When we try to see the end entity of a network element, it is present and its corresponding node certificate is also in a valid state. But when we try to fetch that information, it shows that the end entiy is not present in ejbca. Is there any specific scenario which happens and any WA to resolve this? This issue is observed in case of revoke.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
We are using CMPv2 enrollment. Version of ejbca is 4.0.6. The usecase here is revokation of the certificate.
We could see that the certificate is not revoked and endentity is also generated. But when we try to revoke the certificate it says, entity does not exist. Following is the reference from ejbca log.
2016-10-31 13:43:07,676 DEBUG [org.hibernate.loader.Loader] (httpSSLWorkerThread-8180-0) loading entity: [org.ejbca.core.ejb.ra.UserData#MIXED]
2016-10-31 13:43:07,676 DEBUG [org.hibernate.jdbc.AbstractBatcher] (httpSSLWorkerThread-8180-0) about to open PreparedStatement (open PreparedStatements: 0, globally: 0)
2016-10-31 13:43:07,676 DEBUG [org.hibernate.jdbc.ConnectionManager] (httpSSLWorkerThread-8180-0) opening JDBC connection
2016-10-31 13:43:07,677 DEBUG [org.hibernate.SQL] (httpSSLWorkerThread-8180-0) select userdata0_.username as username19_0_, userdata0_.cAId as cAId19_0_, userdata0_.cardNumber as cardNumber19_0_, userdata0_.certificateProfileId as certific4_19_0_, userdata0_.clearPassword as clearPas5_19_0_, userdata0_.endEntityProfileId as endEntit6_19_0_, userdata0_.extendedInformationData as extended7_19_0_, userdata0_.hardTokenIssuerId as hardToke8_19_0_, userdata0_.keyStorePassword as keyStore9_19_0_, userdata0_.passwordHash as passwor10_19_0_, userdata0_.rowProtection as rowProt11_19_0_, userdata0_.rowVersion as rowVersion19_0_, userdata0_.status as status19_0_, userdata0_.subjectAltName as subject14_19_0_, userdata0_.subjectDN as subjectDN19_0_, userdata0_.subjectEmail as subject16_19_0_, userdata0_.subjectUniqueId as subject17_19_0_, userdata0_.timeCreated as timeCre18_19_0_, userdata0_.timeModified as timeMod19_19_0_, userdata0_.tokenType as tokenType19_0_, userdata0_.type as type19_0_ from UserData userdata0_ where userdata0_.username=?
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.AbstractBatcher] (httpSSLWorkerThread-8180-0) about to open ResultSet (open ResultSets: 0, globally: 0)
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.AbstractBatcher] (httpSSLWorkerThread-8180-0) about to close ResultSet (open ResultSets: 1, globally: 1)
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.AbstractBatcher] (httpSSLWorkerThread-8180-0) about to close PreparedStatement (open PreparedStatements: 1, globally: 1)
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.ConnectionManager] (httpSSLWorkerThread-8180-0) aggressively releasing JDBC connection
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.ConnectionManager] (httpSSLWorkerThread-8180-0) releasing JDBC connection [ (open PreparedStatements: 0, globally: 0) (open ResultSets: 0, globally: 0)]
2016-10-31 13:43:07,678 DEBUG [org.hibernate.engine.StatefulPersistenceContext] (httpSSLWorkerThread-8180-0) initializing non-lazy collections
2016-10-31 13:43:07,678 DEBUG [org.hibernate.loader.Loader] (httpSSLWorkerThread-8180-0) done entity load 2016-10-31 13:43:07,678 DEBUG [org.ejbca.core.ejb.ra.UserAdminSessionBean] (httpSSLWorkerThread-8180-0) Cannot find user with username='MIXED'
2016-10-31 13:43:07,678 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] (httpSSLWorkerThread-8180-0) processing flush-time cascades
2016-10-31 13:43:07,678 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] (httpSSLWorkerThread-8180-0) dirty checking collections
2016-10-31 13:43:07,678 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] (httpSSLWorkerThread-8180-0) Flushed: 0 insertions, 0 updates, 0 deletions to 2 objects
Could you please help with this? Images are attached for the certificate status and end entity of that network element when verified through ejbca gui.
Hi,
EJBCA 4.0.6 is 5 years old. There is soo much that has improved and changed. CMP is a lot improved during these 5 years for example.
The current latest Community version is 6.3.1.1. https://www.ejbca.org/
Regards,
Tomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
When we try to see the end entity of a network element, it is present and its corresponding node certificate is also in a valid state. But when we try to fetch that information, it shows that the end entiy is not present in ejbca. Is there any specific scenario which happens and any WA to resolve this? This issue is observed in case of revoke.
You have tyo provide more details on what you are doing. Are you using CMPv2 for example? What version of EJBCA etc etc.
Cheers,
Tomas
We are using CMPv2 enrollment. Version of ejbca is 4.0.6. The usecase here is revokation of the certificate.
We could see that the certificate is not revoked and endentity is also generated. But when we try to revoke the certificate it says, entity does not exist. Following is the reference from ejbca log.
2016-10-31 13:43:07,676 DEBUG [org.hibernate.loader.Loader] (httpSSLWorkerThread-8180-0) loading entity: [org.ejbca.core.ejb.ra.UserData#MIXED]
2016-10-31 13:43:07,676 DEBUG [org.hibernate.jdbc.AbstractBatcher] (httpSSLWorkerThread-8180-0) about to open PreparedStatement (open PreparedStatements: 0, globally: 0)
2016-10-31 13:43:07,676 DEBUG [org.hibernate.jdbc.ConnectionManager] (httpSSLWorkerThread-8180-0) opening JDBC connection
2016-10-31 13:43:07,677 DEBUG [org.hibernate.SQL] (httpSSLWorkerThread-8180-0) select userdata0_.username as username19_0_, userdata0_.cAId as cAId19_0_, userdata0_.cardNumber as cardNumber19_0_, userdata0_.certificateProfileId as certific4_19_0_, userdata0_.clearPassword as clearPas5_19_0_, userdata0_.endEntityProfileId as endEntit6_19_0_, userdata0_.extendedInformationData as extended7_19_0_, userdata0_.hardTokenIssuerId as hardToke8_19_0_, userdata0_.keyStorePassword as keyStore9_19_0_, userdata0_.passwordHash as passwor10_19_0_, userdata0_.rowProtection as rowProt11_19_0_, userdata0_.rowVersion as rowVersion19_0_, userdata0_.status as status19_0_, userdata0_.subjectAltName as subject14_19_0_, userdata0_.subjectDN as subjectDN19_0_, userdata0_.subjectEmail as subject16_19_0_, userdata0_.subjectUniqueId as subject17_19_0_, userdata0_.timeCreated as timeCre18_19_0_, userdata0_.timeModified as timeMod19_19_0_, userdata0_.tokenType as tokenType19_0_, userdata0_.type as type19_0_ from UserData userdata0_ where userdata0_.username=?
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.AbstractBatcher] (httpSSLWorkerThread-8180-0) about to open ResultSet (open ResultSets: 0, globally: 0)
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.AbstractBatcher] (httpSSLWorkerThread-8180-0) about to close ResultSet (open ResultSets: 1, globally: 1)
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.AbstractBatcher] (httpSSLWorkerThread-8180-0) about to close PreparedStatement (open PreparedStatements: 1, globally: 1)
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.ConnectionManager] (httpSSLWorkerThread-8180-0) aggressively releasing JDBC connection
2016-10-31 13:43:07,677 DEBUG [org.hibernate.jdbc.ConnectionManager] (httpSSLWorkerThread-8180-0) releasing JDBC connection [ (open PreparedStatements: 0, globally: 0) (open ResultSets: 0, globally: 0)]
2016-10-31 13:43:07,678 DEBUG [org.hibernate.engine.StatefulPersistenceContext] (httpSSLWorkerThread-8180-0) initializing non-lazy collections
2016-10-31 13:43:07,678 DEBUG [org.hibernate.loader.Loader] (httpSSLWorkerThread-8180-0) done entity load
2016-10-31 13:43:07,678 DEBUG [org.ejbca.core.ejb.ra.UserAdminSessionBean] (httpSSLWorkerThread-8180-0) Cannot find user with username='MIXED'
2016-10-31 13:43:07,678 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] (httpSSLWorkerThread-8180-0) processing flush-time cascades
2016-10-31 13:43:07,678 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] (httpSSLWorkerThread-8180-0) dirty checking collections
2016-10-31 13:43:07,678 DEBUG [org.hibernate.event.def.AbstractFlushingEventListener] (httpSSLWorkerThread-8180-0) Flushed: 0 insertions, 0 updates, 0 deletions to 2 objects
Could you please help with this? Images are attached for the certificate status and end entity of that network element when verified through ejbca gui.
Last edit: anusha 2016-11-01
HI thomas,
Please let me know if you need any further inputs.
BR,
Anusha
Hi,
EJBCA 4.0.6 is 5 years old. There is soo much that has improved and changed. CMP is a lot improved during these 5 years for example.
The current latest Community version is 6.3.1.1.
https://www.ejbca.org/
Regards,
Tomas