Please review the attached patch which addresses:
This was tested on Fedora 23 by doing the following:
- installed and configured a CA
- Successfully tested enrollment in a browser after importing
the original Admin certificate
- systemctl stop pki-tomcatd@pki-tomcat.service
- edited /etc/pki/pki-tomcat/ca/CS.cfg to set:
- ca.Policy.enable=true
- Â cmsgateway.enableAdminEnroll=true
- systemctl start pki-tomcatd@pki-tomcat.service
- created a new Firefox profile
- traversed to the EE page, went to the Retrieval tab, imported
the CA cert, and trusted it
- within this new profile, traversed to
https://pki.example.com:8443/ca/admin/ca/adminEnroll.html, and
filled out the form
- with this patch installed, it should generate a new admin
certificate and import it successfully into this new profile --
to check, attempt to use the imported admin certificate to
traverse to the Agents page