Pkiconsole is not accessible from HSM and FIPS environment. I have attched wireshark logs for pkiconsole URL.
Steps to Reproduce:
1.Setup environment for CC. 2. Try to access pkiconsole from HSM machine. 3. pkiconsole https://csqa4-guest04.idm.lab.eng.rdu.redhat.com:25443/ca
Actual Results:
RROR: BAD_SIGNATURE encountered on 'CN=csqa4-guest04.idm.lab.eng.rdu.redhat.com,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips' results in a denied SSL server cert! WARNING: UNTRUSTED ISSUER encountered on 'CN=csqa4-guest04.idm.lab.eng.rdu.redhat.com,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips' indicates a non-trusted CA cert 'CN=CA Signing Certificate,OU=pki-RootCA-CMC3,O=Example-Test-rhel-fips' Import CA certificate (Y/n)? Y CA server URI [http://csqa4-guest04.idm.lab.eng.rdu.redhat.com:8080/ca]: http://csqa4-guest04.idm.lab.eng.rdu.redhat.com:25080/ca ERROR: java.security.cert.CertificateEncodingException: CERT_ImportCAChainTrusted returned an error: (-8174) security library: bad database. FATAL: SSL alert sent: BAD_CERTIFICATE
Additional Info:
See associated bug.
Metadata Update from @mharmsen: - Custom field component adjusted to General - Custom field feature adjusted to '' - Custom field origin adjusted to Community - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1461936 - Custom field type adjusted to defect - Custom field version adjusted to '' - Issue priority set to: critical - Issue set to the milestone: 10.4
Metadata Update from @mharmsen: - Issue set to the milestone: 10.5 (was: 10.4)
Metadata Update from @mharmsen: - Issue priority set to: major (was: critical)
[20171025] - Offline Triage ==> 10.6
Metadata Update from @mharmsen: - Issue set to the milestone: 10.6 (was: 10.5)
As part of offline triage, pkiconsole is deprecated starting from PKI 10.6+. We might drop the whole console package in future releases.
pkiconsole
Metadata Update from @dmoluguw: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2880
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.