#3107 Unable to configure scep on PKI 10.8.0
Closed: migrated 3 years ago by dmoluguw. Opened 4 years ago by dmoluguw.

Description:
ClassNotFoundException when trying to install and configure scep

Package:
pki-10.8.0-0.1

Environment:
Fedora 30

Steps to Reproduce:

Configure scep by following the upstream instructions: https://www.dogtagpki.org/wiki/SCEP_Setup

CS.cfg:
...
ca.scep.allowedEncryptionAlgorithms=DES,DES3
ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
ca.scep.enable=true
ca.scep.encryptionAlgorithm=DES
ca.scep.hashAlgorithm=MD5
ca.scep.nonceSizeLimit=16
...

Also

  • install SSCEP client
  • generate CA certificate
    $ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt
    

And verify by running

$ openssl x509 -in ca.crt -text
  • generate CSR request and a key
    $ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS
    

and when trying to test enroll the followng error is generated:
(Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException):

Logs:

# sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c
ca.crt -k local.key -r local.csr -l cert.crt -d

sscep: starting sscep, version 0.6.1
sscep: new transaction
sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
sscep: hostname: ca.lvm.postmet.com
sscep: directory: ca/cgi-bin/pkiclient.exe
sscep: port: 8080
sscep:  Read request with transaction id:
9A6C3918C54DB994E7E951505983A181
sscep: generating selfsigned certificate
sscep: SCEP_OPERATION_ENROLL
sscep: sending certificate request
sscep: creating inner PKCS#7
sscep: inner PKCS#7 in mem BIO 
sscep: request data dump 
-----BEGIN CERTIFICATE REQUEST-----
MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39M
ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQ
Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/
ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb3
DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA5
URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV91
g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZO
oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA==
-----END CERTIFICATE REQUEST-----
sscep: data payload size: 415 bytes

 sscep: hexdump request payload 
3082019b3082010402010030183116301406035504030c0d3137322e31362e32342e323
33830819f300d06092a864886f70d010101050003818d0030818902818100b1f7a86c4d
d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54ea8b3c2a1
eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cded4cd11c
8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054f8367f9b
19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886f70d0109
07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e311630143
0120603551d110101ff040830068704ac1018ee300d06092a864886f70d01010b050003
81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe942cc973b4
36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e30a7885e1
455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017be656cece
1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c
 sscep: hexdump payload 415 
sscep: successfully encrypted payload
sscep: envelope size: 956 bytes
sscep: printing PEM fomatted PKCS#7
-----BEGIN PKCS7-----
MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAkG
A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1Bv
c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDAe
BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhFh
ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQEB
BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU9587
8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6Gj
e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaphv
L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2W
L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC49
U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQI
+d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVel
CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAob
mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FTl
iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/s
uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5k
YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpPE
+yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaTC
5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7c
Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o=
-----END PKCS7-----
sscep: creating outer PKCS#7
sscep: signature added successfully
sscep: adding signed attributes
sscep: adding string attribute transId
sscep: adding string attribute messageType
sscep: adding octet attribute senderNonce
sscep: PKCS#7 data written successfully
sscep: printing PEM fomatted PKCS#7
-----BEGIN PKCS7-----
MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ
KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw
ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl
bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM
IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDEx
IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2gx
ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/aY
8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7DI
9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg9
jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6h
e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f3
UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZI
hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI
OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X
UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt
zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfMD
PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm
JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI3
imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR
ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7
W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx
r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0
RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu
MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG
A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn5
lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jcq
dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0B
AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQeL
gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF490
TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggGl
AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk5
NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQkC
MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw
IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQcx
IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB
BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu
Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb
zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg==
-----END PKCS7-----
sscep: applying base64 encoding
sscep: base64 encoded payload size: 2588 bytes
sscep: scep msg: GET /ca/cgi-
bin/pkiclient.exe?operation=PKIOperation&message=MIIHc..........NAQcCoI
IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwASCA7wwgg
O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQYDVQQGEw
JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3
Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE
1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY2
9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8T
dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHry
aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/
uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li
7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7A
u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKo
ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI%0
AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X%0AUyi
cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0AzlQxPL7
7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0APRJheltEk
r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJydFlrZLpMl
M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0AimzH/XSL1YA
fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlAcIwyOkLF
AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Etu4w8EwHU
lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9SvyqCCAcc
wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE4MTANBgk
qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDkwOTA3MTI
zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgk
qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG1nXlm8Vv
39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQK
r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCA
wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtlUQ462teC
wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHgl
t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyEL
XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MTh
DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvh
FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8
X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw%0A
IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBCQcx%0AIh
MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%0ABQAEgY
BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx/ohg2CAU
8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzMp1TGXlKr
yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0

sscep: server returned status code 500
sscep: mime_err: HTTP/1.1 500 
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 3234
Date: Mon, 09 Sep 2019 07:12:32 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ā€“ Internal
Server Error</title><style type="text/css">h1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} b {font-
family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-
size:12px;} a {color:black;} a.name {color:black;} .line
{height:1px;background-
color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 ā€“
Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception
Report</p><p><b>Message</b> Couldn&#39;t handle CEP request (PKCSReq) -
Could not unwrap PKCS10 blob: java.security.cert.CertificateException:
Error instantiating class for challenge_password
java.lang.ClassNotFoundException:
com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Descripti
on</b> The server encountered an unexpected condition that prevented it
from fulfilling the
request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException:
Couldn&#39;t handle CEP request (PKCSReq) - Could not unwrap PKCS10
blob: java.security.cert.CertificateException: Error instantiating
class for challenge_password java.lang.ClassNotFoundException:
com.netscape.cms.servlet.cert.scep.ChallengePassword
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CRSEnr
ollment.java:397)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho
dAccessorImpl.java:43)
        java.lang.reflect.Method.invoke(Method.java:498)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja
va:282)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja
va:279)
        java.security.AccessController.doPrivileged(Native Method)
        javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.
java:314)
        org.apache.catalina.security.SecurityUtil.doAsPrivilege(Securit
yUtil.java:170)
        java.security.AccessController.doPrivileged(Native Method)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.j
ava:53)
        sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho
dAccessorImpl.java:43)
        java.lang.reflect.Method.invoke(Method.java:498)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja
va:282)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja
va:279)
        java.security.AccessController.doPrivileged(Native Method)
        javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.
java:314)
        org.apache.catalina.security.SecurityUtil.doAsPrivilege(Securit
yUtil.java:253)
</pre><p><b>Note</b> The full stack trace of the root cause is
available in the server logs.</p><hr class="line" /><h3>Apache
Tomcat/9.0.21</h3></body></html>
sscep: wrong (or missing) MIME content type
sscep: error while sending message

On initial investigation, the ClassNotFoundException might be due to the merge of cmscore jar into cms jar: https://github.com/dogtagpki/pki/commits/master/base/server/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java

Metadata Update from @dmoluguw:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None

4 years ago

The stack trace does not point to the origin of the exception, but based on the error message the ClassNotFoundException might have been generated by either one of these lines in JSS:

The code is trying to load a class using the class loader of the current class (i.e. OIDMap). Note that the OIDMap was moved from PKI to JSS last year which also changed the class loader in Tomcat (see https://tomcat.apache.org/tomcat-8.5-doc/class-loader-howto.html).

This will still require further investigation, but I suspect the recent merging of cmscore.jar and cms.jar was probably not the cause because it shouldn't have changed the class loader. It would be nice if the problem can be retested on PKI 10.7.x to confirm that.

Interestingly, it seems to reference two files which I can't find anywhere (in PKI, Java, or JSS):

  • x509extensions.oid
  • x509extensions.classes

Hello, we hit the same issue while using the current master Dogtag version.

As a workaround, we successfully tried the following solution:

  • we copied the ChallengePassword.java class to JSS sources (to org/mozilla/jss/netscape/security/pkcs/)
  • we rebuilt JSS
  • we updated the /etc/pki/pki-tomcat/ca/CS.cfg config file to reflect the new class location:

    oidmap.challenge_password.class=org.mozilla.jss.netscape.security.pkcs.ChallengePassword
    
  • and used the custom JSS build in Dogtag.

Iā€™m not sure if the class philosophically belongs to Dogtag or JSS but perhaps you might consider moving this class to JSS as a permanent solution to the problem?

We noticed that this class is also used from a few places in Dogtag so the references would need to be updated there. Thanks!

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3224

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

3 years ago

Login to comment on this ticket.

Metadata