-
Bug
-
Resolution: Not a Bug
-
Major
-
RH362 - RHEL 9.1 0, RH362 - RHEL 7.4 1 20180531
-
None
-
ILT
-
en-US (English)
URL:
Reporter RHNID:
Section: -
Language: en-US (English)
Workaround: Step 5 may fail due to p12 file having both the revoked and new user cert.
Workaround:
Before step 2.
Ssh idm; sudo -i
(use certutil to list certs in the db)
certutil -L -d ~/idmuser01-cert/
(use certutil to view a specific named cert)
certutil -L -d ~/udmuser01-cert/ -n idmuser01
( use certutil to delete that cert - cert only not the key - the cap D option is the one to use)
certutil -D -d ~/idmuser01-cert/ -n idmuser01
(repeat above command until no more certs with that nickname)
(import the valid cert again)
certutil -A -d ~/idmuser01-cert -n idmuser01 -t "P,," -i ~/idmuser01.pem
Now export the database to a p12 file as in step 2.
Description: Note: while most (all?) of my students had this issue last week, I was not able to reproduce this. They were completing all labs from day 1. I started with this chapter on a clean (reset all) setup.
Guided Exercise: Customizing Authentication
step 5 (p162) Log in to the IdM web UI using a certificate.
Students report failing to log in with the certificate. They (more experienced than I with PKI) found it to be related to the contents of the p12 file. When we export the NSS database, there are two certs of the same name included. One has been revoked. The workaround in class was to remove all copies of the cert (but not the key) from the NSS DB, import the valid cert from the pem file, then export a new p12 file. Remove any certs from firefox before importing the new p12 file. This worked fine.
Could they all (6 were actively keeping up with the exercises) have revoked incorrectly? Could there be an END-TO-END conflict?