Description of problem: enableOCSP=true is not supported in few cases on shared instance
enableOCSP=true
Version-Release number of selected component (if applicable):
[root@pki1 ~]# pki --version PKI Command-Line Interface 10.5.9-12.el7_6
How reproducible: 1> setup single shared instance. 2> EnableOCSP parameter:-
[root@pki1 ~]# vim /etc/pki/pki-tomcat/server.xml ...... enableOCSP="true" ocspResponderURL="http://pki1.example.com:8080/ca/ocsp" ocspResponderCertNickname="ocspSigningCert cert-pki-tomcat CA" ocspCacheSize="-1" [root@pki1 ~]# systemctl restart pki-tomcatd@pki-tomcat.service [root@pki1 ~]# pki -d /opt/pki/certdb -P http -p 8080 -h pki1.example.com -c SECret.123 -n 'PKI CA Administrator for Example.Org' client-cert-request UID=CA_AgentE,E=CA_AgentE@example.org,CN=CA_AgentE,OU=IDMQE,C=US --profile caUserCert ----------------------------- Submitted certificate request ----------------------------- Request ID: 21 Type: enrollment Request Status: pending Operation Result: success [root@pki1 ~]# pki -d /opt/pki/certdb -P http -p 8080 -h pki1.example.com -c SECret.123 -n 'PKI CA Administrator for Example.Org' cert-request-review 21 --action approve PKIException: Bad Request [root@pki1 ~]# pki -d /opt/pki/certdb -P http -p 8080 -h pki1.example.com -c SECret.123 -n 'PKI CA Administrator for Example.Org' client-cert-request UID=CA_AgentE,E=CA_AgentE@example.org,CN=CA_AgentE,OU=IDMQE,C=US --profile caUserCert ----------------------------- Submitted certificate request ----------------------------- Request ID: 24 Type: enrollment Request Status: pending Operation Result: success [root@pki1 ~]# pki -d /opt/pki/certdb -P http -p 8080 -h pki1.example.com -c SECret.123 -n 'PKI CA Administrator for Example.Org' cert-request-review 24 --action approve FATAL: SSL alert received: BAD_CERTIFICATE IOException: SocketException cannot write on socket [root@pki1 ~]#
Actual results: getting fail for some of the CI on shared instance
Expected results:it should successful
https://bugzilla.redhat.com/show_bug.cgi?id=1678680
Metadata Update from @cipherboy: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1678680 - Custom field type adjusted to None - Custom field version adjusted to None
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3265
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.