Menu
▾
▴
Re: [Ejbca-develop] Problem with install - No p12/tomcat.jks created!
|
From: Johan E. <ejb...@pr...> - 2008-11-21 08:56:54
|
Yes! That's probably it! The default end entity profile only has one of
each field-type..
You could either patch
EJBCA_HOME/src/org.ejbca.core.model.ra.raadmin.EndEntityProfile around
line 250 with
if(emptyprofile){
Set keySet = dataConstants.keySet();
Iterator iter = keySet.iterator();
while (iter.hasNext()) {
String key = (String)iter.next();
if (key.equals(SENDNOTIFICATION) ||
key.equals(DnComponents.OTHERNAME)
|| key.equals(DnComponents.X400ADDRESS) ||
key.equals(DnComponents.EDIPARTNAME) ||
key.equals(DnComponents.REGISTEREDID)) {
continue;
} else {
addField(key);
setValue(key,0,"");
setRequired(key,0,false);
setUse(key,0,true);
setModifyable(key,0,true);
}
}
// New code
addField(DnComponents.DOMAINCOMPONENT);
setValue(DnComponents.DOMAINCOMPONENT,1,"");
setRequired(DnComponents.DOMAINCOMPONENT,1,false);
setUse(DnComponents.DOMAINCOMPONENT,1,true);
setModifyable(DnComponents.DOMAINCOMPONENT,1,true);
// End new code
setRequired(USERNAME,0,true);
setRequired(PASSWORD,0,true);
setRequired(DnComponents.COMMONNAME,0,true);
or install with a simpler DN and then replace the initial AminCA with
one that is adapted to your needs (using profiles of your choosing).
It might be resonable to add another DC field to the default profile,
since I have a hard time imagining anyone using a single DC-field..
anyone else with an opinion about this?
/J
Brian Topping skrev:
> Hmm, I think I found something here. This was running with HSQL (no
> tomcat.jks here either):
>
>
>> [echo] setup setdefaultbaseurl localhost ejbca
>> [echo] ra adduser tomcat serverpwd "cn=dev,ou=servers,dc=home-
>> account,dc=com" "null" AdminCA1 null 1 JKS SERVER
>> [java] Using certificate profile: SERVER, with id: 9
>> [java] Trying to add user:
>> [java] Username: tomcat
>> [java] Password (hashed only): serverpwd
>> [java] DN: cn=dev,ou=servers,dc=home-account,dc=com
>> [java] CA Name: AdminCA1
>> [java] SubjectAltName: null
>> [java] Email: null
>> [java] Type: 1
>> [java] Token: JKS
>> [java] Certificate profile: 9
>> [java] End entity profile: 1
>> [java] Error : Given userdata doesn't fullfill end entity
>> profile. : Wrong number of DOMAINCOMPONENT fields in Subject DN.
>> [echo] ra setclearpwd tomcat serverpwd
>> [java] Setting clear text password serverpwd for user tomcat
>> [java] javax.ejb.ObjectNotFoundException: No such entity!
>> [java] Java Result: 255
>>
>
> Note the "Error : Given userdata doesn't fullfill end entity
> profile. : Wrong number of DOMAINCOMPONENT fields in Subject DN.". I
> guess it doesn't like our root DN. Am I misunderstanding what that
> should be set to? Should I just be leaving it as default?
>
> Thanks! :-)
>
> On Nov 20, 2008, at 1:05 AM, Johan Eklund wrote:
>
>
>> Really strange.. I will try this myself with Postgres.. In the
>> meantime, could you try with the default hypersonic to rule out any
>> other possible cause.
>>
>> (Resetting the Hypersonic database in JBoss can be done by deleting
>> JBOSS_HOME/server/default/data/hypersonic/*)
>>
>> /J
>>
>> Brian Topping skrev:
>>
>>> Hi Johan, thank you for the kind welcome! I'm really looking
>>> forward to using the product!
>>>
>>> I also neglected to tell you versions:
>>>
>>> * EJBCA 3.7.4 from source
>>> * JBoss 4.2.3
>>> * Java 1.6.0 1.6.0_06-b02 x86_64
>>> * PostgreSQL 8.1.11
>>> * PostgreSQL Native Driver PostgreSQL 8.3 JDBC3 with SSL (build 603)
>>>
>>> The only changes that I have to the configurations are the
>>> following files:
>>>
>>>
>>>
>>>> [jboss@dev conf]$ diff database.properties.sample
>>>> database.properties
>>>> 5c5
>>>> < #datasource.jndi-name=EjbcaDS
>>>> ---
>>>>
>>>>
>>>>> datasource.jndi-name=EjbcaDS
>>>>>
>>>>>
>>>> 12c12
>>>> < #datasource.jndi-name-prefix=java:/
>>>> ---
>>>>
>>>>
>>>>> datasource.jndi-name-prefix=java:/
>>>>>
>>>>>
>>>> 28c28
>>>> < #database.name=postgres
>>>> ---
>>>>
>>>>
>>>>> database.name=postgres
>>>>>
>>>>>
>>>> 44c44
>>>> < #datasource.mapping=PostgreSQL 8.0
>>>> ---
>>>>
>>>>
>>>>> datasource.mapping=PostgreSQL 8.0
>>>>>
>>>>>
>>>> 60c60
>>>> < #database.url=jdbc:postgresql://127.0.0.1/ejbca
>>>> ---
>>>>
>>>>
>>>>> database.url=jdbc:postgresql://127.0.0.1/ejbca
>>>>>
>>>>>
>>>> 72c72
>>>> < #database.driver=org.postgresql.Driver
>>>> ---
>>>>
>>>>
>>>>> database.driver=org.postgresql.Driver
>>>>>
>>>>>
>>>> 82c82
>>>> < #database.username=ejbca
>>>> ---
>>>>
>>>>
>>>>> database.username=ejbca
>>>>>
>>>>>
>>>> 87c87
>>>> < #database.password=ejbca
>>>> ---
>>>>
>>>>
>>>>> database.password=xxxxx
>>>>>
>>>>>
>>>
>>>> [jboss@dev conf]$ diff ejbca.properties.sample ejbca.properties
>>>> 18c18
>>>> < #appserver.home=/home/jboss/jboss-4.2.2.GA
>>>> ---
>>>>
>>>>
>>>>> appserver.home=/home/jboss/jboss-4.2.3.GA
>>>>>
>>>>>
>>>> 94c94
>>>> < ca.keystorepass=foo123
>>>> ---
>>>>
>>>>
>>>>> ca.keystorepass=xxxxxx
>>>>>
>>>>>
>>>> 100c100
>>>> < ca.ocspkeystorepass=foo123
>>>> ---
>>>>
>>>>
>>>>> ca.ocspkeystorepass=xxxxxx
>>>>>
>>>>>
>>>> 105c105
>>>> < ca.xkmskeystorepass=foo123
>>>> ---
>>>>
>>>>
>>>>> ca.xkmskeystorepass=xxxxxx
>>>>>
>>>>>
>>>> 109c109
>>>> < ca.cmskeystorepass=foo123
>>>> ---
>>>>
>>>>
>>>>> ca.cmskeystorepass=xxxxxx
>>>>>
>>>>>
>>> Everything else is the same. I can see the tables getting
>>> generated just fine, as I presume you expect from the lack of any
>>> other exceptions.
>>>
>>> I did not change any other configs, and the results that I gave
>>> you were from freshly unpacked sources and JBoss directly from
>>> the respective source archives (I know it seems like I was able to
>>> respond quickly, but it's because I've rebuilt clean from
>>> distribution about five times today to make sure I wasn't doing
>>> something too obvious before asking for help! :-)
>>>
>>> Thanks!
>>>
>>> On Nov 19, 2008, at 11:45 PM, Johan Eklund wrote:
>>>
>>>
>>>
>>>> Btw.. welcome to the community.. kind of forgot to say that.. =)
>>>>
>>>> Ok. It seems like some kind of logging or database issue..
>>>>
>>>> 1. What database are you using?
>>>> 2. Could you try using the default log-config and reinstall from
>>>> scratch (e.g. empty database, ant bootstrap etc..)? This way we
>>>> know if it's a misconfigured log-property or something else..
>>>>
>>>> /Johan
>>>>
>>>>
>>>> Brian Topping skrev:
>>>>
>>>>
>>>>> Dear Johan,
>>>>>
>>>>> Thank you for your response... Here's what I have. No
>>>>> exceptions, but now I am noticing some errors. Might these be
>>>>> relevant?
>>>>>
>>>>> Group A is from the end of the console output of JBoss after
>>>>> 'ant bootstrap'. I copied and pasted everything from the first
>>>>> error for context. There are a few WS errors in there, but I
>>>>> cannot tell if they are relevant:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> 22:54:11,665 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/
>>>>>> ejbcaws, warUrl=.../tmp/deploy/tmp29240ejbca.ear-contents/
>>>>>> ejbcaws- exp.war/
>>>>>> 22:54:11,785 ERROR [STDERR] Nov 19, 2008 10:54:11 PM
>>>>>> com.sun.xml.ws.transport.http.servlet.WSServletContextListener
>>>>>> contextInitialized
>>>>>> INFO: WSSERVLET12: JAX-WS context listener initializing
>>>>>> 22:54:11,944 ERROR [STDERR] Nov 19, 2008 10:54:11 PM
>>>>>> com
>>>>>> .sun.xml.ws.transport.http.servlet.RuntimeEndpointInfoParser
>>>>>> processWsdlLocation
>>>>>> INFO: wsdl cannot be found from DD or annotation. Will generate
>>>>>> and publish a new WSDL for SEI endpoints.
>>>>>> 22:54:12,995 ERROR [STDERR] Nov 19, 2008 10:54:12 PM
>>>>>> com.sun.xml.ws.transport.http.servlet.WSServletDelegate init
>>>>>> INFO: WSSERVLET14: JAX-WS servlet initializing
>>>>>> 22:54:13,032 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/
>>>>>> publicweb/ healthcheck, warUrl=.../tmp/deploy/tmp29240ejbca.ear-
>>>>>> contents/ healthcheck-exp.war/
>>>>>> 22:54:13,122 INFO [TomcatDeployer] deploy, ctxPath=/ejbca,
>>>>>> warUrl=.../tmp/deploy/tmp29240ejbca.ear-contents/publicweb-
>>>>>> exp.war/
>>>>>> 22:54:13,293 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/
>>>>>> publicweb/ apply, warUrl=.../tmp/deploy/tmp29240ejbca.ear-
>>>>>> contents/ scep-exp.war/
>>>>>> 22:54:13,351 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/
>>>>>> publicweb/ status, warUrl=.../tmp/deploy/tmp29240ejbca.ear-
>>>>>> contents/status- exp.war/
>>>>>> 22:54:13,679 INFO [OCSPServletBase] ExtensionOid not defined
>>>>>> in initialization parameters.
>>>>>> 22:54:13,679 INFO [OCSPServletBase] ExtensionClass not defined
>>>>>> in initialization parameters.
>>>>>> 22:54:13,696 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/
>>>>>> publicweb/ webdist, warUrl=.../tmp/deploy/tmp29240ejbca.ear-
>>>>>> contents/webdist- exp.war/
>>>>>> 22:54:13,770 INFO [TomcatDeployer] deploy, ctxPath=/ejbca/
>>>>>> xkms, warUrl=.../tmp/deploy/tmp29240ejbca.ear-contents/xkms-
>>>>>> exp.war/
>>>>>> 22:54:13,966 ERROR [STDERR] Nov 19, 2008 10:54:13 PM
>>>>>> com.sun.xml.ws.transport.http.servlet.WSServletContextListener
>>>>>> contextInitialized
>>>>>> INFO: WSSERVLET12: JAX-WS context listener initializing
>>>>>> 22:54:14,823 ERROR [STDERR] Nov 19, 2008 10:54:14 PM
>>>>>> com
>>>>>> .sun.xml.ws.transport.http.servlet.RuntimeEndpointInfoParser
>>>>>> processWsdlLocation
>>>>>> INFO: wsdl cannot be found from DD or annotation. Will generate
>>>>>> and publish a new WSDL for SEI endpoints.
>>>>>> 22:54:14,855 ERROR [STDERR] Nov 19, 2008 10:54:14 PM
>>>>>> com.sun.xml.ws.transport.http.servlet.WSServletDelegate init
>>>>>> INFO: WSSERVLET14: JAX-WS servlet initializing
>>>>>> 22:54:14,879 INFO [EARDeployer] Started J2EE application:
>>>>>> file:/ home/jboss/jboss-4.2.3.GA/server/default/deploy/ejbca.ear
>>>>>> 22:54:14,973 INFO [Http11Protocol] Starting Coyote HTTP/1.1
>>>>>> on http-127.0.0.1-8080
>>>>>> 22:54:15,031 INFO [AjpProtocol] Starting Coyote AJP/1.3 on
>>>>>> ajp-127.0.0.1-8009
>>>>>> 22:54:15,050 INFO [Server] JBoss (MX MicroKernel) [4.2.3.GA
>>>>>> (build: SVNTag=JBoss_4_2_3_GA date=200807181439)] Started in
>>>>>> 39s: 474ms
>>>>>>
>>>>>>
>>>>>>
>>>>> Group B is from the server log during this same launch. I found
>>>>> an exception that wasn't in the console log:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> 2008-11-19 22:54:11,289 DEBUG
>>>>>> [org.ejbca.core.ejb.log.LogSessionSession] Can't find log
>>>>>> configuration during load (caid=0), trying to create new:
>>>>>> javax.ejb.ObjectNotFoundException: No such entity!
>>>>>> at
>>>>>> org
>>>>>> .jboss
>>>>>> .ejb
>>>>>> .plugins
>>>>>> .cmp
>>>>>> .jdbc.JDBCFindEntityCommand.execute(JDBCFindEntityCommand.java:
>>>>>> 64)
>>>>>> at
>>>>>> org
>>>>>> .jboss
>>>>>> .ejb
>>>>>> .plugins
>>>>>> .cmp.jdbc.JDBCStoreManager.findEntity(JDBCStoreManager.java: 604)
>>>>>> at
>>>>>> org
>>>>>> .jboss
>>>>>> .ejb
>>>>>> .plugins
>>>>>> .CMPPersistenceManager.findEntity(CMPPersistenceManager.java:
>>>>>> 315)
>>>>>> .....
>>>>>> at
>>>>>> org
>>>>>> .jboss
>>>>>> .ejb.plugins.local.LocalHomeProxy.invoke(LocalHomeProxy.java:
>>>>>> 133)
>>>>>> at $Proxy116.findByPrimaryKey(Unknown Source)
>>>>>> at
>>>>>> org
>>>>>> .ejbca
>>>>>> .core
>>>>>> .ejb
>>>>>> .log
>>>>>> .LocalLogSessionBean
>>>>>> .loadLogConfiguration(LocalLogSessionBean.java: 540)
>>>>>> at
>>>>>> org
>>>>>> .ejbca
>>>>>> .core
>>>>>> .ejb
>>>>>> .log
>>>>>> .LocalLogSessionBean.doSyncronizedLog(LocalLogSessionBean.java:
>>>>>> 463)
>>>>>>
>>>>>>
>>>>>>
>>>>> If the web services error is unimportant, than so far so good.
>>>>>
>>>>> During the 'ant install', there were no errors to the console of
>>>>> ant. JBoss had this error on the console:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> 23:06:26,572 ERROR [Log4jLogDevice] November 19, 2008 11:06:26
>>>>>> PM PST, CAId : -1688117755, RA, EVENT_ERROR_ADDEDENDENTITY,
>>>>>> Administrator : RACMDLINE, User : tomcat, Certificate : No
>>>>>> certificate involved, Comment : Userdata did not fullfill end
>>>>>> entity profile EMPTY, dn 'CN=dev,OU=servers,DC=home-
>>>>>> account,DC=com: Wrong number of DOMAINCOMPONENT fields in
>>>>>> Subject DN..
>>>>>>
>>>>>>
>>>>>>
>>>>> From server.log:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> 2008-11-19 23:06:09,242 DEBUG
>>>>>> [org.ejbca.core.ejb.log.LogSessionSession] Can't find log
>>>>>> configuration during load (caid=-1688117755), trying to create
>>>>>> new:
>>>>>> javax.ejb.ObjectNotFoundException: No such entity!
>>>>>> at
>>>>>> org
>>>>>> .jboss
>>>>>> .ejb
>>>>>> .plugins
>>>>>> .cmp
>>>>>> .jdbc.JDBCFindEntityCommand.execute(JDBCFindEntityCommand.java:
>>>>>> 64)
>>>>>> at
>>>>>> org
>>>>>> .jboss
>>>>>> .ejb
>>>>>> .plugins
>>>>>> .cmp.jdbc.JDBCStoreManager.findEntity(JDBCStoreManager.java: 604)
>>>>>> at
>>>>>> org
>>>>>> .jboss
>>>>>> .ejb
>>>>>> .plugins
>>>>>> .CMPPersistenceManager.findEntity(CMPPersistenceManager.java:
>>>>>> 315)
>>>>>>
>>>>>>
>>>>>>
>>>>> But that's all!
>>>>>
>>>>> Does this uncover anything at all?
>>>>>
>>>>> Thank you so kindly for looking at all this!
>>>>>
>>>>> Brian
>>>>>
>>>>> On Nov 19, 2008, at 10:42 PM, Johan Eklund wrote:
>>>>>
>>>>>
>>>>>
>>>>>
>>>>>> Hi Brian,
>>>>>>
>>>>>> Do you see any errors or Exceptions
>>>>>> 1. during "ant install"?
>>>>>> 2. in the JBoss log (JBOSS_HOME/server/default/log/server.log)
>>>>>> when you start JBoss after "ant bootstrap"?
>>>>>> 3. in the JBoss log during the install?
>>>>>>
>>>>>> Best Regards,
>>>>>> Johan
>>>>>>
>>>>>> Brian Topping skrev:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> Greetings!
>>>>>>>
>>>>>>> I'm a first-time EJBCA user, and am very eager to start using
>>>>>>> the tool. But having an install problem, 'ant install' is
>>>>>>> not creating a p12/tomcat.jks file, and in the process,
>>>>>>> deploy cannot properly set up the web container.
>>>>>>>
>>>>>>> I've followed the steps meticulously a number of times and
>>>>>>> no exceptions were generated.
>>>>>>>
>>>>>>> Searching the sources, the only references to 'tomcat.jks'
>>>>>>> are found in bin/jboss.xml, so it seems to make sense why
>>>>>>> the build is failing (the file is does not seem to be
>>>>>>> generated).
>>>>>>>
>>>>>>> Can anyone provide information?
>>>>>>>
>>>>>>> Thanks kindly,
>>>>>>>
>>>>>>> Brian
>>>>>>>
>>>>>>> -------------------------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by the Moblin Your Move
>>>>>>> Developer's challenge
>>>>>>> Build the coolest Linux based applications with Moblin SDK &
>>>>>>> win great prizes
>>>>>>> Grand prize is a trip for two to an Open Source event anywhere
>>>>>>> in the world
>>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>>>>> _______________________________________________
>>>>>>> Ejbca-develop mailing list
>>>>>>> Ejb...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> PrimeKey Solutions offers a commercial EJBCA support
>>>>>> subscription and training for EJBCA. Please see
>>>>>> www.primekey.se or contact in...@pr... for more
>>>>>> information. http://download.primekey.se/documents/ejbca_subscription.pdf
>>>>>> http://download.primekey.se/documents/ejbca_training.pdf
>>>>>>
>>>>>>
>>>>>> -------------------------------------------------------------------------
>>>>>> This SF.Net email is sponsored by the Moblin Your Move
>>>>>> Developer's challenge
>>>>>> Build the coolest Linux based applications with Moblin SDK &
>>>>>> win great prizes
>>>>>> Grand prize is a trip for two to an Open Source event anywhere
>>>>>> in the world
>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
>>>>>> Ejbca-develop mailing list
>>>>>> Ejb...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>
>>>>>>
>>>>>>
>>>>> -------------------------------------------------------------------------
>>>>> This SF.Net email is sponsored by the Moblin Your Move
>>>>> Developer's challenge
>>>>> Build the coolest Linux based applications with Moblin SDK & win
>>>>> great prizes
>>>>> Grand prize is a trip for two to an Open Source event anywhere
>>>>> in the world
>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>>> _______________________________________________
>>>>> Ejbca-develop mailing list
>>>>> Ejb...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>
>>>>>
>>>>>
>>>> --
>>>> PrimeKey Solutions offers a commercial EJBCA support subscription
>>>> and training for EJBCA. Please see www.primekey.se or contact in...@pr...
>>>> for more information. http://download.primekey.se/documents/ejbca_subscription.pdf
>>>> http://download.primekey.se/documents/ejbca_training.pdf
>>>>
>>>>
>>>> -------------------------------------------------------------------------
>>>> This SF.Net email is sponsored by the Moblin Your Move
>>>> Developer's challenge
>>>> Build the coolest Linux based applications with Moblin SDK & win
>>>> great prizes
>>>> Grand prize is a trip for two to an Open Source event anywhere in
>>>> the world
>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
>>>> Ejbca-develop mailing list
>>>> Ejb...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>
>>>>
>>> -------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>>> challenge
>>> Build the coolest Linux based applications with Moblin SDK & win
>>> great prizes
>>> Grand prize is a trip for two to an Open Source event anywhere in
>>> the world
>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>>
>> --
>> PrimeKey Solutions offers a commercial EJBCA support subscription
>> and training for EJBCA. Please see www.primekey.se or contact in...@pr...
>> for more information. http://download.primekey.se/documents/ejbca_subscription.pdf
>> http://download.primekey.se/documents/ejbca_training.pdf
>>
>>
>> -------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>> challenge
>> Build the coolest Linux based applications with Moblin SDK & win
>> great prizes
>> Grand prize is a trip for two to an Open Source event anywhere in
>> the world
>> http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
--
PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact in...@pr... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf
|