2 files changed, 30 insertions, 6 deletions

diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
index 92a901791..ed70a099a 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/ConfigurationUtils.java
@@ -289,9 +289,20 @@ public class ConfigurationUtils {
                 // separate individual certs in chain for display
                 byte[] decoded = CryptoUtil.base64Decode(certchain);
                 java.security.cert.X509Certificate[] b_certchain = CryptoUtil.getX509CertificateFromPKCS7(decoded);
-                int size = 0;
 
-                if (b_certchain != null) {
+                int size;
+
+                if (b_certchain == null) {
+                    CMS.debug("ConfigurationUtils: no certificate chain");
+
+                    size = 0;
+
+                } else {
+                    CMS.debug("ConfigurationUtils: certificate chain:");
+                    for (java.security.cert.X509Certificate cert : b_certchain) {
+                        CMS.debug("ConfigurationUtils: - " + cert.getSubjectDN());
+                    }
+
                     size = b_certchain.length;
                 }
 
diff --git a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
index 8cc0f85d6..df60d4230 100644
--- a/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
+++ b/base/server/cms/src/com/netscape/cms/servlet/csadmin/GetCertChain.java
@@ -19,6 +19,7 @@ package com.netscape.cms.servlet.csadmin;
 
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.security.cert.X509Certificate;
 import java.util.Locale;
 
 import javax.servlet.ServletConfig;
@@ -26,8 +27,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import netscape.security.x509.CertificateChain;
-
 import org.w3c.dom.Node;
 
 import com.netscape.certsrv.apps.CMS;
@@ -39,6 +38,8 @@ import com.netscape.cms.servlet.base.UserInfo;
 import com.netscape.cms.servlet.common.CMSRequest;
 import com.netscape.cmsutil.xml.XMLObject;
 
+import netscape.security.x509.CertificateChain;
+
 public class GetCertChain extends CMSServlet {
 
     /**
@@ -70,17 +71,29 @@ public class GetCertChain extends CMSServlet {
      * @param cmsReq the object holding the request and response information
      */
     protected void process(CMSRequest cmsReq) throws EBaseException {
+
         HttpServletResponse httpResp = cmsReq.getHttpResp();
 
         CertificateChain certChain = ((ICertAuthority) mAuthority).getCACertChain();
 
         if (certChain == null) {
-            CMS.debug(
-                    "GetCertChain displayChain: cannot get the certificate chain.");
+            CMS.debug("GetCertChain: cannot get the certificate chain.");
             outputError(httpResp, "Error: Failed to get certificate chain.");
             return;
         }
 
+        X509Certificate[] certs = certChain.getChain();
+
+        if (certs == null) {
+            CMS.debug("GetCertChain: no certificate chain");
+
+        } else {
+            CMS.debug("GetCertChain: certificate chain:");
+            for (X509Certificate cert : certs) {
+                CMS.debug("GetCertChain: - " + cert.getSubjectDN());
+            }
+        }
+
         byte[] bytes = null;
 
         try {