Logs are bit confusing when it says "deleteCert Exception=java.io.IOException: The certificate with the same nickname: NHSM6000:ocspSigningCert cert-NHSM-Test CA has been found on HSM. "
<debug log snip> 1450 [17/Aug/2016:06:17:45][http-bio-22443-exec-3]: ConfigurationUtils: findCertificate: The certificate with the same nickname: NHSM6000:ocspSigningCert cert-NHSM-Test CA has been found on HSM. Please remove it before proceeding. 1451 [17/Aug/2016:06:17:45][http-bio-22443-exec-3]: handleCerts(): deleteCert Exception=java.io.IOException: The certificate with the same nickname: NHSM6000:ocspSigningCert cert-NHSM-Test CA has been found on HSM. Please remove it before proceeding. 1452 [17/Aug/2016:06:17:45][http-bio-22443-exec-3]: handleCerts(): Failed to import user certificate.org.mozilla.jss.crypto.TokenException: PK11_ImportDERCertForKey Unable to import certificate to its token: (-8054) You are attempting to import a cert with the same issuer/serial as an existing cert, but that is not the same cert. </debug log sinp>
What my observation is certs are not removed we just create a new cert with different keyid. So why we are saying deleting certs in logs
Steps to Reproduce:
1. Install a HSM and refer https://bugzilla.redhat.com/show_bug.cgi?id=1289323
Actual results:
It gives an impression that it delete NHSM6000:ocspSigningCert cert-NHSM-Test CA has been found on HSM
Expected results:
Logging should be more user friendly and should say what it does
Fixed in master:
Metadata Update from @gkapoor: - Issue set to the milestone: 10.4.0
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2577
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.