I am currently want to set the EJBCA installation to use SCEP in External-RA mode. I actually have succeeded in configuring and running the SCEP. I have also tested it using iOS device (iTouch).
The problem comes when I wanted to create new user in the CA automatically. I have set the "createOrEditUser" property to true and set the password accordingly. However, every-time I made a request, the server will only return "user xxx does not exist". Is there something wrong with my configuration? Or there is other steps that are required to make it working?
Below is my scep.properties configuration file contents:
#####
# Configuration file for default values for the stand-alone SCEP RA Server
# Configure as you please, but all values must be set to something.
#
# Default values (that you enter here) is built into the application and deployed
# as default values.
#
# 'datasource.jndi-name-prefix' (see conf/database.properties.sample) and 'appserver.home'
# (see conf/ejbca.properties.sample) also has to be configured.
#####
# Allow dynamic re-configuration.
#
# By setting this property to true, you can also dynamically re-configure
# the RA by changing values in properties files in the file system.
#
# You can put a scep.properties file in your "app server runtime home"/conf directory
# to override these values. To find out which this directory is, it is logged during startup as for example:
# [ExtraConfiguration] Added file to configuration source: /opt/jboss-4.2.2.GA/bin/conf/scep.properties
# This file is re-read if changes so changes can be made in runtime.
#
# You can put a /etc/ejbca/conf/extra/scep.properties file to override these values.
# This file is re-read if changes so changes can be made in runtime.
#
# Finally you can override anything by setting system properties for your appserver, for example:
# java -Dscep.ra.authpwd=mysecret
allow.external-dynamic.configuration=false
# Path to RA keystore. Should be a full pathname.
scep.ra.keyStorePath.1=D\:/Certificates/extra01.p12
# Password to the RA keystore configured above
scep.ra.keyStorePassword.1=12345678
# Advanced users: In theory it is possible to have several SCEP RAs configured with different keystores.
# In that case add more keystores with .2 etc. And configure new Servlets and mappings in src/WEB-INF/web.xml
# with these keystoreNumber.
# Set to another value than none if the Scep RA should require
# a specific password in the SCEP request.
# This should be used with createOrEditUser=true and will in this case be a set password
# required in the SCEP Request message. If this password is correct, the request will be automatically granted.
#
# Leave as 'none' to not require any password, i.e. allow anything.
# If createOrEditUser=false this will require the user to be pre-registered and the password in the request will
# be used to authenticate this user with the pre-registered password.
#
# If createOrEdit=false and authPwd=none you can also use Approvals in EJBCA to require an administrator to
# approve the request in the CA Admin-GUI before a certificate is issued.
scep.ra.authPwd=12345678
# Defines if a request to the RA will create a new user,
# or edit an existing in EJBCA. If false users must be
# pre-registered in EJBCA with a pwd.
scep.ra.createOrEditUser=true
# The Certificate profile used to register new SCEP users, if createOrEditUser=true.
scep.ra.certificateProfile=iOS Cert. Profile
# The End entity profile used to register new SCEP users, if createOrEditUser=true.
scep.ra.entityProfile=iOS Entity Profile
# The default CA used to register new SCEP users, if createOrEditUser=true.
scep.ra.defaultCA=HandraCA
# Mapping a CAs issuer DN (as from the Admin-GUI->Edit CAs), which will be
# received from the client to a CA name.
# This is used to find a CA from the request. If no CA can be found with a mapping, the defaultCA is used.
# You can create several mappings for different CAs like this.
# Note that all =, : or whitespace must be escaped with a \. See example below.
CN\=HandraCA,O\=Securemetric,C\=MY
# Database connection information. The right JDBC driver has to be installed manually in the application server.
# SQL dialect and driver class name is derived from the JDBC URL.
scep.ra.datasource.jdbc-url=jdbc:mysql://127.0.0.1/messages
scep.ra.datasource.username=root
scep.ra.datasource.password=
Thanks in advance.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-07-15
Hi,
I'm not sn expert on this combination but can you verify from the EJBCA log that you indeed get the output the following lines presume?
if (submessage.createOrEditUser()) {
// If we did not provide a password, set a default one
if (StringUtils.isEmpty(password)) {
log.debug("Empty password received, createOrEditUser=true so setting default password.");
password = "foo123";
}
UserDataVO userdata = generateUserDataVO(admin, submessage);
userdata.setPassword(password);
log.info("Creating/editing user: "+userdata.getUsername()+", with dn: "+userdata.getDN());
// See if the user already exists, if it exists and have status NEW or INPROCESS we will not try to change it
// This way we can use approvals. When a request first comes in, it is put for approval. When it is approved,
// we will not try to change it again, because it is ready to be processed
storeUserData(admin, userdata,false,UserDataConstants.STATUS_INPROCESS );
}
I get the impression that you need to approve requests created this way. Otherwise there would be no authentication whatsoever of the requester.
Thanks for your response. I checked the log file and cannot find that kind of message logged in my server log. This is strange since I have already set the property to true.
I actually want to test manual approval for add/edit user. That's why I need to be able to create a new user through scep for my concept to be proven.
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-07-15
Note that you must redeploy using ANT when changing properties.
This is the part of the log I captured for this strange behaviour:
2012-07-15 10:29:47,064 INFO [org.ejbca.core.model.log.Log4jLogDevice] (http-0.0.0.0-8080-4) 2012-07-15 10:29:47+08:00, CAId : 0, CA, EVENT_INFO_USERAUTHENTICATION, Administrator : PUBLICWEBUSER : IP Address : 0:0:0:0:0:0:0:1, User : Test, Certificate : No certificate involved, Comment : Got request for nonexisting user: Test.
2012-07-15 10:29:47,080 ERROR [org.ejbca.core.ejb.ca.sign.RSASignSessionBean] (http-0.0.0.0-8080-4) User not found:
javax.ejb.ObjectNotFoundException: Could not find username Test
at org.ejbca.core.ejb.ca.auth.AuthenticationSessionBean.authenticateUser(AuthenticationSessionBean.java:77)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_26999190.invoke(InvocationContextInterceptor_z_fillMethod_26999190.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_26999190.invoke(InvocationContextInterceptor_z_setup_26999190.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:194)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at $Proxy399.authenticateUser(Unknown Source)
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.authUser(RSASignSessionBean.java:658)
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:286)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_26999190.invoke(InvocationContextInterceptor_z_fillMethod_26999190.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_26999190.invoke(InvocationContextInterceptor_z_setup_26999190.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at $Proxy501.createCertificate(Unknown Source)
at org.ejbca.ui.web.protocol.ScepPkiOpHelper.scepCertRequest(ScepPkiOpHelper.java:73)
at org.ejbca.ui.web.protocol.ScepServlet.service(ScepServlet.java:186)
at org.ejbca.ui.web.protocol.ScepServlet.doGet(ScepServlet.java:158)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
at java.lang.Thread.run(Unknown Source)
Hope it can make you have clearer understanding about my error.
Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-07-15
Hum, this line look suspicious:
at org.ejbca.ui.web.protocol.ScepServlet.service(ScepServlet.java:186)
It looks like you are actually invoking the built-in SCEP rather than the External RA SCEP.
Hi all,
I am currently want to set the EJBCA installation to use SCEP in External-RA mode. I actually have succeeded in configuring and running the SCEP. I have also tested it using iOS device (iTouch).
The problem comes when I wanted to create new user in the CA automatically. I have set the "createOrEditUser" property to true and set the password accordingly. However, every-time I made a request, the server will only return "user xxx does not exist". Is there something wrong with my configuration? Or there is other steps that are required to make it working?
Below is my scep.properties configuration file contents:
Thanks in advance.
Hi,
I'm not sn expert on this combination but can you verify from the EJBCA log that you indeed get the output the following lines presume?
if (submessage.createOrEditUser()) {
// If we did not provide a password, set a default one
if (StringUtils.isEmpty(password)) {
log.debug("Empty password received, createOrEditUser=true so setting default password.");
password = "foo123";
}
UserDataVO userdata = generateUserDataVO(admin, submessage);
userdata.setPassword(password);
log.info("Creating/editing user: "+userdata.getUsername()+", with dn: "+userdata.getDN());
// See if the user already exists, if it exists and have status NEW or INPROCESS we will not try to change it
// This way we can use approvals. When a request first comes in, it is put for approval. When it is approved,
// we will not try to change it again, because it is ready to be processed
storeUserData(admin, userdata,false,UserDataConstants.STATUS_INPROCESS );
}
I get the impression that you need to approve requests created this way. Otherwise there would be no authentication whatsoever of the requester.
Anders
PrimeKey Tech support
--
PrimeKey Solutions offers commercial EJBCA and SignServer support
subscriptions and training courses. Please see www.primekey.se or
contact info@primekey.se for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/
Hi,
Thanks for your response. I checked the log file and cannot find that kind of message logged in my server log. This is strange since I have already set the property to true.
I actually want to test manual approval for add/edit user. That's why I need to be able to create a new user through scep for my concept to be proven.
Thanks
Note that you must redeploy using ANT when changing properties.
Anders
PrimeKey Tech support
--
PrimeKey Solutions offers commercial EJBCA and SignServer support
subscriptions and training courses. Please see www.primekey.se or
contact info@primekey.se for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training
Yes, I have redeploy it after changing the configuration. Based on the documentation, I used the following command to redeploy the ejbca:
Thanks
FYI,
This is the part of the log I captured for this strange behaviour:
2012-07-15 10:29:47,064 INFO [org.ejbca.core.model.log.Log4jLogDevice] (http-0.0.0.0-8080-4) 2012-07-15 10:29:47+08:00, CAId : 0, CA, EVENT_INFO_USERAUTHENTICATION, Administrator : PUBLICWEBUSER : IP Address : 0:0:0:0:0:0:0:1, User : Test, Certificate : No certificate involved, Comment : Got request for nonexisting user: Test. 2012-07-15 10:29:47,080 ERROR [org.ejbca.core.ejb.ca.sign.RSASignSessionBean] (http-0.0.0.0-8080-4) User not found: javax.ejb.ObjectNotFoundException: Could not find username Test at org.ejbca.core.ejb.ca.auth.AuthenticationSessionBean.authenticateUser(AuthenticationSessionBean.java:77) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69) at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73) at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72) at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_26999190.invoke(InvocationContextInterceptor_z_fillMethod_26999190.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88) at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_26999190.invoke(InvocationContextInterceptor_z_setup_26999190.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.tx.TxPolicy.invokeInCallerTx(TxPolicy.java:126) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:194) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176) at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164) at $Proxy399.authenticateUser(Unknown Source) at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.authUser(RSASignSessionBean.java:658) at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:286) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69) at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73) at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72) at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_26999190.invoke(InvocationContextInterceptor_z_fillMethod_26999190.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88) at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_26999190.invoke(InvocationContextInterceptor_z_setup_26999190.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176) at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164) at $Proxy501.createCertificate(Unknown Source) at org.ejbca.ui.web.protocol.ScepPkiOpHelper.scepCertRequest(ScepPkiOpHelper.java:73) at org.ejbca.ui.web.protocol.ScepServlet.service(ScepServlet.java:186) at org.ejbca.ui.web.protocol.ScepServlet.doGet(ScepServlet.java:158) at javax.servlet.http.HttpServlet.service(HttpServlet.java:617) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Unknown Source)Hope it can make you have clearer understanding about my error.
Thanks
Hum, this line look suspicious:
at org.ejbca.ui.web.protocol.ScepServlet.service(ScepServlet.java:186)
It looks like you are actually invoking the built-in SCEP rather than the External RA SCEP.
Anders
PrimeKey Tech support
--
PrimeKey Solutions offers commercial EJBCA and SignServer support
subscriptions and training courses. Please see www.primekey.se or
contact info@primekey.se for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training
Hi Anders,
You are correct. I changed the URL to the external-ra scep one. It now works fine. My big and silly mistake.
Thanks for your help. Cheers….