Infrastructure/AccountSystem2/CertificateProblem

From FedoraProject

< Infrastructure | AccountSystem2
Revision as of 14:13, 24 May 2008 by ImportUser (Talk)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Nalin Dahyabhai <nalin@redhat.com>
To: admin@fedoraproject.org

On Wed, May 23, 2007 at 11:13:34AM -0500, Mike McGrath wrote:
> Ahh, so this does actually prevent you from importing into firefox?  We
> can fix this but its just a matter of time to do it.  We're actually
> already working on the second iteration of the accounts system and we
> may have better luck fixing it there.  The current code base can be
> found here though:
>
> http://cvs.fedoraproject.org/viewcvs/fedora-accounts/?root=fedora

If I've already imported the CA certificate, it does prevent me from
importing my certificate.

Okay, I think I see the problem.  If I'm reading it right, gen-cert.cgi
creates a new "serial" file for every certificate issued.  OpenSSL
usually increments the value in that file when you issue a new
certificate, so preserving either the file or its contents between runs
should solve the problem.

I'm afraid I don't know enough about how the system is deployed to offer
suggestions about where to do that, though.