-
Bug
-
Resolution: Unresolved
-
P4
-
None
-
14.0.1
-
x86_64
-
windows_10
ADDITIONAL SYSTEM INFORMATION :
Windows only, tested on Windows 10
A DESCRIPTION OF THE PROBLEM :
The Sun MSCapi provider does not list certificate entries that are flagged as archived. Certificates are flagged by windows automatically when they are renewed by the Active Directory Certificate Services (AD CS).
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Install a windows certificate authority (https://docs.microsoft.com/de-de/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority) within an Active Directory Domain
2. Request and allow a user certificate that shows up in Personal Certificates (Windows-MY)
3. Renew the certificate by choosing "request certificate with new key" in certmgr.msc
4. In certmgr.msc, Certificates – Current User container in the left pane, chose "View"->"Options" from the menu
and mark the option "Archived certificates" and click OK. You can now see an entry for the previously renewed certificate marked as "archived".
5. Run the following Java Code:
KeyStore ks = KeyStore.getInstance(„WINDOWS-MY“); // $NON-NLS-1$
ks.load(null, null)
Enumeration<String> e = ks.aliases();
while ((e != null) && e.hasMoreElements()) {
String alias = e.nextElement();
System.out.println(alias)
}
Hint: You might by able to skip step 1 to 4 by setting the archive flag manually like described here http://blogs.technet.com/b/pki/archive/2007/02/22/how-to-manually-set-the-archive-flag-for-certifictes.aspx
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The number of entries returned should match the number of all entries in WINDOWS-MY
ACTUAL -
Entries returned do not include entries with active archive flag.
FREQUENCY : always
Windows only, tested on Windows 10
A DESCRIPTION OF THE PROBLEM :
The Sun MSCapi provider does not list certificate entries that are flagged as archived. Certificates are flagged by windows automatically when they are renewed by the Active Directory Certificate Services (AD CS).
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Install a windows certificate authority (https://docs.microsoft.com/de-de/windows-server/networking/core-network-guide/cncg/server-certs/install-the-certification-authority) within an Active Directory Domain
2. Request and allow a user certificate that shows up in Personal Certificates (Windows-MY)
3. Renew the certificate by choosing "request certificate with new key" in certmgr.msc
4. In certmgr.msc, Certificates – Current User container in the left pane, chose "View"->"Options" from the menu
and mark the option "Archived certificates" and click OK. You can now see an entry for the previously renewed certificate marked as "archived".
5. Run the following Java Code:
KeyStore ks = KeyStore.getInstance(„WINDOWS-MY“); // $NON-NLS-1$
ks.load(null, null)
Enumeration<String> e = ks.aliases();
while ((e != null) && e.hasMoreElements()) {
String alias = e.nextElement();
System.out.println(alias)
}
Hint: You might by able to skip step 1 to 4 by setting the archive flag manually like described here http://blogs.technet.com/b/pki/archive/2007/02/22/how-to-manually-set-the-archive-flag-for-certifictes.aspx
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
The number of entries returned should match the number of all entries in WINDOWS-MY
ACTUAL -
Entries returned do not include entries with active archive flag.
FREQUENCY : always