Hi Every Body
i enabled Log Signing using TSA In JBoss according to following instruction found in ejbca website: http://wiki.ejbca.org/logsigning#toc5
note that i copied some other jar file from lib/ to jboss.home/server/default/lib due to dependency problems solve.
this work perfectly on ejbca installed as CA, but on ejbca installed as VA, after ant jbosslogsigning something strange happened! this breaks VA with following Error in jboss:
ERROR [SigningEntityContainer] No valid keys. Key directory /opt/jboss/bin/keys. No P11 defined.
log signing works perfectly(Rotates and Signs file correctly) but VA breaks and can not response OCSP requests with following Log:
INFO [OCSPServletBase] Received OCSP request for certificate with serNo: 1474e75b8bcdaa68, and issuerNameHash: 8fb5a155ea28aebd71311009da2c2065f59b447f. Client ip 192.168.50.3.
INFO [OCSPServletBase] Adding status information (good) for certificate with serial '1474e75b8bcdaa68' from issuer 'CN=RootCA1'.
ERROR [OCSPServletBase] Error processing OCSP request. Message: .
java.lang.NullPointerException
at org.ejbca.core.protocol.ocsp.OCSPData.getCaid(OCSPData.java:65)
at org.ejbca.core.protocol.ocsp.standalonesession.StandAloneSession.extendedService(StandAloneSession.java:312)
at org.ejbca.ui.web.protocol.OCSPServletStandAlone.extendedService(OCSPServletStandAlone.java:126)
at org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:196)
at org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:826)
at org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:345)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:679)
my appender configuration for log signing in jboss-log4j.xml is:
<appendername="MY"class="org.ejbca.appserver.jboss.SigningDailyRollingFileAppender"><errorHandlerclass="org.jboss.logging.util.OnlyOnceErrorHandler"/><paramname="File"value="/opt/jboss/log/my.log"/><paramname="Append"value="false"/><paramname="SignMethod"value="tsa"/><paramname="TsaUrl"value="http://192.168.50.6:8080/signserver/tsa?signerId=1"/><!-- Rollover at the top of each hour --><paramname="DatePattern"value="'.'yyyy-MM-dd-HH"/><layoutclass="org.apache.log4j.PatternLayout"><paramname="ConversionPattern"value="%d %-5p [%c] %m%n"/></layout>
</appender>
my development environment is: ejbca 4.0.12 on Jboss 5.1.0.GA on Opensuse.
any one has deployed log signing using TSA on VA successfully?
any help is appreciated in advance.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
As far as I know log-signing isn't supported by the VA.
Cheers
Anders
tech support
On 2013-03-02 07:34, E-Sharifi wrote:
Hi Every Body
i enabled Log Signing using TSA In JBoss according to following instruction found in ejbca website: http://wiki.ejbca.org/logsigning#toc5
note that i copied some other jar file from lib/ to jboss.home/server/default/lib due to dependency problems solve.
this work perfectly on ejbca installed as CA, but on ejbca installed as VA, after ant jbosslogsigning something strange happened! this breaks VA with following Error in jboss:
ERROR [SigningEntityContainer] No valid keys. Key directory /opt/jboss/bin/keys. No P11 defined.
log signing works perfectly(Rotates and Signs file correctly) but VA breaks and can not response OCSP requests with following Log:
INFO [OCSPServletBase] Received OCSP request for certificate with serNo: 1474e75b8bcdaa68, and issuerNameHash: 8fb5a155ea28aebd71311009da2c2065f59b447f. Client ip 192.168.50.3.
INFO [OCSPServletBase] Adding status information (good) for certificate with serial '1474e75b8bcdaa68' from issuer 'CN=RootCA1'.
ERROR [OCSPServletBase] Error processing OCSP request. Message: .
java.lang.NullPointerException
at org.ejbca.core.protocol.ocsp.OCSPData.getCaid(OCSPData.java:65)
at org.ejbca.core.protocol.ocsp.standalonesession.StandAloneSession.extendedService(StandAloneSession.java:312)
at org.ejbca.ui.web.protocol.OCSPServletStandAlone.extendedService(OCSPServletStandAlone.java:126)
at org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:196)
at org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:826)
at org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:345)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:679)
my appender configuration for log signing in jboss-log4j.xml is:
Hi Every Body
i enabled Log Signing using TSA In JBoss according to following instruction found in ejbca website:
http://wiki.ejbca.org/logsigning#toc5
note that i copied some other jar file from lib/ to jboss.home/server/default/lib due to dependency problems solve.
this work perfectly on ejbca installed as CA, but on ejbca installed as VA, after ant jbosslogsigning something strange happened! this breaks VA with following Error in jboss:
ERROR [SigningEntityContainer] No valid keys. Key directory /opt/jboss/bin/keys. No P11 defined.
log signing works perfectly(Rotates and Signs file correctly) but VA breaks and can not response OCSP requests with following Log:
INFO [OCSPServletBase] Received OCSP request for certificate with serNo: 1474e75b8bcdaa68, and issuerNameHash: 8fb5a155ea28aebd71311009da2c2065f59b447f. Client ip 192.168.50.3.
INFO [OCSPServletBase] Adding status information (good) for certificate with serial '1474e75b8bcdaa68' from issuer 'CN=RootCA1'.
ERROR [OCSPServletBase] Error processing OCSP request. Message: .
java.lang.NullPointerException
at org.ejbca.core.protocol.ocsp.OCSPData.getCaid(OCSPData.java:65)
at org.ejbca.core.protocol.ocsp.standalonesession.StandAloneSession.extendedService(StandAloneSession.java:312)
at org.ejbca.ui.web.protocol.OCSPServletStandAlone.extendedService(OCSPServletStandAlone.java:126)
at org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:196)
at org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:826)
at org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:345)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Thread.java:679)
my appender configuration for log signing in jboss-log4j.xml is:
</appender>
my development environment is: ejbca 4.0.12 on Jboss 5.1.0.GA on Opensuse.
any one has deployed log signing using TSA on VA successfully?
any help is appreciated in advance.
Hi,
As far as I know log-signing isn't supported by the VA.
Cheers
Anders
tech support
On 2013-03-02 07:34, E-Sharifi wrote:
Thanks for your Rapid Answer.
So what can i do now for signing Logs in VA? what is the best solution in your Idea?
Thanks in Advance
Last edit: E-Sharifi 2013-03-02
You have to o some testing. Remove your extra jars from server/default/lib.
If the VA works fine then, you have some class collissions that you do not want.