Ticket was cloned from Red Hat Bugzilla (product Red Hat Certificate System): Bug 1175269
Created attachment 970072 CA Debug logs Description of problem: unable to submit a successful request from Profile "Agent Authenticated File signing". When submitting the request it fails with below error: Sorry your request has been rejected. The reason is "Request Rejected-{0}" Version-Release number of selected component (if applicable): dogtag-pki-10.2.0-3 pki-kra-10.2.0-3 pki-ocsp-10.2.0-3 pki-console-10.2.0-1 pki-ca-10.2.0-3 dogtag-pki-server-theme-10.2.0-2 pki-tools-10.2.0-3 pki-javadoc-10.2.0-3 dogtag-pki-console-theme-10.2.0-2 pki-server-10.2.0-3 pki-symkey-10.2.0-3 pki-tks-10.2.0-3 krb5-pkinit-1.12.2-10 pki-base-10.2.0-3 pki-tps-10.2.0-3 firefox-31.3.0-3 nss-3.16.2.3-2 How reproducible: Steps to Reproduce: 1. Install CA subsystem 2. From EE , select Agent Authenticated File signing 3. In the form specify a valid file "file:///tmp/test 4. Submit the request Actual results: Sorry your request has been rejected. The reason is "Request Rejected-{0}" Expected results: The request should be accepted and valid cert should be issued. Additional info: In CA Debug logs i see below messages: <snip> [15/Dec/2014:08:05:46][http-bio-30042-exec-4]: BasicProfile: validate start on setId=serverCertSet [15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate start [15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate start [15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate cert subject =CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a94 70387bc54bc3e970543107f59b02aeff9e5 [15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate() - sn500 dname = CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a947 0387bc54bc3e970543107f59b02aeff9e5 [15/Dec/2014:08:05:46][http-bio-30042-exec-4]: CertRequestSubmitter: submit Invalid Subject Name CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a947 0387bc54bc3e970543107f59b02aeff9e5 [ Invalid fields: Common Name ] [15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SignedAuditEventFactory: create() message=[AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Failure] [ReqID=162][InfoName=rejectReason][InfoValue=Request Rejected - Invalid Subject Name CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013b f0d261db6a9470387bc54bc3e970543107f59b02aeff9e5 [ Invalid fields: Common Name ] ] certificate request processed </snip>
Per Bug Triage of 05/05/2016: 10.4
Metadata Update from @mharmsen: - Issue set to the milestone: UNTRIAGED
Metadata Update from @mharmsen: - Custom field feature adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field version adjusted to None - Issue close_status updated to: None - Issue set to the milestone: FUTURE (was: UNTRIAGED)
Per 10.5.x/10.6 Triage: FUTURE
mharmsen: as this bug is quite old, it needs to be re-verified with more recent bits to see if it is still a problem
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1800
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.