I set up an external ocsp responder. But when I used openssl to check a certificate status, I got the following error from server.log
2010-12-15 16:21:44,387 INFO (http-0.0.0.0-8380-1) Received OCSP request for certificate with serNo: 1a45f50ed6baf905, and issuerNameHash: bd655e1a206ff5fa23d122e51b0bb41c04f797c2. Client ip 127.0.0.1.
2010-12-15 16:21:44,588 INFO (http-0.0.0.0-8380-1) Adding status information (revoked) for certificate with serial '1a45f50ed6baf905' from issuer 'C=US,O=Test,CN=My Test Sub Root CA'.
2010-12-15 16:21:54,587 ERROR (http-0.0.0.0-8380-1) Error processing OCSP request. Message: No ocsp signing key for caid -782569590.
org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceNotActiveException: No ocsp signing key for caid -782569590
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.extendedService(OCSPServletStandAloneSession.java:1909)
at org.ejbca.ui.web.protocol.OCSPServletStandAlone.extendedService(OCSPServletStandAlone.java:145)
at org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:226)
at org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:854)
at org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:374)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
I do not know what is wrong.
I put my Root CA's and Sub Root CA's certificate and my ocsp signer p12 file in the jboss/bin/keys directory.
The Root CA, Sub CA and ocsp signer certificate all use ECC and SHA384ECDSA.
I have set up external ocsp responders using RSA algorithm without any problem.
Please help!
Thanks,
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Your log is not from an external OCSP responder but directly from the CA.
it says:
2010-12-15 16:21:54,587 ERROR
(http-0.0.0.0-8380-1) Error processing OCSP request. Message: No ocsp signing
key for caid -782569590.
"ExtendedCAServiceNotActiveException" probalby mean that you did not "enable" the OCSP service in the CA configuration. The internal ocsp repsonder will not use any p12 file.
That is weired. I set the server as an external ocsp server.
I configured the ocsp.properties, database.properties and web.properties.
I did not configure the ejbca.properties. In the conf directory, all other files have .sample in their file name.
I used ant ocsp-deploy command to deploy the server.
Using exactly the same procedure, I built some other external ocsp servers. They all work fine.
The only difference is that this one uses ECC algorithm. Did I do something wrong?
Thanks,
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I do not understand this.
I tried my ocsp signing key in p12 format with and without CA certificate chain in it.
I got the same error message.
I also have my ca root and subroot's certificate in the same keys directory.
Why the server still complain "No ocsp signing key for caid -782569590"?
Which CA does it refer to? How can I find out the 782569590 id?
I never got these kind of error for RSA keys.
Thanks,
John
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I found error message in my log. It looked like that the ECC was not support by the bouncycastle package.
How could I solve this problem? I already copied the bcmail-jdk15.jar, bcprov-jdk15.jar and bctsp-jdk15.jar
to the <jbosshome>/server/default/lib directory.
Thanks,
John
20:48:10,089 INFO No card password specified.
20:48:10,587 WARN You have not specified ocsp.p11.p11password at build time. So you need to do a manual activation.
20:48:14,058 ERROR Unable to get alias ECC ocsp signing cert in file /opt/jboss-pecc/bin/keys/ocspsigner_ecc_2.p12.
java.security.InvalidKeyException: Supplied key (org.bouncycastle.jce.provider.JCEECPrivateKey) is not a RSAPrivateKey instance
at org.bouncycastle.jce.provider.JDKDigestSignature.engineInitSign(Unknown Source)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1095)
at java.security.Signature.initSign(Signature.java:480)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.signTest(OCSPServletStandAloneSession.java:294)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.access$3300(OCSPServletStandAloneSession.java:92)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession$SigningEntityContainer.loadFromKeyStore(OCSPServletStandAloneSession.java:1342)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession$SigningEntityContainer.loadFromSWKeyStore(OCSPServletStandAloneSession.java:1279)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession$SigningEntityContainer.loadPrivateKeys2(OCSPServletStandAloneSession.java:1159)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession$SigningEntityContainer.loadPrivateKeys(OCSPServletStandAloneSession.java:1105)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.loadPrivateKeys(OCSPServletStandAloneSession.java:1504)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.<init>(OCSPServletStandAloneSession.java:272)
at org.ejbca.ui.web.protocol.OCSPServletStandAlone.init(OCSPServletStandAlone.java:90)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1048)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:950)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4122)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4421)
at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
at $Proxy38.start(Unknown Source)
at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
at org.jboss.system.ServiceController.start(ServiceController.java:460)
at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70)
at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53)
at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:361)
at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
at org.jboss.system.server.profileservice.repository.AbstractProfileService.activateProfile(AbstractProfileService.java:306)
at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:271)
at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:461)
at org.jboss.Main.boot(Main.java:221)
at org.jboss.Main$1.run(Main.java:556)
at java.lang.Thread.run(Thread.java:619)
20:48:14,272 INFO Starting Coyote HTTP/1.1 on http-0.0.0.0-8380
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
It has nothing to do with bouncycastle. It is the EJBCA external OCSP responder that does not work with ECC, only the internal responder seems to support ECC. If you register an issue in the EJBCA Jira I'm sure we can fix that. It should be easily fixed actually.
Hi,
I set up an external ocsp responder. But when I used openssl to check a certificate status, I got the following error from server.log
2010-12-15 16:21:44,387 INFO (http-0.0.0.0-8380-1) Received OCSP request for certificate with serNo: 1a45f50ed6baf905, and issuerNameHash: bd655e1a206ff5fa23d122e51b0bb41c04f797c2. Client ip 127.0.0.1.
2010-12-15 16:21:44,588 INFO (http-0.0.0.0-8380-1) Adding status information (revoked) for certificate with serial '1a45f50ed6baf905' from issuer 'C=US,O=Test,CN=My Test Sub Root CA'.
2010-12-15 16:21:54,587 ERROR (http-0.0.0.0-8380-1) Error processing OCSP request. Message: No ocsp signing key for caid -782569590.
org.ejbca.core.model.ca.caadmin.extendedcaservices.ExtendedCAServiceNotActiveException: No ocsp signing key for caid -782569590
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.extendedService(OCSPServletStandAloneSession.java:1909)
at org.ejbca.ui.web.protocol.OCSPServletStandAlone.extendedService(OCSPServletStandAlone.java:145)
at org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:226)
at org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:854)
at org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:374)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:619)
I do not know what is wrong.
I put my Root CA's and Sub Root CA's certificate and my ocsp signer p12 file in the jboss/bin/keys directory.
The Root CA, Sub CA and ocsp signer certificate all use ECC and SHA384ECDSA.
I have set up external ocsp responders using RSA algorithm without any problem.
Please help!
Thanks,
John
Hi,
Your log is not from an external OCSP responder but directly from the CA.
it says:
2010-12-15 16:21:54,587 ERROR
(http-0.0.0.0-8380-1) Error processing OCSP request. Message: No ocsp signing
key for caid -782569590.
"ExtendedCAServiceNotActiveException" probalby mean that you did not "enable" the OCSP service in the CA configuration. The internal ocsp repsonder will not use any p12 file.
Cheers,
Tomas
PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact info@primekey.se for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
That is weired. I set the server as an external ocsp server.
I configured the ocsp.properties, database.properties and web.properties.
I did not configure the ejbca.properties. In the conf directory, all other files have .sample in their file name.
I used ant ocsp-deploy command to deploy the server.
Using exactly the same procedure, I built some other external ocsp servers. They all work fine.
The only difference is that this one uses ECC algorithm. Did I do something wrong?
Thanks,
John
Ah no sorry I was wrong. You simply don't have any key "No ocsp signing key for caid -782569590 ".
Why this is you can find earlier in your log, when the responder starts.
I do not understand this.
I tried my ocsp signing key in p12 format with and without CA certificate chain in it.
I got the same error message.
I also have my ca root and subroot's certificate in the same keys directory.
Why the server still complain "No ocsp signing key for caid -782569590"?
Which CA does it refer to? How can I find out the 782569590 id?
I never got these kind of error for RSA keys.
Thanks,
John
The responder loads keys during startup. So earlier in the log it will say what keys it loads and why anything fails.
Cheers,
Tomas
Tomas,
I found error message in my log. It looked like that the ECC was not support by the bouncycastle package.
How could I solve this problem? I already copied the bcmail-jdk15.jar, bcprov-jdk15.jar and bctsp-jdk15.jar
to the <jbosshome>/server/default/lib directory.
Thanks,
John
20:48:10,089 INFO No card password specified.
20:48:10,587 WARN You have not specified ocsp.p11.p11password at build time. So you need to do a manual activation.
20:48:14,058 ERROR Unable to get alias ECC ocsp signing cert in file /opt/jboss-pecc/bin/keys/ocspsigner_ecc_2.p12.
java.security.InvalidKeyException: Supplied key (org.bouncycastle.jce.provider.JCEECPrivateKey) is not a RSAPrivateKey instance
at org.bouncycastle.jce.provider.JDKDigestSignature.engineInitSign(Unknown Source)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1095)
at java.security.Signature.initSign(Signature.java:480)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.signTest(OCSPServletStandAloneSession.java:294)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.access$3300(OCSPServletStandAloneSession.java:92)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession$SigningEntityContainer.loadFromKeyStore(OCSPServletStandAloneSession.java:1342)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession$SigningEntityContainer.loadFromSWKeyStore(OCSPServletStandAloneSession.java:1279)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession$SigningEntityContainer.loadPrivateKeys2(OCSPServletStandAloneSession.java:1159)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession$SigningEntityContainer.loadPrivateKeys(OCSPServletStandAloneSession.java:1105)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.loadPrivateKeys(OCSPServletStandAloneSession.java:1504)
at org.ejbca.ui.web.protocol.OCSPServletStandAloneSession.<init>(OCSPServletStandAloneSession.java:272)
at org.ejbca.ui.web.protocol.OCSPServletStandAlone.init(OCSPServletStandAlone.java:90)
at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1048)
at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:950)
at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4122)
at org.apache.catalina.core.StandardContext.start(StandardContext.java:4421)
at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeployInternal(TomcatDeployment.java:310)
at org.jboss.web.tomcat.service.deployers.TomcatDeployment.performDeploy(TomcatDeployment.java:142)
at org.jboss.web.deployers.AbstractWarDeployment.start(AbstractWarDeployment.java:461)
at org.jboss.web.deployers.WebModule.startModule(WebModule.java:118)
at org.jboss.web.deployers.WebModule.start(WebModule.java:97)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.interceptor.ReflectedDispatcher.invoke(ReflectedDispatcher.java:157)
at org.jboss.mx.server.Invocation.dispatch(Invocation.java:96)
at org.jboss.mx.server.Invocation.invoke(Invocation.java:88)
at org.jboss.mx.server.AbstractMBeanInvoker.invoke(AbstractMBeanInvoker.java:264)
at org.jboss.mx.server.MBeanServerImpl.invoke(MBeanServerImpl.java:668)
at org.jboss.system.microcontainer.ServiceProxy.invoke(ServiceProxy.java:206)
at $Proxy38.start(Unknown Source)
at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:42)
at org.jboss.system.microcontainer.StartStopLifecycleAction.installAction(StartStopLifecycleAction.java:37)
at org.jboss.dependency.plugins.action.SimpleControllerContextAction.simpleInstallAction(SimpleControllerContextAction.java:62)
at org.jboss.dependency.plugins.action.AccessControllerContextAction.install(AccessControllerContextAction.java:71)
at org.jboss.dependency.plugins.AbstractControllerContextActions.install(AbstractControllerContextActions.java:51)
at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
at org.jboss.system.microcontainer.ServiceControllerContext.install(ServiceControllerContext.java:286)
at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
at org.jboss.system.ServiceController.doChange(ServiceController.java:688)
at org.jboss.system.ServiceController.start(ServiceController.java:460)
at org.jboss.system.deployers.ServiceDeployer.start(ServiceDeployer.java:163)
at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:99)
at org.jboss.system.deployers.ServiceDeployer.deploy(ServiceDeployer.java:46)
at org.jboss.deployers.spi.deployer.helpers.AbstractSimpleRealDeployer.internalDeploy(AbstractSimpleRealDeployer.java:62)
at org.jboss.deployers.spi.deployer.helpers.AbstractRealDeployer.deploy(AbstractRealDeployer.java:50)
at org.jboss.deployers.plugins.deployers.DeployerWrapper.deploy(DeployerWrapper.java:171)
at org.jboss.deployers.plugins.deployers.DeployersImpl.doDeploy(DeployersImpl.java:1439)
at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1157)
at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1178)
at org.jboss.deployers.plugins.deployers.DeployersImpl.doInstallParentFirst(DeployersImpl.java:1210)
at org.jboss.deployers.plugins.deployers.DeployersImpl.install(DeployersImpl.java:1098)
at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
at org.jboss.deployers.plugins.deployers.DeployersImpl.process(DeployersImpl.java:781)
at org.jboss.deployers.plugins.main.MainDeployerImpl.process(MainDeployerImpl.java:702)
at org.jboss.system.server.profileservice.repository.MainDeployerAdapter.process(MainDeployerAdapter.java:117)
at org.jboss.system.server.profileservice.repository.ProfileDeployAction.install(ProfileDeployAction.java:70)
at org.jboss.system.server.profileservice.repository.AbstractProfileAction.install(AbstractProfileAction.java:53)
at org.jboss.system.server.profileservice.repository.AbstractProfileService.install(AbstractProfileService.java:361)
at org.jboss.dependency.plugins.AbstractControllerContext.install(AbstractControllerContext.java:348)
at org.jboss.dependency.plugins.AbstractController.install(AbstractController.java:1631)
at org.jboss.dependency.plugins.AbstractController.incrementState(AbstractController.java:934)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:1082)
at org.jboss.dependency.plugins.AbstractController.resolveContexts(AbstractController.java:984)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:822)
at org.jboss.dependency.plugins.AbstractController.change(AbstractController.java:553)
at org.jboss.system.server.profileservice.repository.AbstractProfileService.activateProfile(AbstractProfileService.java:306)
at org.jboss.system.server.profileservice.ProfileServiceBootstrap.start(ProfileServiceBootstrap.java:271)
at org.jboss.bootstrap.AbstractServerImpl.start(AbstractServerImpl.java:461)
at org.jboss.Main.boot(Main.java:221)
at org.jboss.Main$1.run(Main.java:556)
at java.lang.Thread.run(Thread.java:619)
20:48:14,272 INFO Starting Coyote HTTP/1.1 on http-0.0.0.0-8380
It has nothing to do with bouncycastle. It is the EJBCA external OCSP responder that does not work with ECC, only the internal responder seems to support ECC. If you register an issue in the EJBCA Jira I'm sure we can fix that. It should be easily fixed actually.
Cheers,
Tomas
PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact info@primekey.se for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
OK. I will put a request in the jira.
Thanks,
John