We performed an os patch and rebooted the server last weekend. Now when we receive a certificate request and we click on it to review it we get this error:
The Certificate System has encountered an unrecoverable error.
Error Message:
java.lang.ClassCastException: netscape.security.x509.Extension cannot be cast to netscape.security.x509.CRLDistributionPointsExtension Please contact your local administrator for assistance.
Our certificate profiles have not changed in over a year
Steps to Reproduce:
use the suggested workaround: - Enable a profile with CRLDistributionPointsExtDefault extension in it - Go to end-services page and submit a cert request using that profile (any dumb req will do) And voila, you've got CRLDistributionPointsExtension working. You can now go to agent page and reject/delete dump request. This will last till next CA reboot. Works on RH CA 8.1. After the workaround, reboot the system and it will fail again.
Per CS Bug/Ticket Triage held 04/19/2016: 10.3.1
I believe the following checkin fixes along with a long ago fix that attempted to put this class in the "OIDMap". Fraser's fix seems to have addressed some corner case:
This should be working now:
commit 93421622ce1ba1bf97d45bca8f346a112c4cf246 Author: Fraser Tweedale ftweedal@redhat.com Date: Fri Mar 18 10:53:18 2016 +1100
Add CRL dist points extension to OIDMap unconditionally It is possible to encounter a case where the CRLDistributionPointsExtension static initialiser, which adds the class to the OIDMap, has not been invoked. This can cause a ClassCastException, e.g. in CRLDistributionPointsExtDefault. Update OIDMap to add CRLDistributionPointsExtension in its own static initialiser. Fixes: https://fedorahosted.org/pki/ticket/2237
Closing this as works for me, I could not even duplicate. This should be a case to have QE run a sanity on this and confirm.
Metadata Update from @mharmsen: - Issue assigned to jmagne - Issue set to the milestone: 10.3.2
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2403
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.