[Pki-devel] [PATCH] Fixed adminEnroll servlet browser import issue
John Magne
jmagne at redhat.com
Wed May 4 21:45:38 UTC 2016
I tested myself by pointing to mharmsen's system, seems to work fine.
Conditional ACK on the patch, just remove some of the entries in we were not sure
you needed. We tested with just the bare minimum and it works.
----- Original Message -----
From: "Matthew Harmsen" <mharmsen at redhat.com>
To: "pki-devel" <pki-devel at redhat.com>
Sent: Tuesday, May 3, 2016 11:42:02 AM
Subject: [Pki-devel] [PATCH] Fixed adminEnroll servlet browser import issue
Please review the attached patch which addresses:
* PKI TRAC Ticket #1669 - adminEnroll servlet EnrollSuccess.template succeeds but fails on import into browser
This was tested on Fedora 23 by doing the following:
* installed and configured a CA
* Successfully tested enrollment in a browser after importing the original Admin certificate
* systemctl stop pki-tomcatd at pki-tomcat.service
* edited /etc/pki/pki-tomcat/ca/CS.cfg to set:
* ca.Policy.enable=true
* cmsgateway.enableAdminEnroll=true
* systemctl start pki-tomcatd at pki-tomcat.service
* created a new Firefox profile
* traversed to the EE page, went to the Retrieval tab, imported the CA cert, and trusted it
* within this new profile, traversed to https://pki.example.com:8443/ca/admin/ca/adminEnroll.html , and filled out the form
* with this patch installed, it should generate a new admin certificate and import it successfully into this new profile -- to check, attempt to use the imported admin certificate to traverse to the Agents page
_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list