From c0b8a21cbf8592d75fdd42a4094edf4cb1609cb5 Mon Sep 17 00:00:00 2001
From: Mark Reynolds <mreynolds@redhat.com>
Date: Thu, 11 May 2023 10:06:26 -0400
Subject: [PATCH] Issue 5768 - CLI/UI - cert checks are too strict, and other
 issues

Description:

The certificate type checks for CA/server break if there are no certificate
extensions set (use openssl in that case to gather the info instead).
dscontainter needed to be updated for new cert checks, and UI adding certs
improvements.

relates: https://github.com/389ds/389-ds-base/issues/5768

Reviewed by: spichugi(Thanks!)
---
 .../lib/security/certificateManagement.jsx    |  71 ++++-----
 .../src/lib/security/securityModals.jsx       | 118 +++++++--------
 .../src/lib/security/securityTables.jsx       | 139 +++++++++++-------
 src/lib389/cli/dscontainer                    |   9 +-
 src/lib389/lib389/nss_ssl.py                  |   2 -
 src/lib389/lib389/utils.py                    |  46 ++++--
 6 files changed, 213 insertions(+), 172 deletions(-)

diff --git a/src/cockpit/389-console/src/lib/security/certificateManagement.jsx b/src/cockpit/389-console/src/lib/security/certificateManagement.jsx
index a52250a55b..ce885b1cd8 100644
--- a/src/cockpit/389-console/src/lib/security/certificateManagement.jsx
+++ b/src/cockpit/389-console/src/lib/security/certificateManagement.jsx
@@ -48,7 +48,6 @@ export class CertificateManagement extends React.Component {
             showExportModal: false,
             certName: "",
             certFile: "",
-            certText: "",
             csrContent: "",
             csrName: "",
             csrAltNames: [],
@@ -74,9 +73,8 @@ export class CertificateManagement extends React.Component {
             exportDERFormat: false,
             exportFileName: "",
             certRadioFile: false,
-            certRadioText: false,
-            certRadioSelect: true,
-            certRadioUpload: false,
+            certRadioSelect: false,
+            certRadioUpload: true,
             availCertNames: [],
             selectCertName: "",
             isSelectCertOpen: false,
@@ -95,8 +93,8 @@ export class CertificateManagement extends React.Component {
         };
         this.handleTextOrDataChange = (value) => {
             this.setState({
-                uploadValue: value
-            });
+                uploadValue: value.trim()
+            }, () => this.validateCertText());
         };
         this.handleFileReadStarted = () => {
             this.setState({
@@ -110,8 +108,8 @@ export class CertificateManagement extends React.Component {
         };
         this.handleClear = () => {
             this.setState({
-                certText: "",
-                uploadFile: "",
+                uploadValue: "",
+                uploadFileName: "",
                 uploadIsRejected: false,
             });
         };
@@ -212,15 +210,13 @@ export class CertificateManagement extends React.Component {
             showAddModal: true,
             certFile: "",
             certName: "",
-            certText: "",
             uploadFile: "",
             uploadValue: "",
             uploadIsRejected: false,
             uploadIsLoading: false,
             certRadioFile: false,
-            certRadioText: false,
-            certRadioSelect: true,
-            certRadioUpload: false,
+            certRadioSelect: false,
+            certRadioUpload: true,
             isSelectCertOpen: false,
             modalSpinning: false,
         });
@@ -237,15 +233,13 @@ export class CertificateManagement extends React.Component {
             showAddCAModal: true,
             certFile: "",
             certName: "",
-            certText: "",
             uploadFile: "",
             uploadValue: "",
             uploadIsRejected: false,
             uploadIsLoading: false,
             certRadioFile: false,
-            certRadioText: false,
-            certRadioSelect: true,
-            certRadioUpload: false,
+            certRadioSelect: false,
+            certRadioUpload: true,
             isSelectCertOpen: false,
             modalSpinning: false,
         });
@@ -260,20 +254,17 @@ export class CertificateManagement extends React.Component {
     handleRadioChange(_, e) {
         // Handle the add cert options
         let certRadioFile = false;
-        let certRadioText = false;
+
         let certRadioSelect = false;
         let certRadioUpload = false;
         if (e.target.id === "certRadioFile") {
             certRadioFile = true;
-        } else if (e.target.id === "certRadioText") {
-            certRadioText = true;
         } else if (e.target.id === "certRadioSelect") {
             certRadioSelect = true;
         } else if (e.target.id === "certRadioUpload") {
             certRadioUpload = true;
         }
         this.setState({
-            certRadioText,
             certRadioFile,
             certRadioSelect,
             certRadioUpload
@@ -468,10 +459,10 @@ export class CertificateManagement extends React.Component {
             certType = "ca-certificate";
         }
 
-        if ((this.state.certRadioText && this.state.certText !== "") || (this.state.certRadioUpload && this.state.uploadValue)) {
-            // Certificate was copied and pasted.  Need to create a file for import
-            const certFile = this.props.certDir + "/" + this.state.certName + ".tmp";
-            const certText = this.state.certRadioUpload ? this.state.uploadValue : this.state.certText;
+        if (this.state.certRadioUpload && this.state.uploadValue) {
+            // Certificate was copied and pasted.  Need to create a tmp file for import
+            const certFile = this.props.certDir + "/tmp-cert-" + Date.now() + ".tmp";
+            const certText = this.state.uploadValue;
             const create_cert_cmd = [
                 '/bin/sh', '-c',
                 '/usr/bin/echo -e \'' + certText  + '\' > ' + certFile
@@ -919,18 +910,17 @@ export class CertificateManagement extends React.Component {
                 });
     }
 
-    validateCertText (id) {
-        if (id === "certText" && this.state.certText !== "") {
-            if (!this.state.certText.startsWith("-----BEGIN CERTIFICATE-----") ||
-                !this.state.certText.endsWith("-----END CERTIFICATE-----")) {
-                this.setState({
-                    badCertText: true
-                });
-            } else {
-                this.setState({
-                    badCertText: false
-                });
-            }
+    validateCertText () {
+        const value = this.state.uploadValue;
+        if (!value.startsWith("-----BEGIN CERTIFICATE-----") ||
+            !value.endsWith("-----END CERTIFICATE-----")) {
+            this.setState({
+                badCertText: true
+            });
+        } else {
+            this.setState({
+                badCertText: false
+            });
         }
     }
 
@@ -946,7 +936,7 @@ export class CertificateManagement extends React.Component {
         this.setState({
             [e.target.id]: value,
             errObj: errObj
-        }, () => { this.validateCertText(e.target.id) });
+        });
     }
 
     handleCSRChange (e) {
@@ -1261,6 +1251,7 @@ export class CertificateManagement extends React.Component {
                             />
                             <Button
                                 variant="primary"
+                                className="ds-margin-top-lg"
                                 onClick={() => {
                                     this.showAddCAModal();
                                 }}
@@ -1280,6 +1271,7 @@ export class CertificateManagement extends React.Component {
                             />
                             <Button
                                 variant="primary"
+                                className="ds-margin-top-lg"
                                 onClick={() => {
                                     this.showAddModal();
                                 }}
@@ -1298,6 +1290,7 @@ export class CertificateManagement extends React.Component {
                             />
                             <Button
                                 variant="primary"
+                                className="ds-margin-top-lg"
                                 onClick={() => {
                                     this.showAddCSRModal();
                                 }}
@@ -1347,7 +1340,6 @@ export class CertificateManagement extends React.Component {
                     handleChange={this.handleChange}
                     saveHandler={this.addCert}
                     spinning={this.state.modalSpinning}
-                    certText={this.state.certText}
                     certFile={this.state.certFile}
                     certName={this.state.certName}
                     certNames={this.state.availCertNames}
@@ -1355,7 +1347,6 @@ export class CertificateManagement extends React.Component {
                     isSelectCertOpen={this.state.isSelectCertOpen}
                     handleCertSelect={this.handleCertSelect}
                     certRadioFile={this.state.certRadioFile}
-                    certRadioText={this.state.certRadioText}
                     certRadioSelect={this.state.certRadioSelect}
                     certRadioUpload={this.state.certRadioUpload}
                     handleRadioChange={this.handleRadioChange}
@@ -1378,7 +1369,6 @@ export class CertificateManagement extends React.Component {
                     handleChange={this.handleChange}
                     saveHandler={this.addCert}
                     spinning={this.state.modalSpinning}
-                    certText={this.state.certText}
                     certFile={this.state.certFile}
                     certName={this.state.certName}
                     certNames={this.state.availCertNames}
@@ -1386,7 +1376,6 @@ export class CertificateManagement extends React.Component {
                     isSelectCertOpen={this.state.isSelectCertOpen}
                     handleCertSelect={this.handleCertSelect}
                     certRadioFile={this.state.certRadioFile}
-                    certRadioText={this.state.certRadioText}
                     certRadioSelect={this.state.certRadioSelect}
                     certRadioUpload={this.state.certRadioUpload}
                     handleRadioChange={this.handleRadioChange}
diff --git a/src/cockpit/389-console/src/lib/security/securityModals.jsx b/src/cockpit/389-console/src/lib/security/securityModals.jsx
index b5873274b0..b760c6ac94 100644
--- a/src/cockpit/389-console/src/lib/security/securityModals.jsx
+++ b/src/cockpit/389-console/src/lib/security/securityModals.jsx
@@ -133,7 +133,6 @@ export class SecurityAddCertModal extends React.Component {
             certName,
             certFile,
             certText,
-            certRadioText,
             certRadioFile,
             certRadioSelect,
             certRadioUpload,
@@ -179,10 +178,11 @@ export class SecurityAddCertModal extends React.Component {
                         </div>
                       }
                 >
-                    <div>Certificate Text <OutlinedQuestionCircleIcon /></div>
+                    <div>Upload PEM File, or Certificate Text <OutlinedQuestionCircleIcon /></div>
                 </Tooltip>
             </div>;
 
+
         let title = "Add Server Certificate";
         let desc = "Add a Server Certificate to the security database.";
         if (isCACert) {
@@ -190,6 +190,11 @@ export class SecurityAddCertModal extends React.Component {
             desc = "Add a CA Certificate to the security database.";
         }
 
+        let selectValidated = ValidatedOptions.default;
+        if (certRadioSelect && certNames.length === 0) {
+            selectValidated = ValidatedOptions.error;
+        }
+
         return (
             <Modal
                 variant={ModalVariant.medium}
@@ -207,9 +212,10 @@ export class SecurityAddCertModal extends React.Component {
                         isLoading={spinning}
                         spinnerAriaValueText={spinning ? "Saving" : undefined}
                         {...extraPrimaryProps}
-                        isDisabled={certName === "" || (certRadioFile && certFile === "") ||
-                            (certRadioText && (certText === "" || badCertText)) ||
-                            (certRadioUpload && uploadValue === "")
+                        isDisabled={
+                            certName === "" || (certRadioFile && certFile === "") ||
+                            (certRadioUpload && (uploadValue === "" || badCertText)) ||
+                            (certRadioSelect && certNames.length === 0)
                         }
                     >
                         {saveBtnName}
@@ -247,9 +253,45 @@ export class SecurityAddCertModal extends React.Component {
                     </Grid>
                     <Grid className="ds-margin-top" >
                         <GridItem span={12}>
+                            <div title="Upload the contents of a PEM file from the client's system.">
+                                <Radio
+                                    id="certRadioUpload"
+                                    label={certTextLabel}
+                                    name="certChoice"
+                                    onChange={handleRadioChange}
+                                    isChecked={certRadioUpload}
+                                />
+                            </div>
+                            <div className={certRadioUpload ? "ds-margin-top ds-radio-indent" : "ds-margin-top ds-radio-indent ds-disabled"}>
+                                <FileUpload
+                                    id="uploadPEMFile"
+                                    type="text"
+                                    value={uploadValue}
+                                    filename={uploadFileName}
+                                    filenamePlaceholder="Drag and drop a file, or upload one"
+                                    onFileInputChange={handleFileInputChange}
+                                    onDataChange={handleTextOrDataChange}
+                                    onTextChange={handleTextOrDataChange}
+                                    onReadStarted={handleFileReadStarted}
+                                    onReadFinished={handleFileReadFinished}
+                                    onClearClick={handleClear}
+                                    isLoading={uploadIsLoading}
+                                    dropzoneProps={{
+                                        accept: '.pem',
+                                        onDropRejected: handleFileRejected
+                                    }}
+                                    validated={
+                                        uploadIsRejected ||
+                                        (certRadioUpload && uploadValue === "") ||
+                                        (certRadioUpload && badCertText) ? 'error' : 'default'
+                                    }
+                                    browseButtonText="Upload PEM File"
+                                />
+                            </div>
                             <div title="Choose a cerificate from the server's certificate directory">
                                 <Radio
                                     id="certRadioSelect"
+                                    className="ds-margin-top-lg"
                                     label="Choose Cerificate From Server"
                                     name="certChoice"
                                     isChecked={certRadioSelect}
@@ -263,8 +305,18 @@ export class SecurityAddCertModal extends React.Component {
                                     onChange={handleCertSelect}
                                     aria-label="FormSelect Input"
                                     className="ds-cert-select"
+                                    validated={selectValidated}
                                 >
-                                    {certNames.map((option, index) => (
+                                    {certNames.length === 0 &&
+                                        <FormSelectOption
+                                            key="none"
+                                            value=""
+                                            label="No certificates present"
+                                            isDisabled
+                                            isPlaceholder
+                                        />
+                                    }
+                                    {certNames.length > 0 && certNames.map((option, index) => (
                                         <FormSelectOption
                                             key={index}
                                             value={option}
@@ -296,60 +348,8 @@ export class SecurityAddCertModal extends React.Component {
                                     validated={certRadioFile && certFile === "" ? ValidatedOptions.error : ValidatedOptions.default}
                                 />
                             </div>
-                            <Radio
-                                id="certRadioText"
-                                className="ds-margin-top-lg"
-                                label={certTextLabel}
-                                name="certChoice"
-                                onChange={handleRadioChange}
-                                isChecked={certRadioText}
-                            />
-                            <div className={certRadioText ? "ds-margin-top ds-radio-indent" : "ds-margin-top ds-radio-indent ds-disabled"}>
-                                <TextArea
-                                    id="certText"
-                                    value={certText}
-                                    onChange={(value, e) => {
-                                        handleChange(e);
-                                    }}
-                                    aria-label="cert text input"
-                                    validated={certRadioText && (certText === "" || badCertText) ? ValidatedOptions.error : ValidatedOptions.default}
-                                />
-                            </div>
-                            <div title="Upload the contents of a PEM file from the client system.">
-                                <Radio
-                                    id="certRadioUpload"
-                                    className="ds-margin-top-lg"
-                                    label="Upload Local PEM File"
-                                    name="certChoice"
-                                    onChange={handleRadioChange}
-                                    isChecked={certRadioUpload}
-                                />
-                            </div>
-                            <div className={certRadioUpload ? "ds-margin-top ds-radio-indent" : "ds-margin-top ds-radio-indent ds-disabled"}>
-                                <FileUpload
-                                    id="uploadPEMFile"
-                                    type="text"
-                                    value={uploadValue}
-                                    filename={uploadFileName}
-                                    filenamePlaceholder="Drag and drop a file, or upload one"
-                                    onFileInputChange={handleFileInputChange}
-                                    onDataChange={handleTextOrDataChange}
-                                    onTextChange={handleTextOrDataChange}
-                                    onReadStarted={handleFileReadStarted}
-                                    onReadFinished={handleFileReadFinished}
-                                    onClearClick={handleClear}
-                                    isLoading={uploadIsLoading}
-                                    dropzoneProps={{
-                                        accept: '.pem',
-                                        onDropRejected: handleFileRejected
-                                    }}
-                                    validated={uploadIsRejected || (certRadioUpload && uploadValue === "") ? 'error' : 'default'}
-                                    browseButtonText="Upload PEM File"
-                                />
-                            </div>
                         </GridItem>
                     </Grid>
-
                 </Form>
             </Modal>
         );
@@ -411,7 +411,7 @@ export class SecurityAddCSRModal extends React.Component {
                         isLoading={spinning}
                         spinnerAriaValueText={spinning ? "Saving" : undefined}
                         {...extraPrimaryProps}
-                        isDisabled={error.csrName || error.csrSubjectCommonName || spinning || !validAltNames}
+                        isDisabled={error.csrName || bad_file_name(csrName) || error.csrSubjectCommonName || spinning || !validAltNames}
                     >
                         {saveBtnName}
                     </Button>,
diff --git a/src/cockpit/389-console/src/lib/security/securityTables.jsx b/src/cockpit/389-console/src/lib/security/securityTables.jsx
index c4064c0f6d..7e23894c99 100644
--- a/src/cockpit/389-console/src/lib/security/securityTables.jsx
+++ b/src/cockpit/389-console/src/lib/security/securityTables.jsx
@@ -28,6 +28,7 @@ class KeyTable extends React.Component {
             value: '',
             sortBy: {},
             rows: [],
+            hasRows: false,
             columns: [
                 { title: 'Cipher', transforms: [sortable] },
                 { title: 'Key Identifier', transforms: [sortable] },
@@ -51,6 +52,7 @@ class KeyTable extends React.Component {
     componentDidMount() {
         let rows = [];
         let columns = this.state.columns;
+        let hasRows = true;
 
         for (const ServerKey of this.props.ServerKeys) {
             rows.push(
@@ -64,10 +66,13 @@ class KeyTable extends React.Component {
         if (rows.length == 0) {
             rows = [{ cells: ['No Orphan keys'] }];
             columns = [{ title: 'Orphan keys' }];
+            hasRows = false;
         }
+
         this.setState({
             rows: rows,
-            columns: columns
+            columns: columns,
+            hasRows
         });
     }
 
@@ -85,7 +90,7 @@ class KeyTable extends React.Component {
     }
 
     render() {
-        const { perPage, page, sortBy, rows, columns } = this.state;
+        const { perPage, page, sortBy, rows, columns, hasRows } = this.state;
 
         return (
             <div className="ds-margin-top-lg">
@@ -114,22 +119,24 @@ class KeyTable extends React.Component {
                     variant={TableVariant.compact}
                     sortBy={sortBy}
                     onSort={this.onSort}
-                    actions={rows.length > 0 ? this.actions() : null}
+                    actions={hasRows? this.actions() : null}
                     dropdownPosition="right"
                     dropdownDirection="bottom"
                 >
                     <TableHeader />
                     <TableBody />
                 </Table>
-                <Pagination
-                    itemCount={this.state.rows.length}
-                    widgetId="pagination-options-menu-bottom"
-                    perPage={this.state.perPage}
-                    page={page}
-                    variant={PaginationVariant.bottom}
-                    onSetPage={this.onSetPage}
-                    onPerPageSelect={this.onPerPageSelect}
-                />
+                {hasRows &&
+                    <Pagination
+                        itemCount={this.state.rows.length}
+                        widgetId="pagination-options-menu-bottom"
+                        perPage={this.state.perPage}
+                        page={page}
+                        variant={PaginationVariant.bottom}
+                        onSetPage={this.onSetPage}
+                        onPerPageSelect={this.onPerPageSelect}
+                    />
+                }
             </div>
         );
     }
@@ -185,6 +192,7 @@ class CSRTable extends React.Component {
     componentDidMount() {
         let rows = [];
         let columns = this.state.columns;
+        let hasRows = true;
 
         for (const ServerCSR of this.props.ServerCSRs) {
             rows.push(
@@ -200,10 +208,12 @@ class CSRTable extends React.Component {
         if (rows.length == 0) {
             rows = [{ cells: ['No Certificate Signing Requests'] }];
             columns = [{ title: 'Certificate Signing Requests' }];
+            hasRows = false;
         }
         this.setState({
             rows: rows,
             columns: columns,
+            hasRows,
         });
     }
 
@@ -265,16 +275,18 @@ class CSRTable extends React.Component {
     }
 
     render() {
-        const { perPage, page, sortBy, rows, columns } = this.state;
+        const { perPage, page, sortBy, rows, columns, hasRows } = this.state;
 
         return (
             <div className="ds-margin-top-lg">
-                <SearchInput
-                    placeholder='Search CSRs'
-                    value={this.state.value}
-                    onChange={this.onSearchChange}
-                    onClear={(evt) => this.onSearchChange('', evt)}
-                />
+                {hasRows &&
+                    <SearchInput
+                        placeholder='Search CSRs'
+                        value={this.state.value}
+                        onChange={this.onSearchChange}
+                        onClear={(evt) => this.onSearchChange('', evt)}
+                    />
+                }
                 <Table
                     className="ds-margin-top"
                     aria-label="csr table"
@@ -284,22 +296,24 @@ class CSRTable extends React.Component {
                     variant={TableVariant.compact}
                     sortBy={sortBy}
                     onSort={this.onSort}
-                    actions={rows.length > 0 ? this.actions() : null}
+                    actions={hasRows ? this.actions() : null}
                     dropdownPosition="right"
                     dropdownDirection="bottom"
                 >
                     <TableHeader />
                     <TableBody />
                 </Table>
-                <Pagination
-                    itemCount={this.state.rows.length}
-                    widgetId="pagination-options-menu-bottom"
-                    perPage={perPage}
-                    page={page}
-                    variant={PaginationVariant.bottom}
-                    onSetPage={this.onSetPage}
-                    onPerPageSelect={this.onPerPageSelect}
-                />
+                {hasRows &&
+                    <Pagination
+                        itemCount={rows.length}
+                        widgetId="pagination-options-menu-bottom"
+                        perPage={perPage}
+                        page={page}
+                        variant={PaginationVariant.bottom}
+                        onSetPage={this.onSetPage}
+                        onPerPageSelect={this.onPerPageSelect}
+                    />
+                }
             </div>
         );
     }
@@ -316,6 +330,7 @@ class CertTable extends React.Component {
             sortBy: {},
             rows: [],
             dropdownIsOpen: false,
+            hasRows: false,
             columns: [
                 {
                     title: 'Nickname',
@@ -407,6 +422,7 @@ class CertTable extends React.Component {
         let rows = [];
         let columns = this.state.columns;
         let count = 0;
+        let hasRows = true;
 
         for (const cert of this.props.certs) {
             rows.push(
@@ -428,10 +444,12 @@ class CertTable extends React.Component {
         if (rows.length == 0) {
             rows = [{ cells: ['No Certificates'] }];
             columns = [{ title: 'Certificates' }];
+            hasRows = false;
         }
         this.setState({
             rows: rows,
-            columns: columns
+            columns: columns,
+            hasRows,
         });
     }
 
@@ -508,7 +526,7 @@ class CertTable extends React.Component {
     }
 
     render() {
-        const { perPage, page, sortBy, rows, columns } = this.state;
+        const { perPage, page, sortBy, rows, columns, hasRows } = this.state;
         const origRows = [...rows];
         const startIdx = ((perPage * page) - perPage) * 2;
         const tableRows = origRows.splice(startIdx, perPage * 2);
@@ -520,12 +538,14 @@ class CertTable extends React.Component {
 
         return (
             <div className="ds-margin-top-lg">
-                <SearchInput
-                    placeholder='Search Certificates'
-                    value={this.state.value}
-                    onChange={this.onSearchChange}
-                    onClear={(evt) => this.onSearchChange('', evt)}
-                />
+                {hasRows &&
+                    <SearchInput
+                        placeholder='Search Certificates'
+                        value={this.state.value}
+                        onChange={this.onSearchChange}
+                        onClear={(evt) => this.onSearchChange('', evt)}
+                    />
+                }
                 <Table
                     className="ds-margin-top"
                     aria-label="cert table"
@@ -536,22 +556,24 @@ class CertTable extends React.Component {
                     sortBy={sortBy}
                     onSort={this.onSort}
                     onCollapse={this.onCollapse}
-                    actions={tableRows.length > 0 ? this.actions() : null}
+                    actions={hasRows ? this.actions() : null}
                     dropdownPosition="right"
                     dropdownDirection="bottom"
                 >
                     <TableHeader />
                     <TableBody />
                 </Table>
-                <Pagination
-                    itemCount={this.state.rows.length / 2}
-                    widgetId="pagination-options-menu-bottom"
-                    perPage={perPage}
-                    page={page}
-                    variant={PaginationVariant.bottom}
-                    onSetPage={this.onSetPage}
-                    onPerPageSelect={this.onPerPageSelect}
-                />
+                {hasRows &&
+                    <Pagination
+                        itemCount={this.state.rows.length / 2}
+                        widgetId="pagination-options-menu-bottom"
+                        perPage={perPage}
+                        page={page}
+                        variant={PaginationVariant.bottom}
+                        onSetPage={this.onSetPage}
+                        onPerPageSelect={this.onPerPageSelect}
+                    />
+                }
             </div>
         );
     }
@@ -569,6 +591,7 @@ class CRLTable extends React.Component {
             sortBy: {},
             rows: [],
             dropdownIsOpen: false,
+            hasRows: false,
             columns: [
                 { title: 'Issued By', transforms: [sortable] },
                 { title: 'Effective Date', transforms: [sortable] },
@@ -675,6 +698,7 @@ class CRLTable extends React.Component {
             rows: rows,
             value: value,
             page: 1,
+            hasRows: rows.length === 0 ? false : true,
         });
     }
 
@@ -694,7 +718,6 @@ class CRLTable extends React.Component {
     }
 
     render() {
-        const has_rows = false; // TODO
         return (
             <div className="ds-margin-top">
                 <SearchInput
@@ -714,15 +737,17 @@ class CRLTable extends React.Component {
                     <TableHeader />
                     <TableBody />
                 </Table>
-                <Pagination
-                    itemCount={this.state.rows.length}
-                    widgetId="pagination-options-menu-bottom"
-                    perPage={this.state.perPage}
-                    page={this.state.page}
-                    variant={PaginationVariant.bottom}
-                    onSetPage={this.onSetPage}
-                    onPerPageSelect={this.onPerPageSelect}
-                />
+                {this.state.hasRows &&
+                    <Pagination
+                        itemCount={this.state.rows.length}
+                        widgetId="pagination-options-menu-bottom"
+                        perPage={this.state.perPage}
+                        page={this.state.page}
+                        variant={PaginationVariant.bottom}
+                        onSetPage={this.onSetPage}
+                        onPerPageSelect={this.onPerPageSelect}
+                    />
+                }
             </div>
         );
     }
diff --git a/src/lib389/cli/dscontainer b/src/lib389/cli/dscontainer
index 8aa9567303..4645a8d8b8 100755
--- a/src/lib389/cli/dscontainer
+++ b/src/lib389/cli/dscontainer
@@ -57,6 +57,7 @@ from lib389.idm.directorymanager import DirectoryManager
 # is always available!
 log = setup_script_logger("container-init", True)
 
+
 # Handle any dead child process signals we receive. Wait for them to terminate, or
 # if they are not found, move on.
 #
@@ -66,16 +67,19 @@ def _sigchild_handler(*args, **kwargs):
     # log.debug("Received SIGCHLD ...")
     os.waitpid(-1, os.WNOHANG)
 
+
 # Start the exit process.
 def _sigterm_handler(*args, **kwargs):
     exit()
 
+
 def _gen_instance():
     inst = DirSrv(verbose=True)
     inst.local_simple_allocate("localhost")
     inst.setup_ldapi()
     return inst
 
+
 def _begin_environment_config():
     inst = _gen_instance()
     inst.open()
@@ -100,6 +104,7 @@ def _begin_environment_config():
 
     inst.close()
 
+
 def _begin_setup_pem_tls():
     # If we have the needed files, we can use them.
     #
@@ -134,19 +139,21 @@ def _begin_setup_pem_tls():
     # Import the ca's
     for ca_path in [os.path.join(CONTAINER_TLS_SERVER_CADIR, ca) for ca in cas]:
         log.info("Enrolling -> %s" % ca_path)
-        tls.add_cert(nickname=ca_path, input_file=ca_path)
+        tls.add_cert(nickname=ca_path, input_file=ca_path, ca=True)
         tls.edit_cert_trust(ca_path, "C,,")
     # Import the new server-cert
     tls.add_server_key_and_cert(CONTAINER_TLS_SERVER_KEY, CONTAINER_TLS_SERVER_CERT)
     # Done!
     log.info("TLS PEM configuration complete.")
 
+
 def _begin_check_reindex():
     if os.getenv('DS_REINDEX', None) is not None:
         log.info("Reindexing database. This may take a while ...")
         inst = _gen_instance()
         inst.db2index()
 
+
 def begin_magic():
     log.info("The 389 Directory Server Container Bootstrap")
     # Leave this comment here: UofA let me take this code with me provided
diff --git a/src/lib389/lib389/nss_ssl.py b/src/lib389/lib389/nss_ssl.py
index e011a38638..d8bfc72b51 100644
--- a/src/lib389/lib389/nss_ssl.py
+++ b/src/lib389/lib389/nss_ssl.py
@@ -1076,7 +1076,6 @@ def edit_cert_trust(self, nickname,  trust_flags):
         except subprocess.CalledProcessError as e:
             raise ValueError(e.output.decode('utf-8').rstrip())
 
-
     def display_cert_details(self, nickname):
         cmd = [
             '/usr/bin/certutil',
@@ -1094,7 +1093,6 @@ def display_cert_details(self, nickname):
 
         return ensure_str(result)
 
-
     def get_cert_details(self, nickname):
         """Get the trust flags, subject DN, issuer, and expiration date
 
diff --git a/src/lib389/lib389/utils.py b/src/lib389/lib389/utils.py
index 92f1d08ec5..db442a85ba 100644
--- a/src/lib389/lib389/utils.py
+++ b/src/lib389/lib389/utils.py
@@ -54,6 +54,7 @@ def wait(self):
 from cryptography.hazmat.backends import default_backend
 import lib389
 from pathlib import Path
+from subprocess import check_output
 from lib389.paths import ( Paths, DEFAULTS_PATH )
 from lib389.dseldif import DSEldif
 from lib389._constants import (
@@ -1767,6 +1768,25 @@ def is_cert_der(file_name):
         return True
 
 
+def check_cert_info(cert_file_name, search_text):
+    # Use openssl to get cert details
+    cmd = [
+        'openssl',
+        'x509',
+        '-in', cert_file_name,
+        '-text',
+        '-noout',
+    ]
+    log.debug("get_cert_details cmd: %s", format_cmd_list(cmd))
+    try:
+        result = check_output(cmd, stderr=subprocess.STDOUT)
+    except subprocess.CalledProcessError as e:
+        raise ValueError(e.output.decode('utf-8').rstrip())
+
+    cert_text = ensure_str(result)
+    return search_text.lower() in cert_text.lower()
+
+
 def cert_is_ca(cert_file_name):
     with open(cert_file_name, "rb") as f:
         if is_cert_der(cert_file_name):
@@ -1774,18 +1794,20 @@ def cert_is_ca(cert_file_name):
         else:
             cert = x509.load_pem_x509_certificate(f.read(), default_backend())
 
-    key_usage = cert.extensions.get_extension_for_oid(x509.oid.ExtensionOID.KEY_USAGE)
-    if not key_usage.value.key_cert_sign:
-        return False
-
-    basic_constraints = cert.extensions.get_extension_for_oid(
-        x509.oid.ExtensionOID.BASIC_CONSTRAINTS
-    )
-    if not basic_constraints.value.ca:
-        return False
-
-    # This is a CA cert
-    return True
+    try:
+        key_usage = cert.extensions.get_extension_for_oid(x509.oid.ExtensionOID.KEY_USAGE)
+        if not key_usage.value.key_cert_sign:
+            return False
+        basic_constraints = cert.extensions.get_extension_for_oid(
+            x509.oid.ExtensionOID.BASIC_CONSTRAINTS
+        )
+        if not basic_constraints.value.ca:
+            return False
+        else:
+            return True
+    except x509.ExtensionNotFound:
+        # No extensions, check the cert info directly
+        return check_cert_info(cert_file_name, "CA:TRUE")
 
 
 def get_passwd_from_file(passwd_file):