From 1834a25a1982e2c2c49fde5998efdc7d10d3a29b Mon Sep 17 00:00:00 2001
From: "Endi S. Dewata" <edewata@redhat.com>
Date: Thu, 6 Oct 2016 22:08:15 +0200
Subject: [PATCH] Fixed ConfigurationUtils.importCertChain().

The ConfigurationUtils.importCertChain() has been modified to
ignore UNKNOWN_ISSUER error when connecting to a server that
does not have the complete certificate chain.

https://fedorahosted.org/pki/ticket/2497
(cherry picked from commit 343a756bb93abf057f2999858ba9e170fa84f143)
(cherry picked from commit 6e0e2afbbeb1bb7acdf402edf5ca426bfc01a433)
---
 .../cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 34500d0..ecf8157 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -261,8 +261,9 @@ public class ConfigurationUtils {
 
         IConfigStore cs = CMS.getConfigStore();
         ConfigCertApprovalCallback certApprovalCallback = new ConfigCertApprovalCallback();
-        // Ignore untrusted issuer to get cert chain.
+        // Ignore untrusted/unknown issuer to get cert chain.
         certApprovalCallback.ignoreError(ValidityStatus.UNTRUSTED_ISSUER);
+        certApprovalCallback.ignoreError(ValidityStatus.UNKNOWN_ISSUER);
         String c = get(host, port, true, serverPath, null, certApprovalCallback);
 
         if (c != null) {
-- 
1.8.3.1