Internet Explorer 11: caUserCert request submission fails using the EE page

[pki-bot]

This issue was migrated from Pagure Issue #1575. Originally filed by rpattath (@rpattath) on 2015-08-19 23:04:02:

• Assigned to jmagne (@jmagne)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1255162

---

IE 11: caUserCert request submission fails using the EE page

Steps to Reproduce:

1. Access the EE page of CA from a Windows Server 2012 machine using Internet
Explore 11
2. Create a caUserCert request

Actual results:

Request is not submitted and shows the message "Certificate request not found"

Expected results:

Cetificate request should be created successfully

Additional info:

Debug log messages:

[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet:service() uri =
/ca/ee/ca/profileSubmit
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='cert_request_type' value='keygen'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='selectKeyType' value='RSA'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_uid' value='test3'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_e' value='test3@a.com'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_cn' value='test'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_ou3' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_ou2' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_ou1' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_ou' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_o' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='sn_c' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='requestor_name' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='requestor_email' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='requestor_phone' value=''
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='profileId' value='caUserCert'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='renewal' value='false'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet::service() param
name='xmlOutput' value='false'
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet: caProfileSubmit
start to service.
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: xmlOutput false
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: ProfileSubmitServlet: isRenewal
false
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: according to ccMode,
authorization for servlet: caProfileSubmit is LDAP based, not XML {1}, use
default authz mgr: {2}.
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: Input Parameters:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_o:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_e:
test3@a.com
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - requestor_email:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - requestor_phone:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - remoteHost:
10.13.129.103
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - requestor_name:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_ou3:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_ou2:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_uid: test3
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_cn: test
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - profileId:
caUserCert
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: -
cert_request_type: keygen
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_c:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - isRenewal: false
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_ou1:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - sn_ou:
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CAProcessor: - remoteAddr:
10.13.129.103
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollmentProcessor: isRenewal
false
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollmentProcessor: profileId
caUserCert
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollmentProcessor: set Inputs
into profile Context
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollmentProcessor: set
sslClientCertProvider
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: Repository: in
getNextSerialNumber.
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: Repository: checkRange
mLastSerialNo=102
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: Repository:
getNextSerialNumber: returning retSerial 102
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollProfile:
setDefaultCertInfo: setting issuerDN using exact CA signing cert subjectDN
encoding
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: EnrollProfile: createRequest
102
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CertProcessor:
profileSetid=userCertSet
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CertProcessor: request 102
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CertProcessor: populating
request inputs
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: KeyGenInput: populate - invalid
certificate request
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: ProfileSubmitServlet: error in
processing request: Certificate Request Not Found
[19/Aug/2015:14:34:03][http-bio-30042-exec-18]: CMSServlet: curDate=Wed Aug 19
14:34:03 EDT 2015 id=caProfileSubmit time=3

[pki-bot]

Comment from jmagne (@jmagne) at 2015-08-21 01:00:42

Checkin to only warn of lack of IE 11 support in the UI:

commit 0baf14a
Author: Jack Magne jmagne@localhost.localdomain
Date: Thu Aug 20 12:06:32 2015 -0700

Internet Explorer 11 not working browser warning.

Related to ticket 1575 Internet Explorer 11: caUserCert request submission fails using the EE page.

This patch will only do the following:

Detect IE when IE11 is being used. Before this IE11 was mistaken for Firefox.
Detect IE11 specifically and warn the user that there is no support.

This ticket will live to se we can fix this properly by porting the current
VBS script to Javascript to support cert enrollment on IE 11.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2015-08-21 01:11:00

Moving this ticket to 10.3 to be fully resolved.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2016-05-06 23:55:37

Per Bug Triage of 05/05/2016: 10.4

[pki-bot]

Comment from rpattath (@rpattath) at 2017-02-27 14:10:37

Metadata Update from @rpattath:

• Issue assigned to jmagne
• Issue set to the milestone: UNTRIAGED

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-08-30 23:49:49

Metadata Update from @mharmsen:

• Custom field feature adjusted to None
• Custom field proposedmilestone adjusted to None
• Custom field proposedpriority adjusted to None
• Custom field reviewer adjusted to None
• Custom field version adjusted to None
• Issue close_status updated to: None
• Issue set to the milestone: FUTURE (was: UNTRIAGED)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2018-04-10 21:38:47

Per 10.5.x/10.6 Triage: FUTURE

jmagne says that this is a non-trivial effort