Issue #2760: Pkiconsole is not accessible from HSM and FIPS environment - dogtagpki

dogtagpki

#2760 Pkiconsole is not accessible from HSM and FIPS environment

Closed: wontfix 4 years ago by dmoluguw. Opened 6 years ago by mharmsen.

Pkiconsole is not accessible from HSM and FIPS environment.
I have attched wireshark logs for pkiconsole URL.

Steps to Reproduce:

1.Setup environment for CC.
2. Try to access pkiconsole from HSM machine.
3. pkiconsole https://csqa4-guest04.idm.lab.eng.rdu.redhat.com:25443/ca

Actual Results:

RROR: BAD_SIGNATURE encountered on 'CN=csqa4-guest04.idm.lab.eng.rdu.redhat.com,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips' results in a denied SSL server cert!
WARNING: UNTRUSTED ISSUER encountered on 'CN=csqa4-guest04.idm.lab.eng.rdu.redhat.com,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips' indicates a non-trusted CA cert 'CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips'
Import CA certificate (Y/n)? Y
CA server URI [http://csqa4-guest04.idm.lab.eng.rdu.redhat.com:8080/ca]: http://csqa4-guest04.idm.lab.eng.rdu.redhat.com:25080/ca
ERROR: java.security.cert.CertificateEncodingException: CERT_ImportCAChainTrusted returned an error: (-8174) security library: bad database.
FATAL: SSL alert sent: BAD_CERTIFICATE

Additional Info:

See associated bug.

Metadata Update from @mharmsen:
- Custom field component adjusted to General
- Custom field feature adjusted to ''
- Custom field origin adjusted to Community
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1461936
- Custom field type adjusted to defect
- Custom field version adjusted to ''
- Issue priority set to: critical
- Issue set to the milestone: 10.4

6 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5 (was: 10.4)

6 years ago

Metadata Update from @mharmsen:
- Issue priority set to: major (was: critical)

6 years ago

mharmsen commented 6 years ago

[20171025] - Offline Triage ==> 10.6

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.6 (was: 10.5)

6 years ago

dmoluguw commented 4 years ago

As part of offline triage, pkiconsole is deprecated starting from PKI 10.6+. We might drop the whole console package in future releases.

Metadata Update from @dmoluguw:
- Issue close_status updated to: wontfix
- Issue status updated to: Closed (was: Open)

4 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2880

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.6

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1461936

type

defect

version

keywords

None

estimate

None

feature

origin

Community

proposedpriority

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

component

General

proposedmilestone

dogtagpki

Source Code

#2760 Pkiconsole is not accessible from HSM and FIPS environment Closed: wontfix 4 years ago by dmoluguw. Opened 6 years ago by mharmsen.

Metadata

#2760 Pkiconsole is not accessible from HSM and FIPS environment

Closed: wontfix 4 years ago by dmoluguw. Opened 6 years ago by mharmsen.