Bug #5633
closedsystem_certmanager.php - Cannot import certificate
100%
Description
In System / Certificate Manager / Certificates, when trying to import a certificate by "Import an existing Certificate", after putting all the data in all the input boxes, the Save button does nothing... Not saving, nor generating any error...
Files
Updated by Anonymous about 9 years ago
Unable to reproduce.
Navigated to system_certmanager.php
Clicked "Add"
Typed in a name and pasted a certificate into the text areas.
New certificate saved correctly and appears in the list of certs.
Tested with FireFox, Safari and Chrome.
Updated by Razvan Resteantu about 9 years ago
OK... After more testing, it seems that is working, but...
If after clicking "Add" I enter a name, and paste certificate and private key data and click "Save", nothing happens. Save button does nothing, no action.
If after clicking "Add" I select other option (Ex. "Create an internal Certificate") and after that select back "Import an existing Certificate", after pasting all the required data the "Save" button works correctly and indeed it saves the certificate.
I tested this behavior both in IE and Chrome.
In Firefox, doing the same, I get an balloon popup saying "Please enter an email address."
You can test it by navigating to System / Certificate Manager / Certificates, click "Add" and in the new window, without inputting anything, click "Save". In IE and Chrome you'll get no action and in Firefox you'll get the "Please enter an email address." balloon.
Updated by Anonymous about 9 years ago
Could others test and confirm this please? I am still unable to reproduce.
Updated by Razvan Resteantu about 9 years ago
What is the default option selected when you enter "Add" in the system_certmanager.php menu?
When I enter it, on "Method" dropdown list I have "Import an existing Certificate", but it's like this value is not "selected" in the code...
Furthermore, if i enter System > Certificate Manager > Certificates > Add and directly click on "Save" (without doing anything else), in Chrome debug window I get "An invalid form control with name='dn_email' is not focusable." in system_certmanager.php?act=new:1
Updated by Anonymous about 9 years ago
- Subject changed from Cannot import certificate to system_certmanager.php - Cannot import certificate
Updated by Anonymous about 9 years ago
- Status changed from New to Feedback
- Assignee set to Razvan Resteantu
- Priority changed from High to Low
I have asked colleagues to test and they cannot reproduce either. Is it possible you have an adblocker, noscript or other plugin that is interfering with the action of the page?
Updated by Chris Buechler about 9 years ago
also been unable to replicate this anywhere with a variety of browsers on Windows, Linux and OS X.
Razvan: please clear the cache in your browser, close it out, reopen and start over trying to replicate the issue. Then if you can still replicate, the exact steps would be helpful.
Updated by Razvan Resteantu about 9 years ago
- File pfSense_CertManager.mp4 pfSense_CertManager.mp4 added
I cleared cache, tried IE, Chrome and Firefox, tried on 3 different computers (2 win7 and 1 win10) and the same thing is happening every time.
Maybe it's something related with other setting in pfSense (theme, http/https, etc), but I played with the settings and I cannot make it work...
I attached a little movie to see exactly the issue and the steps I take...
As you can see, when entering the Add Certificate page, the Save button does nothing. I have to select another "Method" and then select back "Import an existing Certificate", in order to work.
There is no adblocker or other plugin running.
Please let me know if there is anything else that I can do in order to help debug this issue.
Updated by Phillip Davis about 9 years ago
Might be a red herring, but is the certificate a response to a Certificate Signing Request that you generated using the 2.3 code?
I just saw an issue with the External Signing Request code: https://github.com/pfsense/pfsense/pull/2257
Updated by Chris Buechler almost 9 years ago
Thanks for the video, that at least makes it clearer. Still can't replicate with either theme though. Maybe was an issue with the dark theme earlier that's since been fixed, or something else that's since been fixed.
Are you still seeing this on the latest version Razvan?
Updated by Razvan Resteantu almost 9 years ago
Hello and Happy New Year!
@Phillip Davis: I didn't generate any of the certificates through pfSense interface. All of them were imported, so I don't think the issue you posted is related.
. . Buechler: I'm now on 2.3-ALPHA (amd64) built on Mon Jan 04 22:46:20 CST 2016, and I'm seeing the same behavior. It's not from the theme, because I tried it with different themes and it's doing the same. Also tried changing different settings that could have any relation with the behavior, but couldn't make it work...
Maybe the problem is from the CA certificate that I imported, who's name contains "&" (ampersand) character, but I cannot change it now because there are a lot of settings to be changed...
I saw that when creating a new certificate from pfSense interface, I'm not allowed to use "&" in the name of the certificate, but when importing a certificate, I can use it... Maybe this is related to the issue I'm seeing.
I'll try to install a fresh copy of pfSense in a virtual machine and test if the issue is still present on a clean installation. If it's not, I'll start making the settings one by one, to try to identify when the issue appear.
It will take some time though, because right now I'm full at my day job...
Updated by Razvan Resteantu almost 9 years ago
OK... After making some tests, I can now reliably replicate the issue...
The problem is when the first CA's name in system_camanager.php contains "&" (ampersand).
When you create a new CA by "Create an Internal Certificate Authority", you cannot use "&" in the name of the certificate (Descriptive name), but if you use the option "Import an Existing Certificate Authority", you can use "&" in the CA name.
My problem is that my CA name contains &, and when this CA is the first one in the list, or is the only one, then the issue that I reported earlier appears.
In order to replicate the issue you have to follow these steps:
1. Import a CA and use "&" in the name;
2. Delete any other CA that may exist, so that the one with "&" in the name is the only CA defined;
3. Go to system_certmanager.php and try to add a new certificate. The reported bug will manifest...
I think that you'll resolve this bug easily by restricting the use of "&" in the CA name when importing CAs, but I don't think this is right...
Why is the use of & not allowed in certificates names?
I think the code should be adjusted in order to allow this. I don't want to change my Organization name, or my certificate that I was using for years without a problem...
Please let me know if you need more info.
Updated by Anonymous almost 9 years ago
Thanks for the detective work. I'll take a look at this later this week. There is a possibility that it is a character encoding issue I suppose.
Updated by Anonymous almost 9 years ago
- Status changed from Feedback to Assigned
- Assignee changed from Razvan Resteantu to Anonymous
Updated by Anonymous almost 9 years ago
- Status changed from Assigned to Feedback
- Assignee changed from Anonymous to Razvan Resteantu
Updated by Anonymous almost 9 years ago
Testing this with Firefox, I found that when following your instructions (thank you for that) I got a pop-up message telling me I needed to enter an email address. Looking at the source there are two input fields that specify the attribute type="email" so I suspect this is what is causing the problem for you.
The long-term fix is to get rid of the toggle() action and to use Javascript instead. This in turn will allow elements not required by a particular action to be disabled.
For now, however, I have changed the element type to "text" and for me at least, this seems to work around the issue.
Would you give it a try please?
Updated by Anonymous almost 9 years ago
- % Done changed from 0 to 100
Applied in changeset b7eb0ead89d530123147b30e78545316e59adbb9.
Updated by Razvan Resteantu almost 9 years ago
Hi Steve,
Indeed, that change did the trick.
Now everything is OK.
Updated by Anonymous almost 9 years ago
- Status changed from Feedback to Resolved
- Assignee deleted (
Razvan Resteantu)