Unable to submit request using profile caAgentFileSigning

[pki-bot]

This issue was migrated from Pagure Issue #1238. Originally filed by mharmsen (@mharmsen) on 2015-01-13 02:24:46:

• Assigned to nobody
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1175269

---

Ticket was cloned from Red Hat Bugzilla (product Red Hat Certificate System): Bug 1175269

Created attachment 970072
CA Debug logs

Description of problem:

unable to submit a successful request from Profile "Agent Authenticated File
signing". When submitting the request it fails with below error:

Sorry your request has been rejected. The reason is "Request Rejected-{0}"

Version-Release number of selected component (if applicable):

dogtag-pki-10.2.0-3
pki-kra-10.2.0-3
pki-ocsp-10.2.0-3
pki-console-10.2.0-1
pki-ca-10.2.0-3
dogtag-pki-server-theme-10.2.0-2
pki-tools-10.2.0-3
pki-javadoc-10.2.0-3
dogtag-pki-console-theme-10.2.0-2
pki-server-10.2.0-3
pki-symkey-10.2.0-3
pki-tks-10.2.0-3
krb5-pkinit-1.12.2-10
pki-base-10.2.0-3
pki-tps-10.2.0-3
firefox-31.3.0-3
nss-3.16.2.3-2

How reproducible:

Steps to Reproduce:
1. Install CA subsystem
2. From EE , select Agent Authenticated File signing
3. In the form specify a valid file "file:///tmp/test
4. Submit the request

Actual results:

Sorry your request has been rejected. The reason is "Request Rejected-{0}"

Expected results:

The request should be accepted and valid cert should be issued.

Additional info:

In CA Debug logs i see below messages:
<snip>

[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: BasicProfile: validate start on
setId=serverCertSet
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate
start
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate
start
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint: validate
cert subject
=CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a94
70387bc54bc3e970543107f59b02aeff9e5
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SubjectNameConstraint:
validate() - sn500 dname =
CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a947
0387bc54bc3e970543107f59b02aeff9e5
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: CertRequestSubmitter: submit
Invalid Subject Name
CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013bf0d261db6a947
0387bc54bc3e970543107f59b02aeff9e5 [ Invalid fields:  Common Name  ]
[15/Dec/2014:08:05:46][http-bio-30042-exec-4]: SignedAuditEventFactory:
create()
message=[AuditEvent=CERT_REQUEST_PROCESSED][SubjectID=caadmin][Outcome=Failure]
[ReqID=162][InfoName=rejectReason][InfoValue=Request Rejected - Invalid
Subject Name CN=(Name)(Text)(Size)11(DigestType)SHA256(Digest)7ac52ca26b49f013b
f0d261db6a9470387bc54bc3e970543107f59b02aeff9e5 [ Invalid fields:
Common Name  ] ] certificate request processed

</snip>

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-05-07 01:14:03

Per Bug Triage of 05/05/2016: 10.4

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-02-27 14:08:56

Metadata Update from @mharmsen:

• Issue set to the milestone: UNTRIAGED

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-09-01 12:25:05

Metadata Update from @mharmsen:

• Custom field feature adjusted to None
• Custom field proposedmilestone adjusted to None
• Custom field proposedpriority adjusted to None
• Custom field reviewer adjusted to None
• Custom field version adjusted to None
• Issue close_status updated to: None
• Issue set to the milestone: FUTURE (was: UNTRIAGED)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2018-04-13 14:56:00

Per 10.5.x/10.6 Triage: FUTURE

mharmsen: as this bug is quite old, it needs to be re-verified with more recent bits to see if it is still a problem