuration is complete.

Comment 11 errata-xmlrpc 2009-09-14 18:28:11 UTC

An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1443.html

Note You need to log in before you can comment on or make changes to this bug.