This has been done for the 8.1 branch, but needs to be done for dogtag UI. This includes a cleanup of the CSS files, which contain lots of missing images, and declarations for objects that are no longer used.
Use firebug to confirm no 404's.
Patch to address missing UI components 20140819-UI-scrub.patch
TESTING the attached patch:
(1) Install (but do not configure) a CA instance using something similar to the following:
# script -c 'pkispawn -s CA -f ca-gui.cfg -vvv' where 'ca-gui.cfg' contains: [DEFAULT] pki_admin_password=XXXXXXXX pki_client_pkcs12_password=XXXXXXXX pki_client_database_purge=False pki_skip_configuration=True
(2) Create a new profile in a Firefox browser to configure this instance:
# firefox -ProfileManager -no-remote &
(3) Configure Firebug for this new Firefox profile:
Open the Firefox browser using the newly created profile: * type 'http://getfirebug.com/downloads' * select the Current stable build * press the button labeled 'Add to Firefox' * press the 'Install Now' button in the pop-up dialog On the Firefox browser, use the newly installed 'firebug' pull down menu: * 'Show Error Count' should be checked * Check 'On for All Web Pages' In the newly opened 'firebug' area of the Firefox browser: * Select Console * press Enable * Select HTML (should already be enabled) * Select CSS (should already be enabled) * Select Script * press Enable * Select DOM (should already be enabled) * Select Net * press Enable * Select Cookies * press Enable Reselect 'Console' in the 'firebug' area of the Firefox browser: * Select Console * Make certain that 'All' is selected * Make certain that 'Persist' is selected * Press 'Clear' as desired during the use of 'firebug'
(4) Configure the CA instance and test it within this Firefox browser profile utilizing Firebug.
**CAVEATS:** - The following is Firebug warning (yellow) is expected behavior on newer versions of Firefox: CONFIGURATION PANEL: Import CA's Certificate Chain FIREBUG CONSOLE: (red - error) Blocked loading mixed active content "http://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert" ...p://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=applic... FIREFOX BROWSER: Click on the 'shield' icon in the URL line and select 'Disable protection on this page' from the pull down menu; follow the dialog boxes to resend the page, and mark all three trust checkboxes in the pop-up trust dialog as per usual. FIREBUG CONSOLE: (yellow - warning) ! Loading mixed (insecure) active content on a secure page "http://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert" ...p://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=applic... wizard (line 210) - The following Firebug 404 error (or something similar) generally shows up when 'View Server Statistics' is selected on the CA AGENT PAGE (https://pkiserver.example.com:8443/ca/agent/ca/getStats) yet this variable appears to be defined in the referenced javascript, and everything appears to still work: FIREBUG CONSOLE: (red - error) TypeError: result.recordSet[i] is undefined if (result.recordSet[i].name.charAt(0) == '-') { getStats (line 160)
(5) Install (but do not configure) a KRA instance using something similar to the following:
# script -c 'pkispawn -s KRA -f kra-gui.cfg -vvv' where 'kra-gui.cfg' contains: [DEFAULT] pki_instance_name=pki-tomcat-kra pki_admin_password=XXXXXXXX pki_client_database_password=XXXXXXXX pki_client_pkcs12_password=XXXXXXXX pki_ajp_port=18009 pki_http_port=18080 pki_https_port=18443 pki_tomcat_server_port=18005 pki_client_database_purge=False pki_skip_configuration=True
(6) Create another new profile in a Firefox browser to configure this instance:
(7) Configure Firebug for this new Firefox profile following the steps outlined in step (3) above.
(8) Configure the KRA instance and test it within this Firefox browser profile utilizing Firebug.
**CAVEATS:** - The following is Firebug warning (yellow) is expected behavior on newer versions of Firefox: CONFIGURATION PANEL: Import CA's Certificate Chain FIREBUG CONSOLE: (red - error) Blocked loading mixed active content "http://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert" ...p://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=applic... FIREFOX BROWSER: Click on the 'shield' icon in the URL line and select 'Disable protection on this page' from the pull down menu; follow the dialog boxes to resend the page, and mark all three trust checkboxes in the pop-up trust dialog as per usual. FIREBUG CONSOLE: (yellow - warning) ! Loading mixed (insecure) active content on a secure page "http://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=application/x-x509-ca-cert" ...p://server.example.com:8080/ca/ee/ca/getCAChain?op=download&mimeType=applic... wizard (line 210)
(9)-(12) Follow steps (4)-(8) utilizing an OCSP instance instead of a KRA instance. Specify a different instance name (e. g. - pki-tomcat-ocsp), and utilize unique port numbers (e. g. - 28009, 28080, 28443, and 28005).
(13)-(16) Follow steps (4)-(8) utilizing a TKS instance instead of a KRA instance. Specify a different instance name (e. g. - pki-tomcat-tks), and utilize unique port numbers (e. g. - 38009, 38080, 38443, and 38005).
EXPECTED RESULTS:
* Prior to patch, numerous 404 errors will be displayed by Firebug. * After application of the patch, only the specified CAVEATS should occur.
Checked into 'master':
Metadata Update from @vakwetu: - Issue assigned to mharmsen - Issue set to the milestone: 10.2 - 08/14 (August)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1137
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.