system_certmanager.php - Cannot import certificate
In System / Certificate Manager / Certificates, when trying to import a certificate by "Import an existing Certificate", after putting all the data in all the input boxes, the Save button does nothing... Not saving, nor generating any error...
#2 Updated by Razvan Resteantu almost 4 years ago
OK... After more testing, it seems that is working, but...
If after clicking "Add" I enter a name, and paste certificate and private key data and click "Save", nothing happens. Save button does nothing, no action.
If after clicking "Add" I select other option (Ex. "Create an internal Certificate") and after that select back "Import an existing Certificate", after pasting all the required data the "Save" button works correctly and indeed it saves the certificate.
I tested this behavior both in IE and Chrome.
In Firefox, doing the same, I get an balloon popup saying "Please enter an email address."
You can test it by navigating to System / Certificate Manager / Certificates, click "Add" and in the new window, without inputting anything, click "Save". In IE and Chrome you'll get no action and in Firefox you'll get the "Please enter an email address." balloon.
#4 Updated by Razvan Resteantu almost 4 years ago
What is the default option selected when you enter "Add" in the system_certmanager.php menu?
When I enter it, on "Method" dropdown list I have "Import an existing Certificate", but it's like this value is not "selected" in the code...
Furthermore, if i enter System > Certificate Manager > Certificates > Add and directly click on "Save" (without doing anything else), in Chrome debug window I get "An invalid form control with name='dn_email' is not focusable." in system_certmanager.php?act=new:1
#6 Updated by Steve Beaver almost 4 years ago
- Status changed from New to Feedback
- Assignee set to Razvan Resteantu
- Priority changed from High to Low
I have asked colleagues to test and they cannot reproduce either. Is it possible you have an adblocker, noscript or other plugin that is interfering with the action of the page?
#7 Updated by Chris Buechler almost 4 years ago
also been unable to replicate this anywhere with a variety of browsers on Windows, Linux and OS X.
Razvan: please clear the cache in your browser, close it out, reopen and start over trying to replicate the issue. Then if you can still replicate, the exact steps would be helpful.
#8 Updated by Razvan Resteantu almost 4 years ago
I cleared cache, tried IE, Chrome and Firefox, tried on 3 different computers (2 win7 and 1 win10) and the same thing is happening every time.
Maybe it's something related with other setting in pfSense (theme, http/https, etc), but I played with the settings and I cannot make it work...
I attached a little movie to see exactly the issue and the steps I take...
As you can see, when entering the Add Certificate page, the Save button does nothing. I have to select another "Method" and then select back "Import an existing Certificate", in order to work.
There is no adblocker or other plugin running.
Please let me know if there is anything else that I can do in order to help debug this issue.
#10 Updated by Chris Buechler almost 4 years ago
Thanks for the video, that at least makes it clearer. Still can't replicate with either theme though. Maybe was an issue with the dark theme earlier that's since been fixed, or something else that's since been fixed.
Are you still seeing this on the latest version Razvan?
#11 Updated by Razvan Resteantu almost 4 years ago
Hello and Happy New Year!
@Phillip Davis: I didn't generate any of the certificates through pfSense interface. All of them were imported, so I don't think the issue you posted is related.
@Chris Buechler: I'm now on 2.3-ALPHA (amd64) built on Mon Jan 04 22:46:20 CST 2016, and I'm seeing the same behavior. It's not from the theme, because I tried it with different themes and it's doing the same. Also tried changing different settings that could have any relation with the behavior, but couldn't make it work...
Maybe the problem is from the CA certificate that I imported, who's name contains "&" (ampersand) character, but I cannot change it now because there are a lot of settings to be changed...
I saw that when creating a new certificate from pfSense interface, I'm not allowed to use "&" in the name of the certificate, but when importing a certificate, I can use it... Maybe this is related to the issue I'm seeing.
I'll try to install a fresh copy of pfSense in a virtual machine and test if the issue is still present on a clean installation. If it's not, I'll start making the settings one by one, to try to identify when the issue appear.
It will take some time though, because right now I'm full at my day job...
#12 Updated by Razvan Resteantu almost 4 years ago
OK... After making some tests, I can now reliably replicate the issue...
The problem is when the first CA's name in system_camanager.php contains "&" (ampersand).
When you create a new CA by "Create an Internal Certificate Authority", you cannot use "&" in the name of the certificate (Descriptive name), but if you use the option "Import an Existing Certificate Authority", you can use "&" in the CA name.
My problem is that my CA name contains &, and when this CA is the first one in the list, or is the only one, then the issue that I reported earlier appears.
In order to replicate the issue you have to follow these steps:
1. Import a CA and use "&" in the name;
2. Delete any other CA that may exist, so that the one with "&" in the name is the only CA defined;
3. Go to system_certmanager.php and try to add a new certificate. The reported bug will manifest...
I think that you'll resolve this bug easily by restricting the use of "&" in the CA name when importing CAs, but I don't think this is right...
Why is the use of & not allowed in certificates names?
I think the code should be adjusted in order to allow this. I don't want to change my Organization name, or my certificate that I was using for years without a problem...
Please let me know if you need more info.
#16 Updated by Steve Beaver almost 4 years ago
Testing this with Firefox, I found that when following your instructions (thank you for that) I got a pop-up message telling me I needed to enter an email address. Looking at the source there are two input fields that specify the attribute type="email" so I suspect this is what is causing the problem for you.
For now, however, I have changed the element type to "text" and for me at least, this seems to work around the issue.
Would you give it a try please?