Issue #3188: Pkiconsole not opening - Server unreachable - dogtagpki

dogtagpki

#3188 Pkiconsole not opening - Server unreachable

Closed: fixed 3 years ago by olelar. Opened 3 years ago by olelar.

Hello,

Description of problem:

I am having trouble getting the pkiconsole to open. After selecting the client certificate that I want to use to authenticate I get the following error:

WARNING: UNTRUSTED ISSUER encountered on 'CN=example.com,OU=pki- 
tomcat,O=EXAMPLE' indicates a non-trusted CA cert 'CN=CA Signing Certificate,OU=pki- 
tomcat,O=EXAMPLE'

Trust this certificate (y/N)? y

java.io.IOException: 400

at com.netscape.admin.certsrv.connection.JSSConnection.readHeader(JSSConnection.java:537)

at com.netscape.admin.certsrv.connection.JSSConnection.initReadResponse(JSSConnection.java:497)

at com.netscape.admin.certsrv.connection.JSSConnection.sendRequest(JSSConnection.java:411)

at com.netscape.admin.certsrv.connection.AdminConnection.processRequest(AdminConnection.java:788)

at com.netscape.admin.certsrv.connection.AdminConnection.sendRequest(AdminConnection.java:681)

at com.netscape.admin.certsrv.connection.AdminConnection.sendRequest(AdminConnection.java:646)

at com.netscape.admin.certsrv.connection.AdminConnection.authType(AdminConnection.java:379)

at com.netscape.admin.certsrv.CMSServerInfo.getAuthType(CMSServerInfo.java:128)

at com.netscape.admin.certsrv.CMSAdmin.run(CMSAdmin.java:543)

at com.netscape.admin.certsrv.CMSAdmin.run(CMSAdmin.java:592)

at com.netscape.admin.certsrv.Console.mainImpl(Console.java:1781)

at com.netscape.admin.certsrv.Console.main(Console.java:1814)

Just before this error is printed to the console there is a GUI popup stating that "the server is unreachable".

Versions that are used

I have tried both building the project from source and using the packages that are available on Fedora 32 by using the dogtag-pki package.

dogtag-pki-10.8.3-1.fc32.x86_64.rpm
dogtag-pki-console-theme-10.8.3-1.fc32.noarch.rpm
dogtag-pki-server-theme-10.8.3-1.fc32.noarch.rpm
pki-base-10.8.3-1.fc32.noarch.rpm
pki-base-java-10.8.3-1.fc32.noarch.rpm
pki-ca-10.8.3-1.fc32.noarch.rpm
pki-console-10.8.3-1.fc32.noarch.rpm
pki-debuginfo-10.8.3-1.fc32.x86_64.rpm
pki-debugsource-10.8.3-1.fc32.x86_64.rpm
pki-javadoc-10.8.3-1.fc32.noarch.rpm
pki-kra-10.8.3-1.fc32.noarch.rpm
pki-ocsp-10.8.3-1.fc32.noarch.rpm
pki-server-10.8.3-1.fc32.noarch.rpm
pki-symkey-10.8.3-1.fc32.x86_64.rpm
pki-symkey-debuginfo-10.8.3-1.fc32.x86_64.rpm
pki-tks-10.8.3-1.fc32.noarch.rpm
pki-tools-10.8.3-1.fc32.x86_64.rpm
pki-tools-debuginfo-10.8.3-1.fc32.x86_64.rpm
pki-tps-10.8.3-1.fc32.x86_64.rpm
pki-tps-debuginfo-10.8.3-1.fc32.x86_64.rpm
python3-pki-10.8.3-1.fc32.noarch.rpm

How reproducable

Always

How to reproduce

Using Fedora 32 VM in VirtualBox. I have also tried this on a server where Fedora 32 is installed with the same result.

1) Either install the packages using yum or build from source as described in the dev guide here: https://github.com/dogtagpki/pki/blob/master/docs/development/Building_PKI.md

2) Install DS as described here: https://www.dogtagpki.org/wiki/Installing_DS

3) Install the CA either using the interactive pkispawn or using the guide here: https://github.com/dogtagpki/pki/blob/master/docs/installation/Installing_CA.md

4) Try to use the pkiconsole as described in the documentation here: https://www.dogtagpki.org/wiki/PKI_Console

Expected result

I am expecting that the console application will open. Not an error that the server is unreachable.

edewata commented 3 years ago

Hi, I'm suspecting the issue was triggered by recent changes in Tomcat. Could you describe what you use pkiconsole for? Maybe there's a workaround using Web UI, PKI CLI, or accessing the server files directly.

Metadata Update from @edewata:
- Custom field component adjusted to None
- Custom field feature adjusted to None
- Custom field origin adjusted to None
- Custom field proposedmilestone adjusted to None
- Custom field proposedpriority adjusted to None
- Custom field reviewer adjusted to None
- Custom field type adjusted to None
- Custom field version adjusted to None

3 years ago

cipherboy commented 3 years ago

This is actually caused by bad HTTP requests formed by pkiconsole. Tomcat is rejecting the requests, causing the 400.

cipherboy commented 3 years ago

Fix: https://github.com/dogtagpki/pki/pull/489

olelar commented 3 years ago

Thank you for providing a fix for this.

Metadata Update from @olelar:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

3 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/3305

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

None

Tags

None

Blocking

None

Depending on

None

Priority

None

Milestone

None

lowhangingfruit

None

reporter

None

rhbz

None

type

None

version

None

keywords

None

estimate

None

feature

None

origin

None

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

None

proposedmilestone

None

dogtagpki

Source Code

#3188 Pkiconsole not opening - Server unreachable Closed: fixed 3 years ago by olelar. Opened 3 years ago by olelar.

Description of problem:

Versions that are used

How reproducable

How to reproduce

Expected result

Metadata

#3188 Pkiconsole not opening - Server unreachable

Closed: fixed 3 years ago by olelar. Opened 3 years ago by olelar.