This patch
addresses the issue that with the previous patch, the regular
(non-external
and non-existing) CA installation fails.
https://fedorahosted.org/pki/ticket/2389
thanks,
Christina
>From 1ddd1db04baa8773d4fc17562ec92e66797927fe Mon Sep 17 00:00:00 2001
From: Christina Fu <c...@dhcp-16-189.sjc.redhat.com>
Date: Mon, 11 Jul 2016 17:51:57 -0700
Subject: [PATCH] Ticket #2389 fix for regular CA installation This patch
addresses the issue that with the previous patch, the regular (non-external
and non-existing) CA installation fails.
---
.../src/com/netscape/cms/servlet/csadmin/CertUtil.java | 17 +++++++++++------
1 file changed, 11 insertions(+), 6 deletions(-)
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
index 495e4c0af7918a3406d399ea7503df379d273f88..ed762def6f293dc2b0fa328938fab40373a442a7 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/CertUtil.java
@@ -535,9 +535,14 @@ public class CertUtil {
CMS.debug("Creating local request exception:" + e.toString());
}
- // installAdjustValidity tells ValidityDefault to adjust the
- // notAfter value to that of the CA's signing cert if needed
- req.setExtData("installAdjustValidity", "true");
+ if (!certTag.equals("signing")) {
+ /*
+ * (applies to non-CA-signing cert only)
+ * installAdjustValidity tells ValidityDefault to adjust the
+ * notAfter value to that of the CA's signing cert if needed
+ */
+ req.setExtData("installAdjustValidity", "true");
+ }
processor.populate(req, info);
PrivateKey caPrik = null;
@@ -554,11 +559,11 @@ public class CertUtil {
}
if (caPrik == null) {
- CMS.debug("CertUtil::createSelfSignedCert() - "
+ CMS.debug("CertUtil::createLocalCert() - "
+ "CA private key is null!");
throw new IOException("CA private key is null");
} else {
- CMS.debug("CertUtil createSelfSignedCert: got CA private key");
+ CMS.debug("CertUtil createLocalCert: got CA private key");
}
String keyAlgo = x509key.getAlgorithm();
@@ -586,7 +591,7 @@ public class CertUtil {
}
if (cert != null) {
- CMS.debug("CertUtil createSelfSignedCert: got cert signed");
+ CMS.debug("CertUtil createLocalCert: got cert signed");
}
} catch (IOException e) {
--
2.7.4
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel