dogtagpki

Clone
Source Code
GIT

#1575 Internet Explorer 11: caUserCert request submission fails using the EE page
Closed: migrated 3 years ago by dmoluguw. Opened 8 years ago by rpattath.

Closed: migrated
Reopen Issue

IE 11: caUserCert request submission fails using the EE page

Steps to Reproduce:

1. Access the EE page of CA from a Windows Server 2012 machine using Internet
Explore 11
2. Create a caUserCert request

Actual results:

Request is not submitted and shows the message "Certificate request not found"

Expected results:

Cetificate request should be created successfully

Additional info:

Debug log messages:

[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet:service() uri =
/ca/ee/ca/profileSubmit
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='cert_request_type' value='keygen'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='selectKeyType' value='RSA'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_uid' value='test3'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_e' value='test3@a.com'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_cn' value='test'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_ou3' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_ou2' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_ou1' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_ou' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_o' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_c' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='requestor_name' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='requestor_email' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='requestor_phone' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='profileId' value='caUserCert'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='renewal' value='false'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='xmlOutput' value='false'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet: caProfileSubmit
start to service.
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: xmlOutput false
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: ProfileSubmitServlet: isRenewal
false
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: according to ccMode,
authorization for servlet: caProfileSubmit is LDAP based, not XML {1}, use
default authz mgr: {2}.
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: Input Parameters:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_o:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_e:
test3@a.com
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - requestor_email:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - requestor_phone:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - remoteHost:
10.13.129.103
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - requestor_name:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_ou3:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_ou2:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_uid: test3
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_cn: test
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - profileId:
caUserCert
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: -
cert_request_type: keygen
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_c:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - isRenewal: false
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_ou1:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_ou:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - remoteAddr:
10.13.129.103
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollmentProcessor: isRenewal
false
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollmentProcessor: profileId
caUserCert
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollmentProcessor: set Inputs
into profile Context
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollmentProcessor: set
sslClientCertProvider
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: Repository: in
getNextSerialNumber.
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: Repository: checkRange
mLastSerialNo=102
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: Repository:
getNextSerialNumber: returning retSerial 102
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollProfile:
setDefaultCertInfo: setting issuerDN using exact CA signing cert subjectDN
encoding
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollProfile: createRequest
102
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CertProcessor:
profileSetid=userCertSet
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CertProcessor: request 102
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CertProcessor: populating
request inputs
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: KeyGenInput: populate - invalid
certificate request
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: ProfileSubmitServlet: error in
processing request: Certificate Request Not Found
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet: curDate=Wed Aug 19
14:34:03 EDT 2015 id=caProfileSubmit time=3

Checkin to only warn of lack of IE 11 support in the UI:

commit 0baf14ad496d18991a83f211b4b60d1811e21fb3
Author: Jack Magne jmagne@localhost.localdomain
Date: Thu Aug 20 12:06:32 2015 -0700

Internet Explorer 11 not working browser warning.

Related to ticket #1575 Internet Explorer 11: caUserCert request submission fails using the EE page.

This patch will only do the following:

Detect IE when IE11 is being used. Before this IE11 was mistaken for Firefox.
Detect IE11 specifically and warn the user that there is no support.

This ticket will live to se we can fix this properly by porting the current
VBS script to Javascript to support cert enrollment on IE 11.

Moving this ticket to 10.3 to be fully resolved.

Per Bug Triage of 05/05/2016: 10.4

Metadata Update from @rpattath:
- Issue assigned to jmagne
- Issue set to the milestone: UNTRIAGED
7 years ago

Metadata Update from @mharmsen:
- Custom field feature adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field version adjusted to None
- Issue close_status updated to: None
- Issue set to the milestone: FUTURE (was: UNTRIAGED)
6 years ago

Per 10.5.x/10.6 Triage: FUTURE

jmagne says that this is a non-trivial effort

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2134

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)
3 years ago

Login to comment on this ticket.

Metadata
None
None
None
major
None
None
defect
None
None
None
None
None
QE
None
None
None
None
None
None
CA
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.