From: pryan00 <pr...@ho...> - 2008-01-10 09:18:15
|
hi Johan, i copied policy files and it works ,thanks.the next issue is integrate the system with luna. also i 'll have some problems with property files.now i 'll tell u my changes on property files to talk with luna hsm. tell me are they true or not pls. 1.) i copied luna jars to $JBOSS_HOME/server/default/lib and /$EJBCA_HOME/lib 2.) i stop jboss, add profile LD_LIBRARY_PATH and logoout&login then restart jboss. 3.) i generate key named pryan00key in hsm 4.) vtl verify (i see the key) //editing ejbca.properties 5.) i make the luna.hsm=X property uncommented and make it luna.hsm=10.10.10.101 (ip of luna hsm) 5.) i make ca.tokentype= org.ejbca.core.model.ca.catoken.SafeNetLunaCAToken 6.) i make the ca.tokenpassword= somepass //finished editing ejbca.properties //start editing catoken.properties 7.) i delete lines keyStore 2349823489289asd2387234 defaultKey defaultRoot 8.) i add lines slotLabel = myLunaPartitionName certSignKey = pryan00key defaultKey = pryan00key am i ready? or tell me if i am wrong somewhere (i wonder about luna.hsm property line :)) ) thanks, pryan00 Johan Eklund wrote: > > Hi pryan00, > > The missing keystore errors are ok, since there is no previous keystore > in a fresh install. > The missing Luna is ok, since you haven't tried to install this yet > either. > > The Illegal Keysize Exception is due to missing "Java Cryptography > Extension (JCE) Unlimited Strength Jurisdiction". Download this from > "Other Downloads" where you downloaded the JDK and replace the files in > $JAVA_HOME/jre/lib/security/ (also replace the files for the JRE if you > have a separate installation of this, like on windows). > If you don't install this policy you are limited to 6 or 7 chars > passwords for keystores (like the superadmin's) and 2048 RSA. > > I would recommend that you start over from a clean database again since > thing might have been corrupted by this Exception. > > Good luck, > Johan > > pryan00 skrev: >> hey johan, >> thanx for your help, >> >> i delete mysql tables,jboss,and ejbca folders and copied again from the >> begining. >> then i make ant bootstrap, >> then start jboss and started with no errors. >> then i make ant install but some errors happen: >> >> [echo] Adding to or creating keystore: >> /usr/local/ejbca/p12/truststore.jks >> [exec] keytool error: java.lang.Exception: Keystore file does not >> exist: /usr/local/ejbca/p12/truststore.jks >> [exec] java.lang.Exception: Keystore file does not exist: >> /usr/local/ejbca/p12/truststore.jks >> [exec] at >> sun.security.tools.KeyTool.doCommands(KeyTool.java:565) >> [exec] at sun.security.tools.KeyTool.run(KeyTool.java:171) >> [exec] at sun.security.tools.KeyTool.main(KeyTool.java:165) >> [exec] Result: 1 >> [exec] keytool error: java.lang.Exception: Keystore file does not >> exist: /usr/local/ejbca/p12/truststore.jks >> [exec] java.lang.Exception: Keystore file does not exist: >> /usr/local/ejbca/p12/truststore.jks >> [exec] at >> sun.security.tools.KeyTool.doCommands(KeyTool.java:565) >> [exec] at sun.security.tools.KeyTool.run(KeyTool.java:171) >> [exec] at sun.security.tools.KeyTool.main(KeyTool.java:165) >> [exec] Result: 1 >> [exec] Certificate was added to keystore >> [exec] [Storing /usr/local/ejbca/p12/truststore.jks] >> >> but ant install successed. >> then i stop jboss and make ant deploy and then start jboss again, then >> jboss >> gives some errors too: >> >> [java] 14:12:50,301 INFO [CATokenManager] Can not register >> org.ejbca.core.model.ca.catoken.SafeNetLunaCAToken. This is normally not >> an >> error. >> [java] 14:12:50,459 ERROR [BaseCAToken] Failed to encrypt auto >> activation >> pin, using non-ecnrypted instead: >> [java] java.security.InvalidKeyException: Illegal key size >> [java] at javax.crypto.Cipher.a(DashoA13*..) >> [java] at javax.crypto.Cipher.init(DashoA13*..) >> [java] at javax.crypto.Cipher.init(DashoA13*..) >> [java] at >> org.ejbca.util.StringTools.pbeEncryptStringWithSha256Aes192(StringTools.java:366) >> [java] at >> org.ejbca.core.model.ca.catoken.BaseCAToken.setAutoActivatePin(BaseCAToken.java:207) >> [java] at >> org.ejbca.core.model.ca.catoken.SoftCAToken.init(SoftCAToken.java:95) >> [java] at >> org.ejbca.core.model.ca.catoken.CATokenContainerImpl.getCAToken(CATokenContainerImpl.java:451) >> >> >> what do u think the problem? thanks for ur help. >> >> note: i ignored luna for this try,just edited passwords in the >> ejbca.prooperties and mysql lines in database.properties >> >> >> >> >> >> Johan Eklund wrote: >> >>> Hi pryan00, >>> >>> Great to hear that you are trying out EJBCA! >>> >>> If you never have installed EJBCA before I recommend that you try a >>> simple setup without the HSM first to avoid complicating thing more than >>> necessary. http://www.ejbca.org/manual.html#Quick%20start%20guide is >>> usually a good starting point for this. >>> >>> Basically: >>> Edit conf/ejbca.properties (the default values are usually good enough >>> for testing) and conf/database.properties (uncomment/edit lines related >>> to MySQL if you prefer this database or skip the database.properties to >>> use the default Hypersonic database). >>> Run "ant clean" and "ant bootstrap" >>> Start JBoss in another console >>> Run "ant install" (ignore error about not beeing able to remove old >>> CA-certs from truststore, this is perfectly ok) >>> Stop JBoss >>> Run "ant deploy" >>> Start JBoss again >>> Import the p12/superadmin.p12 to your favorite browser and go to >>> http://localhost:8080/ejbca >>> >>> If you change any properties later: >>> Run "ant clean" and "ant deploy" to pick up the changes. >>> (you can however not change things like the database after install) >>> >>> You can find how to use Luna HSM at >>> http://www.ejbca.org/manual.html#SafeNet%20Luna%20SA%20HSM >>> >>> Hope this helps, >>> Johan >>> >>> pryan00 skrev: >>> >>>> Hi, >>>> I am a newbie and i have some problems with 3.5.2.these problems are: >>>> >>>> 1.) i am reading installation guides but they mention about only >>>> editting >>>> ejbca.properties,(i think becouse the guides are old) must we edit the >>>> other .properties.files?for ex. database.properties? or must we just >>>> add >>>> lines to ejbca.properties file? (like mysql.driver=blabla >>>> mysql.username=whatever) >>>> >>>> 2.) i will try to use luna hsm as catoken.what change must i do and in >>>> which >>>> properties files? >>>> >>>> 3.) the user guide says that edit the row in ejbca.properties >>>> "hsm.luna=X", >>>> what must i write in these line ip of lunahsm or luna hsm name or >>>> partition? >>>> >>>> >>>> >>>> >>> ------------------------------------------------------------------------- >>> Check out the new SourceForge.net Marketplace. >>> It's the best place to buy or sell services for >>> just about anything Open Source. >>> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >>> >>> >> >> > > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > -- View this message in context: http://www.nabble.com/EJBCA-3.5.2-released-tp13664043p14730292.html Sent from the EjbCA - Dev mailing list archive at Nabble.com. |