#1238 Unable to submit request using profile caAgentFileSigning
Closed: migrated 3 years ago by dmoluguw. Opened 9 years ago by mharmsen.

Ticket was cloned from Red Hat Bugzilla (product Red Hat Certificate System): Bug 1175269

Created attachment 970072
CA Debug logs

Description of problem:

unable to submit a successful request from Profile "Agent Authenticated File
signing". When submitting the request it fails with below error:

Sorry your request has been rejected. The reason is "Request Rejected-{0}"


Version-Release number of selected component (if applicable):

dogtag-pki-10.2.0-3
pki-kra-10.2.0-3
pki-ocsp-10.2.0-3
pki-console-10.2.0-1
pki-ca-10.2.0-3
dogtag-pki-server-theme-10.2.0-2
pki-tools-10.2.0-3
pki-javadoc-10.2.0-3
dogtag-pki-console-theme-10.2.0-2
pki-server-10.2.0-3
pki-symkey-10.2.0-3
pki-tks-10.2.0-3
krb5-pkinit-1.12.2-10
pki-base-10.2.0-3
pki-tps-10.2.0-3
firefox-31.3.0-3
nss-3.16.2.3-2


How reproducible:


Steps to Reproduce:
1. Install CA subsystem
2. From EE , select Agent Authenticated File signing
3. In the form specify a valid file "file:///tmp/test
4. Submit the request

Actual results:

Sorry your request has been rejected. The reason is "Request Rejected-{0}"

Expected results:

The request should be accepted and valid cert should be issued.



Additional info:

In CA Debug logs i see below messages:
<snip>

[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: BasicProfile: validate start on
setId=serverCertSet
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate
start
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate
start
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate
cert subject
=CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a94
70387bc54bc3e970543107f59b02aeff9e5
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint:
validate() - sn500 dname =
CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a947
0387bc54bc3e970543107f59b02aeff9e5
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: CertRequestSubmitter: submit
Invalid Subject Name
CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a947
0387bc54bc3e970543107f59b02aeff9e5 [ Invalid fields:  Common Name  ]
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Failure]
[ReqID=162][InfoName=rejectReason][InfoValue=Request Rejected - Invalid
Subject Name CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013b
f0d261db6a9470387bc54bc3e970543107f59b02aeff9e5 [ Invalid fields:
Common Name  ] ] certificate request processed

</snip>

Per Bug Triage of 05/05/2016: 10.4

Metadata Update from @mharmsen:
- Issue set to the milestone: UNTRIAGED

7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: None
- Issue set to the milestone: FUTURE (was: UNTRIAGED)

6 years ago

Per 10.5.x/10.6 Triage: FUTURE

mharmsen: as this bug is quite old, it needs to be re-verified with more recent bits to see if it is still a problem

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/1800

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata