You can subscribe to this list here.
2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(3) |
---|---|---|---|---|---|---|---|---|---|---|---|---|
2002 |
Jan
(3) |
Feb
(2) |
Mar
(8) |
Apr
(3) |
May
(6) |
Jun
(1) |
Jul
(15) |
Aug
(6) |
Sep
|
Oct
(10) |
Nov
(2) |
Dec
(4) |
2003 |
Jan
(1) |
Feb
(7) |
Mar
(3) |
Apr
(6) |
May
(7) |
Jun
(5) |
Jul
(5) |
Aug
(25) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
(2) |
2004 |
Jan
(7) |
Feb
(4) |
Mar
(12) |
Apr
(16) |
May
(43) |
Jun
(56) |
Jul
(43) |
Aug
(40) |
Sep
(66) |
Oct
(12) |
Nov
(26) |
Dec
(10) |
2005 |
Jan
(13) |
Feb
(33) |
Mar
(16) |
Apr
(7) |
May
(10) |
Jun
(34) |
Jul
(41) |
Aug
(8) |
Sep
(4) |
Oct
(32) |
Nov
(20) |
Dec
(25) |
2006 |
Jan
(30) |
Feb
(101) |
Mar
(5) |
Apr
(75) |
May
(74) |
Jun
(22) |
Jul
(6) |
Aug
(70) |
Sep
(19) |
Oct
(21) |
Nov
(31) |
Dec
(50) |
2007 |
Jan
(15) |
Feb
(20) |
Mar
(24) |
Apr
(33) |
May
(13) |
Jun
(18) |
Jul
(13) |
Aug
(7) |
Sep
(63) |
Oct
(68) |
Nov
(29) |
Dec
(68) |
2008 |
Jan
(30) |
Feb
(33) |
Mar
(30) |
Apr
(103) |
May
(78) |
Jun
(48) |
Jul
(72) |
Aug
(24) |
Sep
(62) |
Oct
(63) |
Nov
(70) |
Dec
(37) |
2009 |
Jan
(34) |
Feb
(35) |
Mar
(64) |
Apr
(34) |
May
(34) |
Jun
(58) |
Jul
(30) |
Aug
(30) |
Sep
(46) |
Oct
(52) |
Nov
(12) |
Dec
(23) |
2010 |
Jan
(121) |
Feb
(18) |
Mar
(53) |
Apr
(62) |
May
(62) |
Jun
(20) |
Jul
(33) |
Aug
(20) |
Sep
(36) |
Oct
(35) |
Nov
(44) |
Dec
(63) |
2011 |
Jan
(19) |
Feb
(32) |
Mar
(94) |
Apr
(41) |
May
(47) |
Jun
(25) |
Jul
(34) |
Aug
(20) |
Sep
(9) |
Oct
(41) |
Nov
(33) |
Dec
(24) |
2012 |
Jan
(12) |
Feb
(36) |
Mar
(48) |
Apr
(32) |
May
(20) |
Jun
(15) |
Jul
(32) |
Aug
(13) |
Sep
(33) |
Oct
(54) |
Nov
(25) |
Dec
(16) |
2013 |
Jan
(45) |
Feb
(39) |
Mar
(38) |
Apr
(50) |
May
(29) |
Jun
(30) |
Jul
(33) |
Aug
(12) |
Sep
(9) |
Oct
(25) |
Nov
(29) |
Dec
(20) |
2014 |
Jan
(25) |
Feb
(19) |
Mar
(16) |
Apr
(33) |
May
(27) |
Jun
(37) |
Jul
(29) |
Aug
(27) |
Sep
(37) |
Oct
(58) |
Nov
(109) |
Dec
(26) |
2015 |
Jan
(4) |
Feb
(35) |
Mar
(22) |
Apr
(35) |
May
(28) |
Jun
(20) |
Jul
(4) |
Aug
(16) |
Sep
(37) |
Oct
(13) |
Nov
(13) |
Dec
(14) |
2016 |
Jan
(22) |
Feb
(7) |
Mar
(23) |
Apr
(30) |
May
(10) |
Jun
(10) |
Jul
(15) |
Aug
(12) |
Sep
(22) |
Oct
(31) |
Nov
(5) |
Dec
(5) |
2017 |
Jan
(30) |
Feb
(25) |
Mar
(28) |
Apr
(4) |
May
(19) |
Jun
(13) |
Jul
(7) |
Aug
(1) |
Sep
(2) |
Oct
(5) |
Nov
(12) |
Dec
(2) |
2018 |
Jan
(7) |
Feb
|
Mar
(7) |
Apr
(2) |
May
(8) |
Jun
(18) |
Jul
(6) |
Aug
(3) |
Sep
(15) |
Oct
(33) |
Nov
(13) |
Dec
(7) |
2019 |
Jan
(5) |
Feb
(7) |
Mar
(30) |
Apr
(5) |
May
(4) |
Jun
(69) |
Jul
(86) |
Aug
(22) |
Sep
(6) |
Oct
(7) |
Nov
(5) |
Dec
(3) |
2020 |
Jan
(10) |
Feb
(12) |
Mar
(22) |
Apr
(5) |
May
(1) |
Jun
(4) |
Jul
(6) |
Aug
|
Sep
(9) |
Oct
|
Nov
|
Dec
(1) |
2021 |
Jan
(4) |
Feb
(11) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(3) |
Jul
(10) |
Aug
(6) |
Sep
|
Oct
|
Nov
(18) |
Dec
(2) |
2022 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
From: Moser B. <B....@co...> - 2020-06-22 07:27:02
|
Thanks Tomas. I had a look in to the ConfigDump Tool. It's a great idea to support YAML for DevOps purposes. I had a look into the comparison between ConfigDump and StateDump. I miss two more statements there: a) Is an import update/override with ConfigDump available? b) Is the ConfigDump feature complete in terms of ejbca-cli.sh feature and StateDump? With best regards, Benjamin Moser -----Ursprüngliche Nachricht----- Von: Tomas Gustavsson <to...@pr...> Gesendet: Montag, 22. Juni 2020 08:33 An: ejb...@li... Betreff: Re: [Ejbca-develop] Import of existing certificate profiles and end entity profiles Great question. Unfortunately the importrofiles command doesn't support such options. No-one thought about that back then. You have to work-around it by deleting old profiles in the database before. Regards, Tomas PS: I realize it's not helpful for you here, but EJBCA Enterprise comes with additional DevOps enabling tools. https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdoc.primekey.com%2Fejbca%2Fejbca-operations%2Fejbca-operations-guide%2Fconfigdump-tool&data=02%7C01%7Cb.moser%40commend.com%7Ce27ea33cc7b948eb58a408d816786fe1%7C13b1ddb756454e7fbe663171548559da%7C0%7C0%7C637284053821520410&sdata=2WLDTOk5Pfxa3AztsGE3ogt4y6LMHpoc3i%2BF%2BF9cN6g%3D&reserved=0 On 2020-06-18 19:31, Moser Benjamin wrote: > Hi, > I wonder how to use the EJBCA CLI to automatically deploy the profiles > from a testing stage to production stage. The testing stage should be > the source of all profiles. I import the production stage as an > external CA with the X.509 certificate. The setup and test the > profiles with CA restrictions. When they are released the should be > saved to GIT and deployed to production stage. The issue which I > struggle with is that the CLI doesn't support an profile import which > makes an in place update of existing profiles. The problem do I have, > when I want to delete and reimport the profiles. There > > a) Is there a straight forward way to do this right? > b) Is there a CLI option to delete existing profiles? > c) Is there a CLI option to override or replace the existing profile, if the use the same profiles IDs? > > > $EjbcaCli ca importprofiles -d /tmp/import-profile > > Allow external re-configuration: false Importing certificate and end > entity profiles: > Filename: > certprofile_Client+Software+Certificate+Profile-620212500.xml > Error: Certificate profile 'Client Software Certificate Profile' already exist in database. > Filename: > entityprofile_Client+Software+End+Entity+Profile-1212530272.xml > Entity profile 'Client Software End Entity Profile' already exist in database. > > Thanks for help in advance, Benja > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.sourceforge.net%2Flists%2Flistinfo%2Fejbca-develop&data=02%7C01% > 7Cb.moser%40commend.com%7Ce27ea33cc7b948eb58a408d816786fe1%7C13b1ddb75 > 6454e7fbe663171548559da%7C0%7C0%7C637284053821520410&sdata=cO0V35V > OubN6TeJPRdwbOrjqw9vj43kP%2FGtJCNkDXKo%3D&reserved=0 > _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fejbca-develop&data=02%7C01%7Cb.moser%40commend.com%7Ce27ea33cc7b948eb58a408d816786fe1%7C13b1ddb756454e7fbe663171548559da%7C0%7C0%7C637284053821520410&sdata=cO0V35VOubN6TeJPRdwbOrjqw9vj43kP%2FGtJCNkDXKo%3D&reserved=0 |
From: Tomas G. <to...@pr...> - 2020-06-22 06:48:55
|
Great question. Unfortunately the importrofiles command doesn't support such options. No-one thought about that back then. You have to work-around it by deleting old profiles in the database before. Regards, Tomas PS: I realize it's not helpful for you here, but EJBCA Enterprise comes with additional DevOps enabling tools. https://doc.primekey.com/ejbca/ejbca-operations/ejbca-operations-guide/configdump-tool On 2020-06-18 19:31, Moser Benjamin wrote: > Hi, > I wonder how to use the EJBCA CLI to automatically deploy the profiles from a testing stage to production stage. The testing stage should be the source of all profiles. I import the production stage as an external CA with the X.509 certificate. The setup and test the profiles with CA restrictions. When they are released the should be saved to GIT and deployed to production stage. The issue which I struggle with is that the CLI doesn't support an profile import which makes an in place update of existing profiles. The problem do I have, when I want to delete and reimport the profiles. There > > a) Is there a straight forward way to do this right? > b) Is there a CLI option to delete existing profiles? > c) Is there a CLI option to override or replace the existing profile, if the use the same profiles IDs? > > > $EjbcaCli ca importprofiles -d /tmp/import-profile > > Allow external re-configuration: false > Importing certificate and end entity profiles: > Filename: certprofile_Client+Software+Certificate+Profile-620212500.xml > Error: Certificate profile 'Client Software Certificate Profile' already exist in database. > Filename: entityprofile_Client+Software+End+Entity+Profile-1212530272.xml > Entity profile 'Client Software End Entity Profile' already exist in database. > > Thanks for help in advance, Benja > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Moser B. <B....@co...> - 2020-06-18 22:05:01
|
Hi, I wonder how to use the EJBCA CLI to automatically deploy the profiles from a testing stage to production stage. The testing stage should be the source of all profiles. I import the production stage as an external CA with the X.509 certificate. The setup and test the profiles with CA restrictions. When they are released the should be saved to GIT and deployed to production stage. The issue which I struggle with is that the CLI doesn't support an profile import which makes an in place update of existing profiles. The problem do I have, when I want to delete and reimport the profiles. There a) Is there a straight forward way to do this right? b) Is there a CLI option to delete existing profiles? c) Is there a CLI option to override or replace the existing profile, if the use the same profiles IDs? $EjbcaCli ca importprofiles -d /tmp/import-profile Allow external re-configuration: false Importing certificate and end entity profiles: Filename: certprofile_Client+Software+Certificate+Profile-620212500.xml Error: Certificate profile 'Client Software Certificate Profile' already exist in database. Filename: entityprofile_Client+Software+End+Entity+Profile-1212530272.xml Entity profile 'Client Software End Entity Profile' already exist in database. Thanks for help in advance, Benja |
From: Tomas G. <to...@pr...> - 2020-05-04 05:22:14
|
You need to specify which slot on the HSM should be use. See the docs and examples for slotLabelType and slotLabelValue. https://doc.primekey.com/ejbca6152/ejbca-integration/hardware-security-modules-hsm#HardwareSecurityModules(HSM)-nCipher_nShield/netHSMnCiphernShield/netHSM Regards, Tomas --- Save time and money with an Enterprise support subscription. Please see www.primekey.com for more information. https://www.primekey.com/products/software/ On 2020-04-30 17:48, Randy Yu wrote: > Thanks Tomas, > > Going by the guide, do you know if there are properties outside of what is outlined in the example? > > defaultKey subDefault > certSignKey subSign > crlSignKey subSign > testKey subTest > pin foo123 > sharedLibrary /opt/nfast/toolkits/pkcs11/libcknfast.so > > -----Original Message----- > From: Tomas Gustavsson <to...@pr...> > Sent: Wednesday, April 29, 2020 8:25 AM > To: ejb...@li... > Subject: Re: [Ejbca-develop] EJBCA 6.10 - Importing hard token CA > > [CAUTION: EXTERNAL MAIL. DO NOT CLICK ON LINKS OR OPEN ATTACHMENTS YOU DO NOT TRUST.] > > > > > Hi Randy, > > I think there is some issue with your subca.properties file. Some element missing for example. > > Regards, > Tomas > > On 2020-04-29 04:46, Randy Yu wrote: >> Hello, >> >> >> >> I'm seeing an issue when attempting to import a hard token >> certificate, after exporting from the HSM. The command is run, and >> the EJBCA CLI indicates the associated crypto token is offline, but >> the GUI shows the crypto token as active. Here is the CLI output and >> log output. EJBCA version is 6.10. >> >> >> >> bin/ejbca.sh ca importca --caname <CANAME> --hard --cp >> org.cesecore.keys.token.PKCS11CryptoToken --ctpassword <PASSWORD> >> --cert CANAME_cert --prop subca.properties --verbose >> >> SETTING: --caname as <CANAME> >> >> SETTING: --cp as org.cesecore.keys.token.PKCS11CryptoToken >> >> SETTING: --ctpassword as <PASSWORD> >> >> SETTING: --cert as CANAME_cert >> >> SETTING: --prop as subca.properties >> >> Importing hard token. >> >> Crypto Token was offline. >> >> >> >> 02:37:44,919 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] >> (default >> task-26) 2020-04-29 >> 02:37:44+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;ejbca;;;;reso >> urce0=/cryptotoken/modify >> >> 02:37:45,075 ERROR [org.cesecore.keys.token.CryptoTokenFactory] >> (default >> task-26) Error initializing Crypto Token. >> Classpath=org.cesecore.keys.token.PKCS11CryptoToken: >> java.lang.NullPointerException >> >> at >> org.cesecore.keys.token.p11.P11Slot.getInstance(P11Slot.java:159) >> >> at >> org.cesecore.keys.token.PKCS11CryptoToken.init(PKCS11CryptoToken.java: >> 107) >> >> at >> org.cesecore.keys.token.CryptoTokenFactory.createCryptoToken(CryptoTok >> enFactory.java:177) >> >> at >> org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoT >> oken(CryptoTokenManagementSessionBean.java:151) >> >> at >> org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoT >> oken(CryptoTokenManagementSessionBean.java:193) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j >> ava:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess >> orImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInv >> ocation(ManagedReferenceMethodInterceptor.java:52) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor >> Context.java:437) >> >> at >> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(J >> sr299BindingsInterceptor.java:82) >> >> at >> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr2 >> 99BindingsInterceptor.java:93) >> >> at >> org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.proces >> sInvocation(UserInterceptorFactory.java:63) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor >> .processInvocation(ExecutionTimeInterceptor.java:43) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation >> (SBInvocationInterceptor.java:47) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor >> Context.java:437) >> >> at >> org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.around >> Invoke(AbstractEJBRequestScopeActivationInterceptor.java:64) >> >> at >> org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvo >> cation(EjbRequestScopeActivationInterceptor.java:83) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocat >> ion(ConcurrentContextInterceptor.java:45) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InitialInterceptor.processInvocation(InitialInter >> ceptor.java:21) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter >> ceptor.java:61) >> >> at >> org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor. >> processInvocation(ComponentDispatcherInterceptor.java:52) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvo >> cation(PooledInstanceInterceptor.java:51) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInCallerTx(CMTTxIntercepto >> r.java:254) >> >> at >> org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:3 >> 29) >> >> at >> org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxIntercept >> or.java:239) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInter >> ceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.proc >> essInvocation(WaitTimeInterceptor.java:47) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocatio >> n(SecurityContextInterceptor.java:100) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.proces >> sInvocation(StartupAwaitInterceptor.java:22) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1. >> processInvocation(ShutDownInterceptorFactory.java:64) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInv >> ocation(LoggingInterceptor.java:67) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocatio >> n(NamespaceContextInterceptor.java:50) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.pr >> ocessInvocation(AdditionalSetupInterceptor.java:54) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(C >> ontextClassLoaderInterceptor.java:64) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:35 >> 6) >> >> at >> org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlyS >> ecurityManager.java:636) >> >> at >> org.jboss.invocation.AccessCheckingInterceptor.processInvocation(Acces >> sCheckingInterceptor.java:61) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:35 >> 6) >> >> at >> org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocati >> on(PrivilegedWithCombinerInterceptor.java:80) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter >> ceptor.java:61) >> >> at >> org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198 >> ) >> >> at >> org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDesc >> ription.java:185) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter >> ceptor.java:61) >> >> at >> org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocatio >> nHandler.java:73) >> >> at >> org.cesecore.keys.token.CryptoTokenManagementSessionLocal$$$view34.cre >> ateCryptoToken(Unknown >> Source) >> >> at >> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCryptoTokenWith >> UniqueName(CAAdminSessionBean.java:2675) >> >> at >> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.importCAFromHSM(CAAdm >> inSessionBean.java:2627) >> >> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) >> >> at >> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j >> ava:62) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess >> orImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInv >> ocation(ManagedReferenceMethodInterceptor.java:52) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor >> Context.java:437) >> >> at >> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(J >> sr299BindingsInterceptor.java:82) >> >> at >> org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr2 >> 99BindingsInterceptor.java:93) >> >> at >> org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.proces >> sInvocation(UserInterceptorFactory.java:63) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor >> Context.java:437) >> >> at >> org.ejbca.core.ejb.ProfileAndTraceInterceptor.logger(ProfileAndTraceIn >> terceptor.java:51) >> >> at sun.reflect.GeneratedMethodAccessor98.invoke(Unknown >> Source) >> >> at >> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess >> orImpl.java:43) >> >> at java.lang.reflect.Method.invoke(Method.java:498) >> >> at >> org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.p >> rocessInvocation(ManagedReferenceLifecycleMethodInterceptor.java:89) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor >> .processInvocation(ExecutionTimeInterceptor.java:43) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation >> (SBInvocationInterceptor.java:47) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor >> Context.java:437) >> >> at >> org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.around >> Invoke(AbstractEJBRequestScopeActivationInterceptor.java:73) >> >> at >> org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvo >> cation(EjbRequestScopeActivationInterceptor.java:83) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocat >> ion(ConcurrentContextInterceptor.java:45) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InitialInterceptor.processInvocation(InitialInter >> ceptor.java:21) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter >> ceptor.java:61) >> >> at >> org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor. >> processInvocation(ComponentDispatcherInterceptor.java:52) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvo >> cation(PooledInstanceInterceptor.java:51) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.j >> ava:275) >> >> at >> org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:3 >> 27) >> >> at >> org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxIntercept >> or.java:239) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.pr >> ocessInvocation(EJBRemoteTransactionPropagatingInterceptor.java:79) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInter >> ceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.proc >> essInvocation(WaitTimeInterceptor.java:47) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocatio >> n(SecurityContextInterceptor.java:100) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.proces >> sInvocation(StartupAwaitInterceptor.java:22) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1. >> processInvocation(ShutDownInterceptorFactory.java:64) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processI >> nvocation(EjbSuspendInterceptor.java:53) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInv >> ocation(LoggingInterceptor.java:67) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocatio >> n(NamespaceContextInterceptor.java:50) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.pr >> ocessInvocation(AdditionalSetupInterceptor.java:54) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(C >> ontextClassLoaderInterceptor.java:64) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:35 >> 6) >> >> at >> org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlyS >> ecurityManager.java:636) >> >> at >> org.jboss.invocation.AccessCheckingInterceptor.processInvocation(Acces >> sCheckingInterceptor.java:61) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:35 >> 6) >> >> at >> org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocati >> on(PrivilegedWithCombinerInterceptor.java:80) >> >> at >> org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav >> a:340) >> >> at >> org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter >> ceptor.java:61) >> >> at >> org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198 >> ) >> >> at >> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHa >> ndler.invokeMethod(MethodInvocationMessageHandler.java:328) >> >> at >> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHa >> ndler.access$100(MethodInvocationMessageHandler.java:67) >> >> at >> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHa >> ndler$1.run(MethodInvocationMessageHandler.java:201) >> >> at >> org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHa >> ndler.processMessage(MethodInvocationMessageHandler.java:263) >> >> at >> org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannel >> Receiver.processMessage(VersionOneProtocolChannelReceiver.java:213) >> >> at >> org.jboss.as.ejb3.remote.protocol.versiontwo.VersionTwoProtocolChannel >> Receiver.processMessage(VersionTwoProtocolChannelReceiver.java:76) >> >> at >> org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannel >> Receiver.handleMessage(VersionOneProtocolChannelReceiver.java:159) >> >> at >> org.jboss.remoting3.remote.RemoteConnectionChannel$5.run(RemoteConnect >> ionChannel.java:456) >> >> at >> org.jboss.remoting3.EndpointImpl$TrackingExecutor$1.run(EndpointImpl.j >> ava:731) >> >> at >> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j >> ava:1149) >> >> at >> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. >> java:624) >> >> at java.lang.Thread.run(Thread.java:748) >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist >> s.sourceforge.net%2Flists%2Flistinfo%2Fejbca-develop&data=02%7C01% >> 7Cyu%40echoworx.com%7Cda82831dd69f47fa402b08d7ec38709a%7C0445f7885dae4 >> 68ba264cf3ab42eb2d6%7C0%7C0%7C637237599470994650&sdata=JXwSedd7Yo0 >> JlX2XmjB%2FlrIVBvdOzzFdld8UM%2BOYSiM%3D&reserved=0 >> > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fejbca-develop&data=02%7C01%7Cyu%40echoworx.com%7Cda82831dd69f47fa402b08d7ec38709a%7C0445f7885dae468ba264cf3ab42eb2d6%7C0%7C0%7C637237599470994650&sdata=JXwSedd7Yo0JlX2XmjB%2FlrIVBvdOzzFdld8UM%2BOYSiM%3D&reserved=0 > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Randy Yu <yu...@ec...> - 2020-04-30 16:03:52
|
Thanks Tomas, Going by the guide, do you know if there are properties outside of what is outlined in the example? defaultKey subDefault certSignKey subSign crlSignKey subSign testKey subTest pin foo123 sharedLibrary /opt/nfast/toolkits/pkcs11/libcknfast.so -----Original Message----- From: Tomas Gustavsson <to...@pr...> Sent: Wednesday, April 29, 2020 8:25 AM To: ejb...@li... Subject: Re: [Ejbca-develop] EJBCA 6.10 - Importing hard token CA [CAUTION: EXTERNAL MAIL. DO NOT CLICK ON LINKS OR OPEN ATTACHMENTS YOU DO NOT TRUST.] Hi Randy, I think there is some issue with your subca.properties file. Some element missing for example. Regards, Tomas On 2020-04-29 04:46, Randy Yu wrote: > Hello, > > > > I'm seeing an issue when attempting to import a hard token > certificate, after exporting from the HSM. The command is run, and > the EJBCA CLI indicates the associated crypto token is offline, but > the GUI shows the crypto token as active. Here is the CLI output and > log output. EJBCA version is 6.10. > > > > bin/ejbca.sh ca importca --caname <CANAME> --hard --cp > org.cesecore.keys.token.PKCS11CryptoToken --ctpassword <PASSWORD> > --cert CANAME_cert --prop subca.properties --verbose > > SETTING: --caname as <CANAME> > > SETTING: --cp as org.cesecore.keys.token.PKCS11CryptoToken > > SETTING: --ctpassword as <PASSWORD> > > SETTING: --cert as CANAME_cert > > SETTING: --prop as subca.properties > > Importing hard token. > > Crypto Token was offline. > > > > 02:37:44,919 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] > (default > task-26) 2020-04-29 > 02:37:44+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;ejbca;;;;reso > urce0=/cryptotoken/modify > > 02:37:45,075 ERROR [org.cesecore.keys.token.CryptoTokenFactory] > (default > task-26) Error initializing Crypto Token. > Classpath=org.cesecore.keys.token.PKCS11CryptoToken: > java.lang.NullPointerException > > at > org.cesecore.keys.token.p11.P11Slot.getInstance(P11Slot.java:159) > > at > org.cesecore.keys.token.PKCS11CryptoToken.init(PKCS11CryptoToken.java: > 107) > > at > org.cesecore.keys.token.CryptoTokenFactory.createCryptoToken(CryptoTok > enFactory.java:177) > > at > org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoT > oken(CryptoTokenManagementSessionBean.java:151) > > at > org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoT > oken(CryptoTokenManagementSessionBean.java:193) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j > ava:62) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess > orImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInv > ocation(ManagedReferenceMethodInterceptor.java:52) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor > Context.java:437) > > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(J > sr299BindingsInterceptor.java:82) > > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr2 > 99BindingsInterceptor.java:93) > > at > org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.proces > sInvocation(UserInterceptorFactory.java:63) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor > .processInvocation(ExecutionTimeInterceptor.java:43) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation > (SBInvocationInterceptor.java:47) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor > Context.java:437) > > at > org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.around > Invoke(AbstractEJBRequestScopeActivationInterceptor.java:64) > > at > org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvo > cation(EjbRequestScopeActivationInterceptor.java:83) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocat > ion(ConcurrentContextInterceptor.java:45) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InitialInterceptor.processInvocation(InitialInter > ceptor.java:21) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter > ceptor.java:61) > > at > org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor. > processInvocation(ComponentDispatcherInterceptor.java:52) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvo > cation(PooledInstanceInterceptor.java:51) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInCallerTx(CMTTxIntercepto > r.java:254) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:3 > 29) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxIntercept > or.java:239) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInter > ceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.proc > essInvocation(WaitTimeInterceptor.java:47) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocatio > n(SecurityContextInterceptor.java:100) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.proces > sInvocation(StartupAwaitInterceptor.java:22) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1. > processInvocation(ShutDownInterceptorFactory.java:64) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInv > ocation(LoggingInterceptor.java:67) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocatio > n(NamespaceContextInterceptor.java:50) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.pr > ocessInvocation(AdditionalSetupInterceptor.java:54) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(C > ontextClassLoaderInterceptor.java:64) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:35 > 6) > > at > org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlyS > ecurityManager.java:636) > > at > org.jboss.invocation.AccessCheckingInterceptor.processInvocation(Acces > sCheckingInterceptor.java:61) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:35 > 6) > > at > org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocati > on(PrivilegedWithCombinerInterceptor.java:80) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter > ceptor.java:61) > > at > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198 > ) > > at > org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDesc > ription.java:185) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter > ceptor.java:61) > > at > org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocatio > nHandler.java:73) > > at > org.cesecore.keys.token.CryptoTokenManagementSessionLocal$$$view34.cre > ateCryptoToken(Unknown > Source) > > at > org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCryptoTokenWith > UniqueName(CAAdminSessionBean.java:2675) > > at > org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.importCAFromHSM(CAAdm > inSessionBean.java:2627) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j > ava:62) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess > orImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInv > ocation(ManagedReferenceMethodInterceptor.java:52) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor > Context.java:437) > > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(J > sr299BindingsInterceptor.java:82) > > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr2 > 99BindingsInterceptor.java:93) > > at > org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.proces > sInvocation(UserInterceptorFactory.java:63) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor > Context.java:437) > > at > org.ejbca.core.ejb.ProfileAndTraceInterceptor.logger(ProfileAndTraceIn > terceptor.java:51) > > at sun.reflect.GeneratedMethodAccessor98.invoke(Unknown > Source) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess > orImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.p > rocessInvocation(ManagedReferenceLifecycleMethodInterceptor.java:89) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor > .processInvocation(ExecutionTimeInterceptor.java:43) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation > (SBInvocationInterceptor.java:47) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(Interceptor > Context.java:437) > > at > org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.around > Invoke(AbstractEJBRequestScopeActivationInterceptor.java:73) > > at > org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvo > cation(EjbRequestScopeActivationInterceptor.java:83) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocat > ion(ConcurrentContextInterceptor.java:45) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InitialInterceptor.processInvocation(InitialInter > ceptor.java:21) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter > ceptor.java:61) > > at > org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor. > processInvocation(ComponentDispatcherInterceptor.java:52) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvo > cation(PooledInstanceInterceptor.java:51) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.j > ava:275) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:3 > 27) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxIntercept > or.java:239) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.pr > ocessInvocation(EJBRemoteTransactionPropagatingInterceptor.java:79) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInter > ceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.proc > essInvocation(WaitTimeInterceptor.java:47) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocatio > n(SecurityContextInterceptor.java:100) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.proces > sInvocation(StartupAwaitInterceptor.java:22) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1. > processInvocation(ShutDownInterceptorFactory.java:64) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processI > nvocation(EjbSuspendInterceptor.java:53) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInv > ocation(LoggingInterceptor.java:67) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocatio > n(NamespaceContextInterceptor.java:50) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.pr > ocessInvocation(AdditionalSetupInterceptor.java:54) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(C > ontextClassLoaderInterceptor.java:64) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:35 > 6) > > at > org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlyS > ecurityManager.java:636) > > at > org.jboss.invocation.AccessCheckingInterceptor.processInvocation(Acces > sCheckingInterceptor.java:61) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:35 > 6) > > at > org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocati > on(PrivilegedWithCombinerInterceptor.java:80) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.jav > a:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInter > ceptor.java:61) > > at > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198 > ) > > at > org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHa > ndler.invokeMethod(MethodInvocationMessageHandler.java:328) > > at > org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHa > ndler.access$100(MethodInvocationMessageHandler.java:67) > > at > org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHa > ndler$1.run(MethodInvocationMessageHandler.java:201) > > at > org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHa > ndler.processMessage(MethodInvocationMessageHandler.java:263) > > at > org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannel > Receiver.processMessage(VersionOneProtocolChannelReceiver.java:213) > > at > org.jboss.as.ejb3.remote.protocol.versiontwo.VersionTwoProtocolChannel > Receiver.processMessage(VersionTwoProtocolChannelReceiver.java:76) > > at > org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannel > Receiver.handleMessage(VersionOneProtocolChannelReceiver.java:159) > > at > org.jboss.remoting3.remote.RemoteConnectionChannel$5.run(RemoteConnect > ionChannel.java:456) > > at > org.jboss.remoting3.EndpointImpl$TrackingExecutor$1.run(EndpointImpl.j > ava:731) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.j > ava:1149) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor. > java:624) > > at java.lang.Thread.run(Thread.java:748) > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flist > s.sourceforge.net%2Flists%2Flistinfo%2Fejbca-develop&data=02%7C01% > 7Cyu%40echoworx.com%7Cda82831dd69f47fa402b08d7ec38709a%7C0445f7885dae4 > 68ba264cf3ab42eb2d6%7C0%7C0%7C637237599470994650&sdata=JXwSedd7Yo0 > JlX2XmjB%2FlrIVBvdOzzFdld8UM%2BOYSiM%3D&reserved=0 > _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://can01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.sourceforge.net%2Flists%2Flistinfo%2Fejbca-develop&data=02%7C01%7Cyu%40echoworx.com%7Cda82831dd69f47fa402b08d7ec38709a%7C0445f7885dae468ba264cf3ab42eb2d6%7C0%7C0%7C637237599470994650&sdata=JXwSedd7Yo0JlX2XmjB%2FlrIVBvdOzzFdld8UM%2BOYSiM%3D&reserved=0 |
From: Tomas G. <to...@pr...> - 2020-04-29 12:25:02
|
Hi Randy, I think there is some issue with your subca.properties file. Some element missing for example. Regards, Tomas On 2020-04-29 04:46, Randy Yu wrote: > Hello, > > > > I’m seeing an issue when attempting to import a hard token certificate, > after exporting from the HSM. The command is run, and the EJBCA CLI > indicates the associated crypto token is offline, but the GUI shows the > crypto token as active. Here is the CLI output and log output. EJBCA > version is 6.10. > > > > bin/ejbca.sh ca importca --caname <CANAME> --hard --cp > org.cesecore.keys.token.PKCS11CryptoToken --ctpassword <PASSWORD> --cert > CANAME_cert --prop subca.properties --verbose > > SETTING: --caname as <CANAME> > > SETTING: --cp as org.cesecore.keys.token.PKCS11CryptoToken > > SETTING: --ctpassword as <PASSWORD> > > SETTING: --cert as CANAME_cert > > SETTING: --prop as subca.properties > > Importing hard token. > > Crypto Token was offline. > > > > 02:37:44,919 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default > task-26) 2020-04-29 > 02:37:44+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;ejbca;;;;resource0=/cryptotoken/modify > > 02:37:45,075 ERROR [org.cesecore.keys.token.CryptoTokenFactory] (default > task-26) Error initializing Crypto Token. > Classpath=org.cesecore.keys.token.PKCS11CryptoToken: > java.lang.NullPointerException > > at org.cesecore.keys.token.p11.P11Slot.getInstance(P11Slot.java:159) > > at > org.cesecore.keys.token.PKCS11CryptoToken.init(PKCS11CryptoToken.java:107) > > at > org.cesecore.keys.token.CryptoTokenFactory.createCryptoToken(CryptoTokenFactory.java:177) > > at > org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoToken(CryptoTokenManagementSessionBean.java:151) > > at > org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoToken(CryptoTokenManagementSessionBean.java:193) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82) > > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93) > > at > org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > > at > org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:64) > > at > org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > > at > org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInCallerTx(CMTTxInterceptor.java:254) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:329) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:239) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) > > at > org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636) > > at > org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) > > at > org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > > at > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198) > > at > org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > > at > org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73) > > at > org.cesecore.keys.token.CryptoTokenManagementSessionLocal$$$view34.createCryptoToken(Unknown > Source) > > at > org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCryptoTokenWithUniqueName(CAAdminSessionBean.java:2675) > > at > org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.importCAFromHSM(CAAdminSessionBean.java:2627) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82) > > at > org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93) > > at > org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > > at > org.ejbca.core.ejb.ProfileAndTraceInterceptor.logger(ProfileAndTraceInterceptor.java:51) > > at sun.reflect.GeneratedMethodAccessor98.invoke(Unknown Source) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:498) > > at > org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:89) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) > > at > org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73) > > at > org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > > at > org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:327) > > at > org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:239) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:79) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:53) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) > > at > org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636) > > at > org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) > > at > org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80) > > at > org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) > > at > org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) > > at > org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198) > > at > org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:328) > > at > org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:67) > > at > org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:201) > > at > org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.processMessage(MethodInvocationMessageHandler.java:263) > > at > org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannelReceiver.processMessage(VersionOneProtocolChannelReceiver.java:213) > > at > org.jboss.as.ejb3.remote.protocol.versiontwo.VersionTwoProtocolChannelReceiver.processMessage(VersionTwoProtocolChannelReceiver.java:76) > > at > org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannelReceiver.handleMessage(VersionOneProtocolChannelReceiver.java:159) > > at > org.jboss.remoting3.remote.RemoteConnectionChannel$5.run(RemoteConnectionChannel.java:456) > > at > org.jboss.remoting3.EndpointImpl$TrackingExecutor$1.run(EndpointImpl.java:731) > > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) > > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) > > at java.lang.Thread.run(Thread.java:748) > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Randy Yu <yu...@ec...> - 2020-04-29 03:12:42
|
Hello, I'm seeing an issue when attempting to import a hard token certificate, after exporting from the HSM. The command is run, and the EJBCA CLI indicates the associated crypto token is offline, but the GUI shows the crypto token as active. Here is the CLI output and log output. EJBCA version is 6.10. bin/ejbca.sh ca importca --caname <CANAME> --hard --cp org.cesecore.keys.token.PKCS11CryptoToken --ctpassword <PASSWORD> --cert CANAME_cert --prop subca.properties --verbose SETTING: --caname as <CANAME> SETTING: --cp as org.cesecore.keys.token.PKCS11CryptoToken SETTING: --ctpassword as <PASSWORD> SETTING: --cert as CANAME_cert SETTING: --prop as subca.properties Importing hard token. Crypto Token was offline. 02:37:44,919 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-26) 2020-04-29 02:37:44+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;ejbca;;;;resource0=/cryptotoken/modify 02:37:45,075 ERROR [org.cesecore.keys.token.CryptoTokenFactory] (default task-26) Error initializing Crypto Token. Classpath=org.cesecore.keys.token.PKCS11CryptoToken: java.lang.NullPointerException at org.cesecore.keys.token.p11.P11Slot.getInstance(P11Slot.java:159) at org.cesecore.keys.token.PKCS11CryptoToken.init(PKCS11CryptoToken.java:107) at org.cesecore.keys.token.CryptoTokenFactory.createCryptoToken(CryptoTokenFactory.java:177) at org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoToken(CryptoTokenManagementSessionBean.java:151) at org.cesecore.keys.token.CryptoTokenManagementSessionBean.createCryptoToken(CryptoTokenManagementSessionBean.java:193) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82) at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93) at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:64) at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInCallerTx(CMTTxInterceptor.java:254) at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:329) at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:239) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636) at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198) at org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:185) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:73) at org.cesecore.keys.token.CryptoTokenManagementSessionLocal$$$view34.createCryptoToken(Unknown Source) at org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCryptoTokenWithUniqueName(CAAdminSessionBean.java:2675) at org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.importCAFromHSM(CAAdminSessionBean.java:2627) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:82) at org.jboss.as.weld.ejb.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:93) at org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) at org.ejbca.core.ejb.ProfileAndTraceInterceptor.logger(ProfileAndTraceInterceptor.java:51) at sun.reflect.GeneratedMethodAccessor98.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:89) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:437) at org.jboss.weld.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:73) at org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:83) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:21) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:275) at org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:327) at org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:239) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.remote.EJBRemoteTransactionPropagatingInterceptor.processInvocation(EJBRemoteTransactionPropagatingInterceptor.java:79) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.deployment.processors.EjbSuspendInterceptor.processInvocation(EjbSuspendInterceptor.java:53) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:64) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) at org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:636) at org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:61) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:356) at org.jboss.invocation.PrivilegedWithCombinerInterceptor.processInvocation(PrivilegedWithCombinerInterceptor.java:80) at org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:340) at org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:61) at org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198) at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.invokeMethod(MethodInvocationMessageHandler.java:328) at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.access$100(MethodInvocationMessageHandler.java:67) at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler$1.run(MethodInvocationMessageHandler.java:201) at org.jboss.as.ejb3.remote.protocol.versionone.MethodInvocationMessageHandler.processMessage(MethodInvocationMessageHandler.java:263) at org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannelReceiver.processMessage(VersionOneProtocolChannelReceiver.java:213) at org.jboss.as.ejb3.remote.protocol.versiontwo.VersionTwoProtocolChannelReceiver.processMessage(VersionTwoProtocolChannelReceiver.java:76) at org.jboss.as.ejb3.remote.protocol.versionone.VersionOneProtocolChannelReceiver.handleMessage(VersionOneProtocolChannelReceiver.java:159) at org.jboss.remoting3.remote.RemoteConnectionChannel$5.run(RemoteConnectionChannel.java:456) at org.jboss.remoting3.EndpointImpl$TrackingExecutor$1.run(EndpointImpl.java:731) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at java.lang.Thread.run(Thread.java:748) |
From: Tomas G. <to...@pr...> - 2020-04-06 05:24:30
|
Nice. Since you mention in the security considerations in the readme file that you should set up a proxy server in front of EJBCA, you may be interested in the deployment examples we have made, with ingress, external database, kubernetes. Feel free to link there if you think it's useful for other users. Regards, Tomas On 2020-04-05 22:03, Christian Felsing via Ejbca-develop wrote: > Hello, > > some of you are knowing ejbca-setup script to build EJBCA-CE from > scratch. Development on this script was abandoned, but there is a successor: > > https://github.com/ip6li/ejbca-docker > > It builds ejbca_6_15_2_5 / Wildfly 14.0.1 on Centos8. > > best regards > Christian > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Christian F. <pu...@fe...> - 2020-04-05 20:20:52
|
Hello, some of you are knowing ejbca-setup script to build EJBCA-CE from scratch. Development on this script was abandoned, but there is a successor: https://github.com/ip6li/ejbca-docker It builds ejbca_6_15_2_5 / Wildfly 14.0.1 on Centos8. best regards Christian |
From: Tomas G. <to...@pr...> - 2020-03-15 14:38:10
|
Great that it worked! /Tomas On 2020-03-13 18:37, Michael Yatsko wrote: > Hi Tomas, > > I launched a new instance of the primekey/ejbca instance and it worked. > Thank you for your help. > > Michael > > On Fri, Mar 13, 2020 at 9:29 AM Michael Yatsko > <mic...@ke... <mailto:mic...@ke...>> wrote: > > Hi Tomas, > > It works for the FAA Test Root CA as you described above, but I > couldn't get it to work for the FAA Test NPE CA. Could you import > the FAA Test NPE CA? > > Thanks, > Michael > > On Fri, Mar 13, 2020 at 8:13 AM Tomas Gustavsson <to...@pr... > <mailto:to...@pr...>> wrote: > > > I tested on the container and it works for me. > > Certification Authorities->Import CA Keystore > Name: FAA Test Root CA > Upload p12 file > Keystore password: key1 > Alias of signature key: FAA Test Root CA > Alias of encryption key: empty > As it says: (optional: if not given, the key will be generated) > > Click import CA keystore and a CA is created. > > What difference did you make? > > Cheers, > Tomas > > On 2020-03-13 14:22, Michael Yatsko wrote: > > Please note that I've tried the standard docker cp command. > There are no > > error messages, but the files weren't copied into the container. > > > > Thanks > > > > On Fri, Mar 13, 2020 at 5:52 AM Michael Yatsko > > <mic...@ke... <mailto:mic...@ke...> > <mailto:mic...@ke... > <mailto:mic...@ke...>>> wrote: > > > > Hi Tomas, > > > > I'm working with the Docker container. While I've FTP the > files on > > to the Ubuntu server running the Docker image, how do I > get the > > files into the Docker container to import via the command > line? > > > > I've been using the Admin UI for this import. > > > > Thanks, > > Michael > > > > On Fri, Mar 13, 2020 at 1:48 AM Tomas Gustavsson > <to...@pr... <mailto:to...@pr...> > > <mailto:to...@pr... <mailto:to...@pr...>>> wrote: > > > > > > Hi, > > I imported your test keystore with the following command: > > > > bin/ejbca.sh ca importca --caname "FAA Test Root" --p12 > > /home/user/tmp/community-support/faa-test-root-ca.p12 > > --signalias "FAA > > Test Root CA" > > > > Cheers, > > Tomas > > > > On 2020-03-13 00:37, Michael Yatsko wrote: > > > Hi Tomas, > > > > > > Sorry, I'm still not having any luck importing the > Issuing CA. > > I've > > > attached the Root CA (faa-test-root-ca.p12) which > has the > > friendly name > > > FAA Test Root CA in the bag alias. In addition, I've > attached the > > > Issuing CA (faa-test-npe-ca.p12) that has friendly > names of > > FAA Test NPE > > > CA for the Issuing CA and FAA Test Root CA for the > Root CA in > > the bag > > > aliases. Password is key1 for both files. > > > > > > When I imported the Root CA, I had to leave blank the > > Signature Key and > > > Encryption Key aliases. Otherwise, it would not > import it with > > Root CA. > > > The imported Crypto token has signKey and encryptKey > as the > > aliases. > > > > > > I tried every combination of FAA Test Root CA, FAA > Test NPE > > CA, signKey, > > > and encryptKey. No luck. Any other helpful hints? > > > > > > Michael > > > > > > On Thu, Mar 12, 2020 at 4:56 AM Tomas Gustavsson > > <to...@pr... <mailto:to...@pr...> > <mailto:to...@pr... <mailto:to...@pr...>> > > > <mailto:to...@pr... <mailto:to...@pr...> > <mailto:to...@pr... <mailto:to...@pr...>>>> wrote: > > > > > > > > > What command did you use to try the import? Did > you use > > the Admin UI or > > > the CLI? > > > Is it a P12 file that you try to import? > > > > > > The aliases you enter should match the alias > which exists > > in the p12 > > > file. If you have a p12 file for your old > openssl CA you > > can list it by: > > > > > > openssl pkcs12 -in file.p12 > > > > > > It is the friendlyName that is you alias. > > > > > > Cheers, > > > Tomas > > > --- > > > Save time and money with an Enterprise support > > subscription. Please see > > > www.primekey.com <http://www.primekey.com> > <http://www.primekey.com> > > <http://www.primekey.com> for more information. > > > https://www.primekey.com/products/software/ > > > > > > On 2020-03-12 04:46, Michael Yatsko wrote: > > > > Hi, > > > > > > > > I've created a test Root and Issuing CA in > OpenSSL. > > While I have been > > > > able to import the Root CA successfully, I'm > having > > problems importing > > > > the Issuing CA. > > > > > > > > During the Root CA import, I had to clear the > default > > signKey and > > > > encryptKey values in order to import the Root > CA. I saw > > a new imported > > > > Crypto Token with the signKey and encryptKey > aliases. > > The only > > > other CA > > > > is the Management CA. > > > > > > > > When I try to import the Issuing CA, I receive the > > following error > > > > messages if I clear the default signKey and > encryptKey > > values: > > > > > > > > You have to specify any of the following > aliases: FAA > > Test Root CA FAA > > > > Test NPE CA > > > > > > > > If I leave the default signKey value, then I > get the > > following error > > > > message: > > > > > > > > java.lang.Exception: Alias "signKey" not found. > > > > > > > > Similarly, I get the following error message > if I leave > > the default > > > > encryptKey value: > > > > > > > > java.lang.Exception: Alias "encryptKey" not found. > > > > > > > > What do I need to import the Issuing CA? > > > > > > > > Thanks, > > > > Michael > > > > > > > > > > > > _______________________________________________ > > > > Ejbca-develop mailing list > > > > Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > > > <mailto:Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>>> > > > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > > > <mailto:Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>>> > > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Michael Y. <mic...@ke...> - 2020-03-13 18:07:58
|
Hi Tomas, I launched a new instance of the primekey/ejbca instance and it worked. Thank you for your help. Michael On Fri, Mar 13, 2020 at 9:29 AM Michael Yatsko <mic...@ke...> wrote: > Hi Tomas, > > It works for the FAA Test Root CA as you described above, but I couldn't > get it to work for the FAA Test NPE CA. Could you import the FAA Test NPE > CA? > > Thanks, > Michael > > On Fri, Mar 13, 2020 at 8:13 AM Tomas Gustavsson <to...@pr...> > wrote: > >> >> I tested on the container and it works for me. >> >> Certification Authorities->Import CA Keystore >> Name: FAA Test Root CA >> Upload p12 file >> Keystore password: key1 >> Alias of signature key: FAA Test Root CA >> Alias of encryption key: empty >> As it says: (optional: if not given, the key will be generated) >> >> Click import CA keystore and a CA is created. >> >> What difference did you make? >> >> Cheers, >> Tomas >> >> On 2020-03-13 14:22, Michael Yatsko wrote: >> > Please note that I've tried the standard docker cp command. There are no >> > error messages, but the files weren't copied into the container. >> > >> > Thanks >> > >> > On Fri, Mar 13, 2020 at 5:52 AM Michael Yatsko >> > <mic...@ke... <mailto:mic...@ke...>> wrote: >> > >> > Hi Tomas, >> > >> > I'm working with the Docker container. While I've FTP the files on >> > to the Ubuntu server running the Docker image, how do I get the >> > files into the Docker container to import via the command line? >> > >> > I've been using the Admin UI for this import. >> > >> > Thanks, >> > Michael >> > >> > On Fri, Mar 13, 2020 at 1:48 AM Tomas Gustavsson <to...@pr... >> > <mailto:to...@pr...>> wrote: >> > >> > >> > Hi, >> > I imported your test keystore with the following command: >> > >> > bin/ejbca.sh ca importca --caname "FAA Test Root" --p12 >> > /home/user/tmp/community-support/faa-test-root-ca.p12 >> > --signalias "FAA >> > Test Root CA" >> > >> > Cheers, >> > Tomas >> > >> > On 2020-03-13 00:37, Michael Yatsko wrote: >> > > Hi Tomas, >> > > >> > > Sorry, I'm still not having any luck importing the Issuing CA. >> > I've >> > > attached the Root CA (faa-test-root-ca.p12) which has the >> > friendly name >> > > FAA Test Root CA in the bag alias. In addition, I've attached >> the >> > > Issuing CA (faa-test-npe-ca.p12) that has friendly names of >> > FAA Test NPE >> > > CA for the Issuing CA and FAA Test Root CA for the Root CA in >> > the bag >> > > aliases. Password is key1 for both files. >> > > >> > > When I imported the Root CA, I had to leave blank the >> > Signature Key and >> > > Encryption Key aliases. Otherwise, it would not import it with >> > Root CA. >> > > The imported Crypto token has signKey and encryptKey as the >> > aliases. >> > > >> > > I tried every combination of FAA Test Root CA, FAA Test NPE >> > CA, signKey, >> > > and encryptKey. No luck. Any other helpful hints? >> > > >> > > Michael >> > > >> > > On Thu, Mar 12, 2020 at 4:56 AM Tomas Gustavsson >> > <to...@pr... <mailto:to...@pr...> >> > > <mailto:to...@pr... <mailto:to...@pr...>>> wrote: >> > > >> > > >> > > What command did you use to try the import? Did you use >> > the Admin UI or >> > > the CLI? >> > > Is it a P12 file that you try to import? >> > > >> > > The aliases you enter should match the alias which exists >> > in the p12 >> > > file. If you have a p12 file for your old openssl CA you >> > can list it by: >> > > >> > > openssl pkcs12 -in file.p12 >> > > >> > > It is the friendlyName that is you alias. >> > > >> > > Cheers, >> > > Tomas >> > > --- >> > > Save time and money with an Enterprise support >> > subscription. Please see >> > > www.primekey.com <http://www.primekey.com> >> > <http://www.primekey.com> for more information. >> > > https://www.primekey.com/products/software/ >> > > >> > > On 2020-03-12 04:46, Michael Yatsko wrote: >> > > > Hi, >> > > > >> > > > I've created a test Root and Issuing CA in OpenSSL. >> > While I have been >> > > > able to import the Root CA successfully, I'm having >> > problems importing >> > > > the Issuing CA. >> > > > >> > > > During the Root CA import, I had to clear the default >> > signKey and >> > > > encryptKey values in order to import the Root CA. I saw >> > a new imported >> > > > Crypto Token with the signKey and encryptKey aliases. >> > The only >> > > other CA >> > > > is the Management CA. >> > > > >> > > > When I try to import the Issuing CA, I receive the >> > following error >> > > > messages if I clear the default signKey and encryptKey >> > values: >> > > > >> > > > You have to specify any of the following aliases: FAA >> > Test Root CA FAA >> > > > Test NPE CA >> > > > >> > > > If I leave the default signKey value, then I get the >> > following error >> > > > message: >> > > > >> > > > java.lang.Exception: Alias "signKey" not found. >> > > > >> > > > Similarly, I get the following error message if I leave >> > the default >> > > > encryptKey value: >> > > > >> > > > java.lang.Exception: Alias "encryptKey" not found. >> > > > >> > > > What do I need to import the Issuing CA? >> > > > >> > > > Thanks, >> > > > Michael >> > > > >> > > > >> > > > _______________________________________________ >> > > > Ejbca-develop mailing list >> > > > Ejb...@li... >> > <mailto:Ejb...@li...> >> > > <mailto:Ejb...@li... >> > <mailto:Ejb...@li...>> >> > > > >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > > >> > > >> > > >> > > _______________________________________________ >> > > Ejbca-develop mailing list >> > > Ejb...@li... >> > <mailto:Ejb...@li...> >> > > <mailto:Ejb...@li... >> > <mailto:Ejb...@li...>> >> > > >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > >> > > >> > > >> > > _______________________________________________ >> > > Ejbca-develop mailing list >> > > Ejb...@li... >> > <mailto:Ejb...@li...> >> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > >> > >> > >> > _______________________________________________ >> > Ejbca-develop mailing list >> > Ejb...@li... >> > <mailto:Ejb...@li...> >> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > >> > >> > >> > _______________________________________________ >> > Ejbca-develop mailing list >> > Ejb...@li... >> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > |
From: Michael Y. <mic...@ke...> - 2020-03-13 16:29:55
|
Hi Tomas, It works for the FAA Test Root CA as you described above, but I couldn't get it to work for the FAA Test NPE CA. Could you import the FAA Test NPE CA? Thanks, Michael On Fri, Mar 13, 2020 at 8:13 AM Tomas Gustavsson <to...@pr...> wrote: > > I tested on the container and it works for me. > > Certification Authorities->Import CA Keystore > Name: FAA Test Root CA > Upload p12 file > Keystore password: key1 > Alias of signature key: FAA Test Root CA > Alias of encryption key: empty > As it says: (optional: if not given, the key will be generated) > > Click import CA keystore and a CA is created. > > What difference did you make? > > Cheers, > Tomas > > On 2020-03-13 14:22, Michael Yatsko wrote: > > Please note that I've tried the standard docker cp command. There are no > > error messages, but the files weren't copied into the container. > > > > Thanks > > > > On Fri, Mar 13, 2020 at 5:52 AM Michael Yatsko > > <mic...@ke... <mailto:mic...@ke...>> wrote: > > > > Hi Tomas, > > > > I'm working with the Docker container. While I've FTP the files on > > to the Ubuntu server running the Docker image, how do I get the > > files into the Docker container to import via the command line? > > > > I've been using the Admin UI for this import. > > > > Thanks, > > Michael > > > > On Fri, Mar 13, 2020 at 1:48 AM Tomas Gustavsson <to...@pr... > > <mailto:to...@pr...>> wrote: > > > > > > Hi, > > I imported your test keystore with the following command: > > > > bin/ejbca.sh ca importca --caname "FAA Test Root" --p12 > > /home/user/tmp/community-support/faa-test-root-ca.p12 > > --signalias "FAA > > Test Root CA" > > > > Cheers, > > Tomas > > > > On 2020-03-13 00:37, Michael Yatsko wrote: > > > Hi Tomas, > > > > > > Sorry, I'm still not having any luck importing the Issuing CA. > > I've > > > attached the Root CA (faa-test-root-ca.p12) which has the > > friendly name > > > FAA Test Root CA in the bag alias. In addition, I've attached > the > > > Issuing CA (faa-test-npe-ca.p12) that has friendly names of > > FAA Test NPE > > > CA for the Issuing CA and FAA Test Root CA for the Root CA in > > the bag > > > aliases. Password is key1 for both files. > > > > > > When I imported the Root CA, I had to leave blank the > > Signature Key and > > > Encryption Key aliases. Otherwise, it would not import it with > > Root CA. > > > The imported Crypto token has signKey and encryptKey as the > > aliases. > > > > > > I tried every combination of FAA Test Root CA, FAA Test NPE > > CA, signKey, > > > and encryptKey. No luck. Any other helpful hints? > > > > > > Michael > > > > > > On Thu, Mar 12, 2020 at 4:56 AM Tomas Gustavsson > > <to...@pr... <mailto:to...@pr...> > > > <mailto:to...@pr... <mailto:to...@pr...>>> wrote: > > > > > > > > > What command did you use to try the import? Did you use > > the Admin UI or > > > the CLI? > > > Is it a P12 file that you try to import? > > > > > > The aliases you enter should match the alias which exists > > in the p12 > > > file. If you have a p12 file for your old openssl CA you > > can list it by: > > > > > > openssl pkcs12 -in file.p12 > > > > > > It is the friendlyName that is you alias. > > > > > > Cheers, > > > Tomas > > > --- > > > Save time and money with an Enterprise support > > subscription. Please see > > > www.primekey.com <http://www.primekey.com> > > <http://www.primekey.com> for more information. > > > https://www.primekey.com/products/software/ > > > > > > On 2020-03-12 04:46, Michael Yatsko wrote: > > > > Hi, > > > > > > > > I've created a test Root and Issuing CA in OpenSSL. > > While I have been > > > > able to import the Root CA successfully, I'm having > > problems importing > > > > the Issuing CA. > > > > > > > > During the Root CA import, I had to clear the default > > signKey and > > > > encryptKey values in order to import the Root CA. I saw > > a new imported > > > > Crypto Token with the signKey and encryptKey aliases. > > The only > > > other CA > > > > is the Management CA. > > > > > > > > When I try to import the Issuing CA, I receive the > > following error > > > > messages if I clear the default signKey and encryptKey > > values: > > > > > > > > You have to specify any of the following aliases: FAA > > Test Root CA FAA > > > > Test NPE CA > > > > > > > > If I leave the default signKey value, then I get the > > following error > > > > message: > > > > > > > > java.lang.Exception: Alias "signKey" not found. > > > > > > > > Similarly, I get the following error message if I leave > > the default > > > > encryptKey value: > > > > > > > > java.lang.Exception: Alias "encryptKey" not found. > > > > > > > > What do I need to import the Issuing CA? > > > > > > > > Thanks, > > > > Michael > > > > > > > > > > > > _______________________________________________ > > > > Ejbca-develop mailing list > > > > Ejb...@li... > > <mailto:Ejb...@li...> > > > <mailto:Ejb...@li... > > <mailto:Ejb...@li...>> > > > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > > <mailto:Ejb...@li...> > > > <mailto:Ejb...@li... > > <mailto:Ejb...@li...>> > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > > <mailto:Ejb...@li...> > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Tomas G. <to...@pr...> - 2020-03-13 15:13:08
|
I tested on the container and it works for me. Certification Authorities->Import CA Keystore Name: FAA Test Root CA Upload p12 file Keystore password: key1 Alias of signature key: FAA Test Root CA Alias of encryption key: empty As it says: (optional: if not given, the key will be generated) Click import CA keystore and a CA is created. What difference did you make? Cheers, Tomas On 2020-03-13 14:22, Michael Yatsko wrote: > Please note that I've tried the standard docker cp command. There are no > error messages, but the files weren't copied into the container. > > Thanks > > On Fri, Mar 13, 2020 at 5:52 AM Michael Yatsko > <mic...@ke... <mailto:mic...@ke...>> wrote: > > Hi Tomas, > > I'm working with the Docker container. While I've FTP the files on > to the Ubuntu server running the Docker image, how do I get the > files into the Docker container to import via the command line? > > I've been using the Admin UI for this import. > > Thanks, > Michael > > On Fri, Mar 13, 2020 at 1:48 AM Tomas Gustavsson <to...@pr... > <mailto:to...@pr...>> wrote: > > > Hi, > I imported your test keystore with the following command: > > bin/ejbca.sh ca importca --caname "FAA Test Root" --p12 > /home/user/tmp/community-support/faa-test-root-ca.p12 > --signalias "FAA > Test Root CA" > > Cheers, > Tomas > > On 2020-03-13 00:37, Michael Yatsko wrote: > > Hi Tomas, > > > > Sorry, I'm still not having any luck importing the Issuing CA. > I've > > attached the Root CA (faa-test-root-ca.p12) which has the > friendly name > > FAA Test Root CA in the bag alias. In addition, I've attached the > > Issuing CA (faa-test-npe-ca.p12) that has friendly names of > FAA Test NPE > > CA for the Issuing CA and FAA Test Root CA for the Root CA in > the bag > > aliases. Password is key1 for both files. > > > > When I imported the Root CA, I had to leave blank the > Signature Key and > > Encryption Key aliases. Otherwise, it would not import it with > Root CA. > > The imported Crypto token has signKey and encryptKey as the > aliases. > > > > I tried every combination of FAA Test Root CA, FAA Test NPE > CA, signKey, > > and encryptKey. No luck. Any other helpful hints? > > > > Michael > > > > On Thu, Mar 12, 2020 at 4:56 AM Tomas Gustavsson > <to...@pr... <mailto:to...@pr...> > > <mailto:to...@pr... <mailto:to...@pr...>>> wrote: > > > > > > What command did you use to try the import? Did you use > the Admin UI or > > the CLI? > > Is it a P12 file that you try to import? > > > > The aliases you enter should match the alias which exists > in the p12 > > file. If you have a p12 file for your old openssl CA you > can list it by: > > > > openssl pkcs12 -in file.p12 > > > > It is the friendlyName that is you alias. > > > > Cheers, > > Tomas > > --- > > Save time and money with an Enterprise support > subscription. Please see > > www.primekey.com <http://www.primekey.com> > <http://www.primekey.com> for more information. > > https://www.primekey.com/products/software/ > > > > On 2020-03-12 04:46, Michael Yatsko wrote: > > > Hi, > > > > > > I've created a test Root and Issuing CA in OpenSSL. > While I have been > > > able to import the Root CA successfully, I'm having > problems importing > > > the Issuing CA. > > > > > > During the Root CA import, I had to clear the default > signKey and > > > encryptKey values in order to import the Root CA. I saw > a new imported > > > Crypto Token with the signKey and encryptKey aliases. > The only > > other CA > > > is the Management CA. > > > > > > When I try to import the Issuing CA, I receive the > following error > > > messages if I clear the default signKey and encryptKey > values: > > > > > > You have to specify any of the following aliases: FAA > Test Root CA FAA > > > Test NPE CA > > > > > > If I leave the default signKey value, then I get the > following error > > > message: > > > > > > java.lang.Exception: Alias "signKey" not found. > > > > > > Similarly, I get the following error message if I leave > the default > > > encryptKey value: > > > > > > java.lang.Exception: Alias "encryptKey" not found. > > > > > > What do I need to import the Issuing CA? > > > > > > Thanks, > > > Michael > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Michael Y. <mic...@ke...> - 2020-03-13 13:23:17
|
Please note that I've tried the standard docker cp command. There are no error messages, but the files weren't copied into the container. Thanks On Fri, Mar 13, 2020 at 5:52 AM Michael Yatsko <mic...@ke...> wrote: > Hi Tomas, > > I'm working with the Docker container. While I've FTP the files on to the > Ubuntu server running the Docker image, how do I get the files into the > Docker container to import via the command line? > > I've been using the Admin UI for this import. > > Thanks, > Michael > > On Fri, Mar 13, 2020 at 1:48 AM Tomas Gustavsson <to...@pr...> > wrote: > >> >> Hi, >> I imported your test keystore with the following command: >> >> bin/ejbca.sh ca importca --caname "FAA Test Root" --p12 >> /home/user/tmp/community-support/faa-test-root-ca.p12 --signalias "FAA >> Test Root CA" >> >> Cheers, >> Tomas >> >> On 2020-03-13 00:37, Michael Yatsko wrote: >> > Hi Tomas, >> > >> > Sorry, I'm still not having any luck importing the Issuing CA. I've >> > attached the Root CA (faa-test-root-ca.p12) which has the friendly name >> > FAA Test Root CA in the bag alias. In addition, I've attached the >> > Issuing CA (faa-test-npe-ca.p12) that has friendly names of FAA Test NPE >> > CA for the Issuing CA and FAA Test Root CA for the Root CA in the bag >> > aliases. Password is key1 for both files. >> > >> > When I imported the Root CA, I had to leave blank the Signature Key and >> > Encryption Key aliases. Otherwise, it would not import it with Root CA. >> > The imported Crypto token has signKey and encryptKey as the aliases. >> > >> > I tried every combination of FAA Test Root CA, FAA Test NPE CA, signKey, >> > and encryptKey. No luck. Any other helpful hints? >> > >> > Michael >> > >> > On Thu, Mar 12, 2020 at 4:56 AM Tomas Gustavsson <to...@pr... >> > <mailto:to...@pr...>> wrote: >> > >> > >> > What command did you use to try the import? Did you use the Admin >> UI or >> > the CLI? >> > Is it a P12 file that you try to import? >> > >> > The aliases you enter should match the alias which exists in the p12 >> > file. If you have a p12 file for your old openssl CA you can list >> it by: >> > >> > openssl pkcs12 -in file.p12 >> > >> > It is the friendlyName that is you alias. >> > >> > Cheers, >> > Tomas >> > --- >> > Save time and money with an Enterprise support subscription. Please >> see >> > www.primekey.com <http://www.primekey.com> for more information. >> > https://www.primekey.com/products/software/ >> > >> > On 2020-03-12 04:46, Michael Yatsko wrote: >> > > Hi, >> > > >> > > I've created a test Root and Issuing CA in OpenSSL. While I have >> been >> > > able to import the Root CA successfully, I'm having problems >> importing >> > > the Issuing CA. >> > > >> > > During the Root CA import, I had to clear the default signKey and >> > > encryptKey values in order to import the Root CA. I saw a new >> imported >> > > Crypto Token with the signKey and encryptKey aliases. The only >> > other CA >> > > is the Management CA. >> > > >> > > When I try to import the Issuing CA, I receive the following error >> > > messages if I clear the default signKey and encryptKey values: >> > > >> > > You have to specify any of the following aliases: FAA Test Root >> CA FAA >> > > Test NPE CA >> > > >> > > If I leave the default signKey value, then I get the following >> error >> > > message: >> > > >> > > java.lang.Exception: Alias "signKey" not found. >> > > >> > > Similarly, I get the following error message if I leave the >> default >> > > encryptKey value: >> > > >> > > java.lang.Exception: Alias "encryptKey" not found. >> > > >> > > What do I need to import the Issuing CA? >> > > >> > > Thanks, >> > > Michael >> > > >> > > >> > > _______________________________________________ >> > > Ejbca-develop mailing list >> > > Ejb...@li... >> > <mailto:Ejb...@li...> >> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > >> > >> > >> > _______________________________________________ >> > Ejbca-develop mailing list >> > Ejb...@li... >> > <mailto:Ejb...@li...> >> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > >> > >> > >> > _______________________________________________ >> > Ejbca-develop mailing list >> > Ejb...@li... >> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > |
From: Michael Y. <mic...@ke...> - 2020-03-13 12:52:24
|
Hi Tomas, I'm working with the Docker container. While I've FTP the files on to the Ubuntu server running the Docker image, how do I get the files into the Docker container to import via the command line? I've been using the Admin UI for this import. Thanks, Michael On Fri, Mar 13, 2020 at 1:48 AM Tomas Gustavsson <to...@pr...> wrote: > > Hi, > I imported your test keystore with the following command: > > bin/ejbca.sh ca importca --caname "FAA Test Root" --p12 > /home/user/tmp/community-support/faa-test-root-ca.p12 --signalias "FAA > Test Root CA" > > Cheers, > Tomas > > On 2020-03-13 00:37, Michael Yatsko wrote: > > Hi Tomas, > > > > Sorry, I'm still not having any luck importing the Issuing CA. I've > > attached the Root CA (faa-test-root-ca.p12) which has the friendly name > > FAA Test Root CA in the bag alias. In addition, I've attached the > > Issuing CA (faa-test-npe-ca.p12) that has friendly names of FAA Test NPE > > CA for the Issuing CA and FAA Test Root CA for the Root CA in the bag > > aliases. Password is key1 for both files. > > > > When I imported the Root CA, I had to leave blank the Signature Key and > > Encryption Key aliases. Otherwise, it would not import it with Root CA. > > The imported Crypto token has signKey and encryptKey as the aliases. > > > > I tried every combination of FAA Test Root CA, FAA Test NPE CA, signKey, > > and encryptKey. No luck. Any other helpful hints? > > > > Michael > > > > On Thu, Mar 12, 2020 at 4:56 AM Tomas Gustavsson <to...@pr... > > <mailto:to...@pr...>> wrote: > > > > > > What command did you use to try the import? Did you use the Admin UI > or > > the CLI? > > Is it a P12 file that you try to import? > > > > The aliases you enter should match the alias which exists in the p12 > > file. If you have a p12 file for your old openssl CA you can list it > by: > > > > openssl pkcs12 -in file.p12 > > > > It is the friendlyName that is you alias. > > > > Cheers, > > Tomas > > --- > > Save time and money with an Enterprise support subscription. Please > see > > www.primekey.com <http://www.primekey.com> for more information. > > https://www.primekey.com/products/software/ > > > > On 2020-03-12 04:46, Michael Yatsko wrote: > > > Hi, > > > > > > I've created a test Root and Issuing CA in OpenSSL. While I have > been > > > able to import the Root CA successfully, I'm having problems > importing > > > the Issuing CA. > > > > > > During the Root CA import, I had to clear the default signKey and > > > encryptKey values in order to import the Root CA. I saw a new > imported > > > Crypto Token with the signKey and encryptKey aliases. The only > > other CA > > > is the Management CA. > > > > > > When I try to import the Issuing CA, I receive the following error > > > messages if I clear the default signKey and encryptKey values: > > > > > > You have to specify any of the following aliases: FAA Test Root CA > FAA > > > Test NPE CA > > > > > > If I leave the default signKey value, then I get the following > error > > > message: > > > > > > java.lang.Exception: Alias "signKey" not found. > > > > > > Similarly, I get the following error message if I leave the default > > > encryptKey value: > > > > > > java.lang.Exception: Alias "encryptKey" not found. > > > > > > What do I need to import the Issuing CA? > > > > > > Thanks, > > > Michael > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > > <mailto:Ejb...@li...> > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Andreas K. <ku...@tr...> - 2020-03-13 10:36:41
|
Hi Tomas, great, that describes my desired behaviour! I'll check back whether I got the productionmode switch wrong. Greetings, Andreas > Hi, > > As far as I understand... > > swagger-ui is only enabled if you have set: > ejbca.productionmode=false > in ejbca.properties. > The default setting is > ejbca.productionmode=true, in which swagger is disabled. > > Cheers, > Tomas > > On 2020-03-12 14:16, Andreas Kuehne wrote: >> Hi experts, >> >> is there a way to disable the Swagger-UI at least for production >> environments? There were some security issues with Swagger-UI recently >> so I would prefer to offer the Swagger-UI for Dev and Test, only. >> >> >> Thnaks in advance, >> >> >> Andreas >> >> > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- Andreas Kühne Chair of OASIS DSS-X phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales |
From: Tomas G. <to...@pr...> - 2020-03-13 08:47:56
|
Hi, I imported your test keystore with the following command: bin/ejbca.sh ca importca --caname "FAA Test Root" --p12 /home/user/tmp/community-support/faa-test-root-ca.p12 --signalias "FAA Test Root CA" Cheers, Tomas On 2020-03-13 00:37, Michael Yatsko wrote: > Hi Tomas, > > Sorry, I'm still not having any luck importing the Issuing CA. I've > attached the Root CA (faa-test-root-ca.p12) which has the friendly name > FAA Test Root CA in the bag alias. In addition, I've attached the > Issuing CA (faa-test-npe-ca.p12) that has friendly names of FAA Test NPE > CA for the Issuing CA and FAA Test Root CA for the Root CA in the bag > aliases. Password is key1 for both files. > > When I imported the Root CA, I had to leave blank the Signature Key and > Encryption Key aliases. Otherwise, it would not import it with Root CA. > The imported Crypto token has signKey and encryptKey as the aliases. > > I tried every combination of FAA Test Root CA, FAA Test NPE CA, signKey, > and encryptKey. No luck. Any other helpful hints? > > Michael > > On Thu, Mar 12, 2020 at 4:56 AM Tomas Gustavsson <to...@pr... > <mailto:to...@pr...>> wrote: > > > What command did you use to try the import? Did you use the Admin UI or > the CLI? > Is it a P12 file that you try to import? > > The aliases you enter should match the alias which exists in the p12 > file. If you have a p12 file for your old openssl CA you can list it by: > > openssl pkcs12 -in file.p12 > > It is the friendlyName that is you alias. > > Cheers, > Tomas > --- > Save time and money with an Enterprise support subscription. Please see > www.primekey.com <http://www.primekey.com> for more information. > https://www.primekey.com/products/software/ > > On 2020-03-12 04:46, Michael Yatsko wrote: > > Hi, > > > > I've created a test Root and Issuing CA in OpenSSL. While I have been > > able to import the Root CA successfully, I'm having problems importing > > the Issuing CA. > > > > During the Root CA import, I had to clear the default signKey and > > encryptKey values in order to import the Root CA. I saw a new imported > > Crypto Token with the signKey and encryptKey aliases. The only > other CA > > is the Management CA. > > > > When I try to import the Issuing CA, I receive the following error > > messages if I clear the default signKey and encryptKey values: > > > > You have to specify any of the following aliases: FAA Test Root CA FAA > > Test NPE CA > > > > If I leave the default signKey value, then I get the following error > > message: > > > > java.lang.Exception: Alias "signKey" not found. > > > > Similarly, I get the following error message if I leave the default > > encryptKey value: > > > > java.lang.Exception: Alias "encryptKey" not found. > > > > What do I need to import the Issuing CA? > > > > Thanks, > > Michael > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Tomas G. <to...@pr...> - 2020-03-13 06:37:55
|
Hi, As far as I understand... swagger-ui is only enabled if you have set: ejbca.productionmode=false in ejbca.properties. The default setting is ejbca.productionmode=true, in which swagger is disabled. Cheers, Tomas On 2020-03-12 14:16, Andreas Kuehne wrote: > Hi experts, > > is there a way to disable the Swagger-UI at least for production > environments? There were some security issues with Swagger-UI recently > so I would prefer to offer the Swagger-UI for Dev and Test, only. > > > Thnaks in advance, > > > Andreas > > |
From: Michael Y. <mic...@ke...> - 2020-03-12 23:37:43
|
Hi Tomas, Sorry, I'm still not having any luck importing the Issuing CA. I've attached the Root CA (faa-test-root-ca.p12) which has the friendly name FAA Test Root CA in the bag alias. In addition, I've attached the Issuing CA (faa-test-npe-ca.p12) that has friendly names of FAA Test NPE CA for the Issuing CA and FAA Test Root CA for the Root CA in the bag aliases. Password is key1 for both files. When I imported the Root CA, I had to leave blank the Signature Key and Encryption Key aliases. Otherwise, it would not import it with Root CA. The imported Crypto token has signKey and encryptKey as the aliases. I tried every combination of FAA Test Root CA, FAA Test NPE CA, signKey, and encryptKey. No luck. Any other helpful hints? Michael On Thu, Mar 12, 2020 at 4:56 AM Tomas Gustavsson <to...@pr...> wrote: > > What command did you use to try the import? Did you use the Admin UI or > the CLI? > Is it a P12 file that you try to import? > > The aliases you enter should match the alias which exists in the p12 > file. If you have a p12 file for your old openssl CA you can list it by: > > openssl pkcs12 -in file.p12 > > It is the friendlyName that is you alias. > > Cheers, > Tomas > --- > Save time and money with an Enterprise support subscription. Please see > www.primekey.com for more information. > https://www.primekey.com/products/software/ > > On 2020-03-12 04:46, Michael Yatsko wrote: > > Hi, > > > > I've created a test Root and Issuing CA in OpenSSL. While I have been > > able to import the Root CA successfully, I'm having problems importing > > the Issuing CA. > > > > During the Root CA import, I had to clear the default signKey and > > encryptKey values in order to import the Root CA. I saw a new imported > > Crypto Token with the signKey and encryptKey aliases. The only other CA > > is the Management CA. > > > > When I try to import the Issuing CA, I receive the following error > > messages if I clear the default signKey and encryptKey values: > > > > You have to specify any of the following aliases: FAA Test Root CA FAA > > Test NPE CA > > > > If I leave the default signKey value, then I get the following error > > message: > > > > java.lang.Exception: Alias "signKey" not found. > > > > Similarly, I get the following error message if I leave the default > > encryptKey value: > > > > java.lang.Exception: Alias "encryptKey" not found. > > > > What do I need to import the Issuing CA? > > > > Thanks, > > Michael > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Andreas K. <ku...@tr...> - 2020-03-12 13:33:20
|
Hi experts, is there a way to disable the Swagger-UI at least for production environments? There were some security issues with Swagger-UI recently so I would prefer to offer the Swagger-UI for Dev and Test, only. Thnaks in advance, Andreas -- Andreas Kühne Chair of OASIS DSS-X phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales |
From: Tomas G. <to...@pr...> - 2020-03-12 11:55:48
|
What command did you use to try the import? Did you use the Admin UI or the CLI? Is it a P12 file that you try to import? The aliases you enter should match the alias which exists in the p12 file. If you have a p12 file for your old openssl CA you can list it by: openssl pkcs12 -in file.p12 It is the friendlyName that is you alias. Cheers, Tomas --- Save time and money with an Enterprise support subscription. Please see www.primekey.com for more information. https://www.primekey.com/products/software/ On 2020-03-12 04:46, Michael Yatsko wrote: > Hi, > > I've created a test Root and Issuing CA in OpenSSL. While I have been > able to import the Root CA successfully, I'm having problems importing > the Issuing CA. > > During the Root CA import, I had to clear the default signKey and > encryptKey values in order to import the Root CA. I saw a new imported > Crypto Token with the signKey and encryptKey aliases. The only other CA > is the Management CA. > > When I try to import the Issuing CA, I receive the following error > messages if I clear the default signKey and encryptKey values: > > You have to specify any of the following aliases: FAA Test Root CA FAA > Test NPE CA > > If I leave the default signKey value, then I get the following error > message: > > java.lang.Exception: Alias "signKey" not found. > > Similarly, I get the following error message if I leave the default > encryptKey value: > > java.lang.Exception: Alias "encryptKey" not found. > > What do I need to import the Issuing CA? > > Thanks, > Michael > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Michael Y. <mic...@ke...> - 2020-03-12 03:46:47
|
Hi, I've created a test Root and Issuing CA in OpenSSL. While I have been able to import the Root CA successfully, I'm having problems importing the Issuing CA. During the Root CA import, I had to clear the default signKey and encryptKey values in order to import the Root CA. I saw a new imported Crypto Token with the signKey and encryptKey aliases. The only other CA is the Management CA. When I try to import the Issuing CA, I receive the following error messages if I clear the default signKey and encryptKey values: You have to specify any of the following aliases: FAA Test Root CA FAA Test NPE CA If I leave the default signKey value, then I get the following error message: java.lang.Exception: Alias "signKey" not found. Similarly, I get the following error message if I leave the default encryptKey value: java.lang.Exception: Alias "encryptKey" not found. What do I need to import the Issuing CA? Thanks, Michael |
From: Tomas G. <to...@pr...> - 2020-03-03 22:40:23
|
Aha, That was what confused me. The docker image is a bit "special", to make things easy to get started. In that case you must create a certificate and an entry in the role for an admin that uses that certificate to authenticate. So you have an administrator (which is not the public web user) to approve the requests. This is a bit special with the docker image, which uses a PublicAccessToken for the initial admin access, just to make it easier to get started "testing". In a normal installation, you will install with an admin certificate to access the Admin UI (strong 2 factor authentication by default). Regards, Tomas On 2020-03-03 13:52, Michael Yatsko wrote: > Hi Tomas, > > Sorry, I don't understand. I've deployed the Ephemeral Test Instance via > the EJBCA Docker container. There is already a SuperAdmin administrator > Role which has a default access rule for > PublicAccessAuthenticationToken: Confidential transport (HTTPS). Then, I > click the RA Web to submit my requests. No web browsers prompts me for > an END USER certificate so I'm assuming that it's using the SuperAdmin > role. I've submitted all my certificate requests this way. > > Thanks, > Michael > > > > On Tue, Mar 3, 2020 at 7:10 AM Tomas Gustavsson <to...@pr... > <mailto:to...@pr...>> wrote: > > > When creating roles and users in roles, there is something called a > PublicAccessAuthenticationToken ("Match with"). > > Regards, > Tomas > > > On 2020-03-03 06:31, Michael Yatsko wrote: > > Hi, > > > > OK. I issued another END USER certificate from the ManagementCA with > > another O. Then, I accessed the RA webpage and submit a certificate > > request. Finally, I approved it with my RA1 certificate. > > > > So, I have a new question. How can I make the RA webpage open to > anyone > > in order to submit a certificate request? > > > > Thanks, > > Michael > > > > On Mon, Mar 2, 2020 at 8:06 PM Tomas Gustavsson <to...@pr... > <mailto:to...@pr...> > > <mailto:to...@pr... <mailto:to...@pr...>>> wrote: > > > > > > When using approvals, the client certificate used to > authenticate the > > request must be different form the certificate used to > authenticate the > > approval. > > > > "This request must be approved by another administrator" > > > > It would bypass the security of approvals if the same person > who made > > the request could also approve it, therefore you need two > different > > Admins in EJBCA. One to make the request and one to make the > approval. > > > > Cheers, > > Tomas > > > > On 2020-03-02 19:41, Michael Yatsko wrote: > > > Hi, > > > > > > I've set up a new Administrator Profile, RA, and assigned the RA > > access > > > rules based on the template. Also, I've added members based on > > O=KeyPKI. > > > Then, I've issued END USER certificates from the > ManagementCA with > > > O=KeyPKI and CN=RA1, RA2, and RA3. > > > > > > Next, I created an Approval Profile, APPROVAL-1, with > Partitioned > > > Approval with a single step. The RA can view and approve this > > partition. > > > > > > Lastly, I have a Certificate Profile, RA-APPROVAL, with > APPROVAL-1 as > > > the Add/End Entity. > > > > > > While I can successfully submit a certificate request via the > > > RA-APPROVAL certificate profile, I can not approve the > certificate > > > request with my RA1 certificate. I get a message, /"This request > > must be > > > approved by another administrator"/: > > > > > > Screen Shot 2020-03-02 at 7.26.29 PM.png > > > I've tried using my RA2 and RA3 certificates without any > luck. I even > > > used different web browsers. What do I need to do to approve > this > > > certificate request? > > > > > > Michael > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > <mailto:Ejb...@li... > <mailto:Ejb...@li...>> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Michael Y. <mic...@ke...> - 2020-03-03 21:53:05
|
Hi Tomas, Sorry, I don't understand. I've deployed the Ephemeral Test Instance via the EJBCA Docker container. There is already a SuperAdmin administrator Role which has a default access rule for PublicAccessAuthenticationToken: Confidential transport (HTTPS). Then, I click the RA Web to submit my requests. No web browsers prompts me for an END USER certificate so I'm assuming that it's using the SuperAdmin role. I've submitted all my certificate requests this way. Thanks, Michael On Tue, Mar 3, 2020 at 7:10 AM Tomas Gustavsson <to...@pr...> wrote: > > When creating roles and users in roles, there is something called a > PublicAccessAuthenticationToken ("Match with"). > > Regards, > Tomas > > > On 2020-03-03 06:31, Michael Yatsko wrote: > > Hi, > > > > OK. I issued another END USER certificate from the ManagementCA with > > another O. Then, I accessed the RA webpage and submit a certificate > > request. Finally, I approved it with my RA1 certificate. > > > > So, I have a new question. How can I make the RA webpage open to anyone > > in order to submit a certificate request? > > > > Thanks, > > Michael > > > > On Mon, Mar 2, 2020 at 8:06 PM Tomas Gustavsson <to...@pr... > > <mailto:to...@pr...>> wrote: > > > > > > When using approvals, the client certificate used to authenticate the > > request must be different form the certificate used to authenticate > the > > approval. > > > > "This request must be approved by another administrator" > > > > It would bypass the security of approvals if the same person who made > > the request could also approve it, therefore you need two different > > Admins in EJBCA. One to make the request and one to make the > approval. > > > > Cheers, > > Tomas > > > > On 2020-03-02 19:41, Michael Yatsko wrote: > > > Hi, > > > > > > I've set up a new Administrator Profile, RA, and assigned the RA > > access > > > rules based on the template. Also, I've added members based on > > O=KeyPKI. > > > Then, I've issued END USER certificates from the ManagementCA with > > > O=KeyPKI and CN=RA1, RA2, and RA3. > > > > > > Next, I created an Approval Profile, APPROVAL-1, with Partitioned > > > Approval with a single step. The RA can view and approve this > > partition. > > > > > > Lastly, I have a Certificate Profile, RA-APPROVAL, with APPROVAL-1 > as > > > the Add/End Entity. > > > > > > While I can successfully submit a certificate request via the > > > RA-APPROVAL certificate profile, I can not approve the certificate > > > request with my RA1 certificate. I get a message, /"This request > > must be > > > approved by another administrator"/: > > > > > > Screen Shot 2020-03-02 at 7.26.29 PM.png > > > I've tried using my RA2 and RA3 certificates without any luck. I > even > > > used different web browsers. What do I need to do to approve this > > > certificate request? > > > > > > Michael > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > > <mailto:Ejb...@li...> > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
From: Tomas G. <to...@pr...> - 2020-03-03 15:09:32
|
When creating roles and users in roles, there is something called a PublicAccessAuthenticationToken ("Match with"). Regards, Tomas On 2020-03-03 06:31, Michael Yatsko wrote: > Hi, > > OK. I issued another END USER certificate from the ManagementCA with > another O. Then, I accessed the RA webpage and submit a certificate > request. Finally, I approved it with my RA1 certificate. > > So, I have a new question. How can I make the RA webpage open to anyone > in order to submit a certificate request? > > Thanks, > Michael > > On Mon, Mar 2, 2020 at 8:06 PM Tomas Gustavsson <to...@pr... > <mailto:to...@pr...>> wrote: > > > When using approvals, the client certificate used to authenticate the > request must be different form the certificate used to authenticate the > approval. > > "This request must be approved by another administrator" > > It would bypass the security of approvals if the same person who made > the request could also approve it, therefore you need two different > Admins in EJBCA. One to make the request and one to make the approval. > > Cheers, > Tomas > > On 2020-03-02 19:41, Michael Yatsko wrote: > > Hi, > > > > I've set up a new Administrator Profile, RA, and assigned the RA > access > > rules based on the template. Also, I've added members based on > O=KeyPKI. > > Then, I've issued END USER certificates from the ManagementCA with > > O=KeyPKI and CN=RA1, RA2, and RA3. > > > > Next, I created an Approval Profile, APPROVAL-1, with Partitioned > > Approval with a single step. The RA can view and approve this > partition. > > > > Lastly, I have a Certificate Profile, RA-APPROVAL, with APPROVAL-1 as > > the Add/End Entity. > > > > While I can successfully submit a certificate request via the > > RA-APPROVAL certificate profile, I can not approve the certificate > > request with my RA1 certificate. I get a message, /"This request > must be > > approved by another administrator"/: > > > > Screen Shot 2020-03-02 at 7.26.29 PM.png > > I've tried using my RA2 and RA3 certificates without any luck. I even > > used different web browsers. What do I need to do to approve this > > certificate request? > > > > Michael > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |