This test is further extension to BZ https://bugzilla.redhat.com/show_bug.cgi?id=1329365.
Here we are testing the Authority Key Identifier and subject key identifier as mentioned in ::
1. http://pki.fedoraproject.org/wiki/Custom_Installation(Adding generic system certificate request extension) 2. http://pki.fedoraproject.org/wiki/Certificate_Extensions#CA_Signing_CSR_Exte nsions
Steps to Reproduce:
1. Used step1.cfg to run first step. 2. Try to add additional parameters in CS.cfg(/etc/pki).I tried to add for authority key identifier. preop.cert.AKI.ext.oid=1.3.6.1.4.1.311.20.9 preop.cert.AKI.ext.data=1E0A00530075006200430041 preop.cert.AKI.ext.critical=true 3. Use openssl to sign csr. $ openssl x509 -req -in ca_signing.csr -CA rootca.pem -CAkey rootca.key -CAcreateserial -out ca_signing.pem 4. Perform step2 to do final installation. 5. Installation went fine but when tried to access EE amd agent pages so got below exception. java.io.IOException: CS server is not ready to serve. com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:445) javax.servlet.http.HttpServlet.service(HttpServlet.java:731) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498)
Actual results:
Pki installation doesn't show any exception .When tried to open EE page it shows java.io.IOException: CS server is not ready to serve. com.netscape.cms.servlet.base.CMSServlet.service(CMSServlet.java:445) javax.servlet.http.HttpServlet.service(HttpServlet.java:731) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccesso rImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498)
Expected results:
Installation should go fine and it should support all extensions well . ExternalCA signed using using openssl with additional extensions should work.
Additional info:
Note :: all the files/logs and screenshots are attached. Created attachment 1205043 Logs
Per CS/DS Meeting of 10/04/2016: 10.4
Metadata Update from @gkapoor: - Issue set to the milestone: UNTRIAGED
Metadata Update from @mharmsen: - Custom field feature adjusted to '' - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: None - Issue priority set to: 2 (was: 3) - Issue set to the milestone: 10.4 (was: UNTRIAGED)
Per PKI Bug Council of 04/05/2017: 10.5
Metadata Update from @mharmsen: - Issue set to the milestone: 10.5 (was: 10.4)
Metadata Update from @mharmsen: - Issue set to the milestone: FUTURE (was: 10.5)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2602
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.