Hello,
I am having trouble getting the pkiconsole to open. After selecting the client certificate that I want to use to authenticate I get the following error:
WARNING: UNTRUSTED ISSUER encountered on 'CN=example.com,OU=pki- tomcat,O=EXAMPLE' indicates a non-trusted CA cert 'CN=CA Signing Certificate,OU=pki- tomcat,O=EXAMPLE' Trust this certificate (y/N)? y java.io.IOException: 400 at com.netscape.admin.certsrv.connection.JSSConnection.readHeader(JSSConnection.java:537) at com.netscape.admin.certsrv.connection.JSSConnection.initReadResponse(JSSConnection.java:497) at com.netscape.admin.certsrv.connection.JSSConnection.sendRequest(JSSConnection.java:411) at com.netscape.admin.certsrv.connection.AdminConnection.processRequest(AdminConnection.java:788) at com.netscape.admin.certsrv.connection.AdminConnection.sendRequest(AdminConnection.java:681) at com.netscape.admin.certsrv.connection.AdminConnection.sendRequest(AdminConnection.java:646) at com.netscape.admin.certsrv.connection.AdminConnection.authType(AdminConnection.java:379) at com.netscape.admin.certsrv.CMSServerInfo.getAuthType(CMSServerInfo.java:128) at com.netscape.admin.certsrv.CMSAdmin.run(CMSAdmin.java:543) at com.netscape.admin.certsrv.CMSAdmin.run(CMSAdmin.java:592) at com.netscape.admin.certsrv.Console.mainImpl(Console.java:1781) at com.netscape.admin.certsrv.Console.main(Console.java:1814)
Just before this error is printed to the console there is a GUI popup stating that "the server is unreachable".
I have tried both building the project from source and using the packages that are available on Fedora 32 by using the dogtag-pki package.
dogtag-pki-10.8.3-1.fc32.x86_64.rpm dogtag-pki-console-theme-10.8.3-1.fc32.noarch.rpm dogtag-pki-server-theme-10.8.3-1.fc32.noarch.rpm pki-base-10.8.3-1.fc32.noarch.rpm pki-base-java-10.8.3-1.fc32.noarch.rpm pki-ca-10.8.3-1.fc32.noarch.rpm pki-console-10.8.3-1.fc32.noarch.rpm pki-debuginfo-10.8.3-1.fc32.x86_64.rpm pki-debugsource-10.8.3-1.fc32.x86_64.rpm pki-javadoc-10.8.3-1.fc32.noarch.rpm pki-kra-10.8.3-1.fc32.noarch.rpm pki-ocsp-10.8.3-1.fc32.noarch.rpm pki-server-10.8.3-1.fc32.noarch.rpm pki-symkey-10.8.3-1.fc32.x86_64.rpm pki-symkey-debuginfo-10.8.3-1.fc32.x86_64.rpm pki-tks-10.8.3-1.fc32.noarch.rpm pki-tools-10.8.3-1.fc32.x86_64.rpm pki-tools-debuginfo-10.8.3-1.fc32.x86_64.rpm pki-tps-10.8.3-1.fc32.x86_64.rpm pki-tps-debuginfo-10.8.3-1.fc32.x86_64.rpm python3-pki-10.8.3-1.fc32.noarch.rpm
Always
Using Fedora 32 VM in VirtualBox. I have also tried this on a server where Fedora 32 is installed with the same result.
1) Either install the packages using yum or build from source as described in the dev guide here: https://github.com/dogtagpki/pki/blob/master/docs/development/Building_PKI.md
2) Install DS as described here: https://www.dogtagpki.org/wiki/Installing_DS
3) Install the CA either using the interactive pkispawn or using the guide here: https://github.com/dogtagpki/pki/blob/master/docs/installation/Installing_CA.md
4) Try to use the pkiconsole as described in the documentation here: https://www.dogtagpki.org/wiki/PKI_Console
I am expecting that the console application will open. Not an error that the server is unreachable.
Hi, I'm suspecting the issue was triggered by recent changes in Tomcat. Could you describe what you use pkiconsole for? Maybe there's a workaround using Web UI, PKI CLI, or accessing the server files directly.
Metadata Update from @edewata: - Custom field component adjusted to None - Custom field feature adjusted to None - Custom field origin adjusted to None - Custom field proposedmilestone adjusted to None - Custom field proposedpriority adjusted to None - Custom field reviewer adjusted to None - Custom field type adjusted to None - Custom field version adjusted to None
This is actually caused by bad HTTP requests formed by pkiconsole. Tomcat is rejecting the requests, causing the 400.
Fix: https://github.com/dogtagpki/pki/pull/489
Thank you for providing a fix for this.
Metadata Update from @olelar: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3305
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.