Description of problem: SSCEP enroll failed with ClassNotFoundException for different hashing algorithm i.e sha512 and sha256
Version-Release number of selected component (if applicable): PKI Command-Line Interface 10.7.3-1.module+el8.1.0+3964+500fc130
How reproducible: Always
Steps to Reproduce: 1. Install CA
3.Provide execute permission for all the files: # chmod +x sscep.conf sscep mkrequest
# chmod +x sscep.conf sscep mkrequest
/var/lib/pki/<ca_instance>/conf/ca/flatfile.txt
restart the instance: systemctl restart <instance>
Execute the below commands to enroll the certificate with sha512:
./mkrequest -ip <ip_address> 1212 sha512 DIGEST=-sha512 Generating RSA private key, 1024 bit long modulus (2 primes) ........................+++++ .......................................+++++ e is 65537 (0x010001) ./sscep getca -u http://pki1.example.com:20080/ca/cgi-bin/pkiclient.exe -c ca.crt ./sscep: starting sscep, version 20081211 ./sscep: hostname: pki1.example.com ./sscep: directory: ca/cgi-bin/pkiclient.exe ./sscep: port: 20080 ./sscep: SCEP_OPERATION_GETCA ./sscep: requesting CA certificate ./sscep: scep msg: GET /ca/cgi-bin/pkiclient.exe?operation=GetCACert&message=CAIdentifier HTTP/1.0 ./sscep: server returned status code 200 ./sscep: MIME header: application/x-x509-ca-cert ./sscep: valid response from server ./sscep: MD5 fingerprint: 60:DF:DB:70:57:B2:FB:5E:B0:2D:2E:11:C6:2E:24:F1 ./sscep: CA certificate written as ca.crt ./sscep enroll -f sscep.conf -u http://pki1.example.com:20080/ca/cgi-bin/pkiclient.exe -c ca.crt -k local.key -r local.csr -l cert.crt -S sha512 -d
Actual results:
It should enroll the certificate with the sha512 algorithm
Expected results:
sscep enroll will fail with below exception:
./sscep: server returned status code 500 ./sscep: mime_err: HTTP/1.1 500 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 3389 Date: Mon, 18 Nov 2019 13:12:57 GMT Connection: close <!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> Couldn't handle CEP request (PKCSReq) - Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException: com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException: Couldn't handle CEP request (PKCSReq) - Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException: com.netscape.cms.servlet.cert.scep.ChallengePassword com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CRSEnrollment.java:397) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:549) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170) java.security.AccessController.doPrivileged(Native Method) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:549) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314) org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253) </pre><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/9.0.7</h3></body></html> ./sscep: wrong (or missing) MIME content type ./sscep: error while sending message
Additional info:
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/3284
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.