<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Please review the attached patch which addresses:<br>
<ul>
<li><a href="https://fedorahosted.org/pki/ticket/1669">PKI TRAC
Ticket #1669 - adminEnroll servlet EnrollSuccess.template
succeeds but fails on import into browser</a></li>
</ul>
This was tested on Fedora 23 by doing the following:<br>
<ul>
<li>installed and configured a CA</li>
<li>Successfully tested enrollment in a browser after importing
the original Admin certificate</li>
<li>systemctl stop <a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a></li>
<li>edited /etc/pki/pki-tomcat/ca/CS.cfg to set:</li>
<ul>
<li>ca.Policy.enable=true</li>
<li>Â cmsgateway.enableAdminEnroll=true</li>
</ul>
<li>systemctl start <a class="moz-txt-link-abbreviated" href="mailto:pki-tomcatd@pki-tomcat.service">pki-tomcatd@pki-tomcat.service</a></li>
<li>created a new Firefox profile</li>
<li>traversed to the EE page, went to the Retrieval tab, imported
the CA cert, and trusted it</li>
<li>within this new profile, traversed to
<a class="moz-txt-link-freetext" href="https://pki.example.com:8443/ca/admin/ca/adminEnroll.html">https://pki.example.com:8443/ca/admin/ca/adminEnroll.html</a>, and
filled out the form</li>
<li>with this patch installed, it should generate a new admin
certificate and import it successfully into this new profile --
to check, attempt to use the imported admin certificate to
traverse to the Agents page<br>
</li>
</ul>
</body>
</html>