trying to figure out why the EnrollSuccess.template fails in adminEnroll with error in the web browser:
re-enroll the admin cert https://ca1.example.com:8443/ca/admin/ca/adminEnroll.html
succeeds before redirecting to
https://ca1.example.com:8443/ca/getAdminCertBySerial?serialNumber=10&importCert=true
HTTP Status 404 - /ca/getAdminCertBySerial type Status Report message /ca/getAdminCertBySerial description The requested resource is not available
Steps to Reproduce:
1. have a CA up and running 2. systemctl stop pki-tomcatd@pki-tomcat.service 3. edit /etc/pki/pki-tomcat/ca/CS.cfg to set: ca.Policy.enable=true cmsgateway.enableAdminEnroll=true 4. systemctl start pki-tomcatd@pki-tomcat.service 5. re-enroll the admin cert from the browser: https://pki.example.com:8443/ca/admin/ca/adminEnroll.html
Additional Information:
# tail /var/log/pki/pki-tomcat/ca/system 0.Thread-46 - [22/Oct/2015:10:51:30 MDT] [8] [3] Publishing: Could not publish certificate sserial number 0x10. Error Failed to publish using rule: No rules enabled. # tail /var/log/pki/pki-tomcat/ca/transactions 0.http-bio-8443-exec-22 - [22/Oct/2015:10:51:30 MDT] [20] [1] Enrollment request reqID 16 fromAgent agentID: caadmin authenticated by passwdUserDBAuthMgr is completed. DN requested: CN=CS Administrator 20151022,UID=caadmin,C=US cert issued serial number: 0x10 time: 1548 0.http-bio-8443-exec-22 - [22/Oct/2015:10:51:30 MDT] [11] [1] Admin UID: caadmin added cert for User UID: caadmin. cert DN: CN=CS Administrator 20151022,UID=caadmin,C=US serial number: 0x10 there is no useful detail in the debug log As a workaround, the Retrieval tab of the EE interface can still be used from the browser to import the newly minted Admin Certificate into the browser.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1179514 (Red Hat Certificate System)
Per CS/DS meeting of 11/02/2015: 10.3
Closed as WONT FIX for RHCS 8.x version of product.
Checked into master:
To test this patch:
This was tested on Fedora 23 by doing the following:
ca.Policy.enable=true cmsgateway.enableAdminEnroll=true
Per Bug Triage of 05/05/2016: 10.3.0
The process to restore admin access could be simplified in ticket #2260.
Metadata Update from @msauton: - Issue assigned to mharmsen - Issue set to the milestone: 10.3.1
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2228
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.