Re: [Ejbca-develop] EJBCA 3.5.2 released

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

hi Johan,

i copied policy files and it works ,thanks.the next issue is integrate the
system with luna.
also i 'll have some problems with property files.now i 'll tell u my
changes on property files to talk with luna hsm. tell me are they true or
not pls.

1.) i copied luna jars to $JBOSS_HOME/server/default/lib and
/$EJBCA_HOME/lib
2.) i stop jboss, add profile LD_LIBRARY_PATH and logoout&login then restart
jboss. 
3.) i generate key named pryan00key in hsm
4.) vtl verify (i see the key)
//editing ejbca.properties
5.) i make the luna.hsm=X property uncommented and make it
luna.hsm=10.10.10.101 (ip of luna hsm)
5.) i make ca.tokentype= org.ejbca.core.model.ca.catoken.SafeNetLunaCAToken
6.) i make the ca.tokenpassword= somepass
//finished editing ejbca.properties
//start editing catoken.properties
7.) i delete lines 
keyStore 2349823489289asd2387234
defaultKey defaultRoot
8.) i add lines 
slotLabel = myLunaPartitionName
certSignKey = pryan00key
defaultKey = pryan00key

am i ready? or tell me if i am wrong somewhere (i wonder about luna.hsm
property line :)) )
thanks,
pryan00

Johan Eklund wrote:
> 
> Hi pryan00,
> 
> The missing keystore errors are ok, since there is no previous keystore 
> in a fresh install.
> The missing Luna is ok, since you haven't tried to install this yet
> either.
> 
> The Illegal Keysize Exception is due to missing "Java Cryptography 
> Extension (JCE) Unlimited Strength Jurisdiction". Download this from 
> "Other Downloads" where you downloaded the JDK and replace the files in 
> $JAVA_HOME/jre/lib/security/ (also replace the files for the JRE if you 
> have a separate installation of this, like on windows).
> If you don't install this policy you are limited to 6 or 7 chars 
> passwords for keystores (like the superadmin's) and 2048 RSA.
> 
> I would recommend that you start over from a clean database again since 
> thing might have been corrupted by this Exception.
> 
> Good luck,
> Johan
> 
> pryan00 skrev:
>> hey johan,
>> thanx for your help,
>>
>> i delete mysql tables,jboss,and ejbca folders and copied again from the
>> begining.
>> then i make ant bootstrap,
>> then start jboss and started with no errors.
>> then i make ant install but some errors happen:
>>
>>  [echo] Adding to or creating keystore:
>> /usr/local/ejbca/p12/truststore.jks
>>      [exec] keytool error: java.lang.Exception: Keystore file does not
>> exist: /usr/local/ejbca/p12/truststore.jks
>>      [exec] java.lang.Exception: Keystore file does not exist:
>> /usr/local/ejbca/p12/truststore.jks
>>      [exec]     at
>> sun.security.tools.KeyTool.doCommands(KeyTool.java:565)
>>      [exec]     at sun.security.tools.KeyTool.run(KeyTool.java:171)
>>      [exec]     at sun.security.tools.KeyTool.main(KeyTool.java:165)
>>      [exec] Result: 1
>>      [exec] keytool error: java.lang.Exception: Keystore file does not
>> exist: /usr/local/ejbca/p12/truststore.jks
>>      [exec] java.lang.Exception: Keystore file does not exist:
>> /usr/local/ejbca/p12/truststore.jks
>>      [exec]     at
>> sun.security.tools.KeyTool.doCommands(KeyTool.java:565)
>>      [exec]     at sun.security.tools.KeyTool.run(KeyTool.java:171)
>>      [exec]     at sun.security.tools.KeyTool.main(KeyTool.java:165)
>>      [exec] Result: 1
>>      [exec] Certificate was added to keystore
>>      [exec] [Storing /usr/local/ejbca/p12/truststore.jks]
>>
>> but ant install successed.
>> then i stop jboss and make ant deploy and then start jboss again, then
>> jboss
>> gives some errors too:
>>
>>  [java] 14:12:50,301 INFO  [CATokenManager] Can not register
>> org.ejbca.core.model.ca.catoken.SafeNetLunaCAToken. This is normally not
>> an
>> error.
>>      [java] 14:12:50,459 ERROR [BaseCAToken] Failed to encrypt auto
>> activation
>> pin, using non-ecnrypted instead:
>>      [java] java.security.InvalidKeyException: Illegal key size
>>      [java]     at javax.crypto.Cipher.a(DashoA13*..)
>>      [java]     at javax.crypto.Cipher.init(DashoA13*..)
>>      [java]     at javax.crypto.Cipher.init(DashoA13*..)
>>      [java]     at
>> org.ejbca.util.StringTools.pbeEncryptStringWithSha256Aes192(StringTools.java:366)
>>      [java]     at
>> org.ejbca.core.model.ca.catoken.BaseCAToken.setAutoActivatePin(BaseCAToken.java:207)
>>      [java]     at
>> org.ejbca.core.model.ca.catoken.SoftCAToken.init(SoftCAToken.java:95)
>>      [java]     at
>> org.ejbca.core.model.ca.catoken.CATokenContainerImpl.getCAToken(CATokenContainerImpl.java:451)
>>
>>
>> what do u think the problem? thanks for ur help.
>>
>> note: i ignored luna for this try,just edited passwords in the
>> ejbca.prooperties and mysql lines in database.properties
>>
>>
>>
>>
>>
>> Johan Eklund wrote:
>>   
>>> Hi pryan00,
>>>
>>> Great to hear that you are trying out EJBCA!
>>>
>>> If you never have installed EJBCA before I recommend that you try a 
>>> simple setup without the HSM first to avoid complicating thing more than 
>>> necessary. http://www.ejbca.org/manual.html#Quick%20start%20guide is 
>>> usually a good starting point for this.
>>>
>>> Basically:
>>> Edit conf/ejbca.properties (the default values are usually good enough 
>>> for testing) and conf/database.properties (uncomment/edit lines related 
>>> to MySQL if you prefer this database or skip the database.properties to 
>>> use the default Hypersonic database).
>>> Run "ant clean" and "ant bootstrap"
>>> Start JBoss in another console
>>> Run "ant install" (ignore error about not beeing able to remove old 
>>> CA-certs from truststore, this is perfectly ok)
>>> Stop JBoss
>>> Run "ant deploy"
>>> Start JBoss again
>>> Import the p12/superadmin.p12 to your favorite browser and go to 
>>> http://localhost:8080/ejbca
>>>
>>> If you change any properties later:
>>> Run "ant clean" and "ant deploy" to pick up the changes.
>>> (you can however not change things like the database after install)
>>>
>>> You can find how to use Luna HSM at 
>>> http://www.ejbca.org/manual.html#SafeNet%20Luna%20SA%20HSM
>>>
>>> Hope this helps,
>>> Johan
>>>
>>> pryan00 skrev:
>>>     
>>>> Hi,
>>>> I am a newbie and i have some problems with 3.5.2.these problems are:
>>>>
>>>> 1.) i am reading installation guides but they mention about only
>>>> editting
>>>> ejbca.properties,(i think becouse the guides are old)  must we edit the
>>>> other .properties.files?for ex. database.properties? or must we just
>>>> add
>>>> lines to ejbca.properties file? (like mysql.driver=blabla
>>>> mysql.username=whatever)
>>>>
>>>> 2.) i will try to use luna hsm as catoken.what change must i do and in
>>>> which
>>>> properties files?
>>>>
>>>> 3.) the user guide says that edit the row in ejbca.properties
>>>> "hsm.luna=X",
>>>> what must i write in these line ip of lunahsm or luna hsm name or
>>>> partition? 
>>>>
>>>>
>>>>   
>>>>       
>>> -------------------------------------------------------------------------
>>> Check out the new SourceForge.net Marketplace.
>>> It's the best place to buy or sell services for
>>> just about anything Open Source.
>>> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>>
>>>     
>>
>>   
> 
> 
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
> http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 

-- 
View this message in context: http://www.nabble.com/EJBCA-3.5.2-released-tp13664043p14730292.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.