Menu
▾
▴
ejbca-develop — Development discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(3) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(3) |
Feb
(2) |
Mar
(8) |
Apr
(3) |
May
(6) |
Jun
(1) |
Jul
(15) |
Aug
(6) |
Sep
|
Oct
(10) |
Nov
(2) |
Dec
(4) |
| 2003 |
Jan
(1) |
Feb
(7) |
Mar
(3) |
Apr
(6) |
May
(7) |
Jun
(5) |
Jul
(5) |
Aug
(25) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
(2) |
| 2004 |
Jan
(7) |
Feb
(4) |
Mar
(12) |
Apr
(16) |
May
(43) |
Jun
(56) |
Jul
(43) |
Aug
(40) |
Sep
(66) |
Oct
(12) |
Nov
(26) |
Dec
(10) |
| 2005 |
Jan
(13) |
Feb
(33) |
Mar
(16) |
Apr
(7) |
May
(10) |
Jun
(34) |
Jul
(41) |
Aug
(8) |
Sep
(4) |
Oct
(32) |
Nov
(20) |
Dec
(25) |
| 2006 |
Jan
(30) |
Feb
(101) |
Mar
(5) |
Apr
(75) |
May
(74) |
Jun
(22) |
Jul
(6) |
Aug
(70) |
Sep
(19) |
Oct
(21) |
Nov
(31) |
Dec
(50) |
| 2007 |
Jan
(15) |
Feb
(20) |
Mar
(24) |
Apr
(33) |
May
(13) |
Jun
(18) |
Jul
(13) |
Aug
(7) |
Sep
(63) |
Oct
(68) |
Nov
(29) |
Dec
(68) |
| 2008 |
Jan
(30) |
Feb
(33) |
Mar
(30) |
Apr
(103) |
May
(78) |
Jun
(48) |
Jul
(72) |
Aug
(24) |
Sep
(62) |
Oct
(63) |
Nov
(70) |
Dec
(37) |
| 2009 |
Jan
(34) |
Feb
(35) |
Mar
(64) |
Apr
(34) |
May
(34) |
Jun
(58) |
Jul
(30) |
Aug
(30) |
Sep
(46) |
Oct
(52) |
Nov
(12) |
Dec
(23) |
| 2010 |
Jan
(121) |
Feb
(18) |
Mar
(53) |
Apr
(62) |
May
(62) |
Jun
(20) |
Jul
(33) |
Aug
(20) |
Sep
(36) |
Oct
(35) |
Nov
(44) |
Dec
(63) |
| 2011 |
Jan
(19) |
Feb
(32) |
Mar
(94) |
Apr
(41) |
May
(47) |
Jun
(25) |
Jul
(34) |
Aug
(20) |
Sep
(9) |
Oct
(41) |
Nov
(33) |
Dec
(24) |
| 2012 |
Jan
(12) |
Feb
(36) |
Mar
(48) |
Apr
(32) |
May
(20) |
Jun
(15) |
Jul
(32) |
Aug
(13) |
Sep
(33) |
Oct
(54) |
Nov
(25) |
Dec
(16) |
| 2013 |
Jan
(45) |
Feb
(39) |
Mar
(38) |
Apr
(50) |
May
(29) |
Jun
(30) |
Jul
(33) |
Aug
(12) |
Sep
(9) |
Oct
(25) |
Nov
(29) |
Dec
(20) |
| 2014 |
Jan
(25) |
Feb
(19) |
Mar
(16) |
Apr
(33) |
May
(27) |
Jun
(37) |
Jul
(29) |
Aug
(27) |
Sep
(37) |
Oct
(58) |
Nov
(109) |
Dec
(26) |
| 2015 |
Jan
(4) |
Feb
(35) |
Mar
(22) |
Apr
(35) |
May
(28) |
Jun
(20) |
Jul
(4) |
Aug
(16) |
Sep
(37) |
Oct
(13) |
Nov
(13) |
Dec
(14) |
| 2016 |
Jan
(22) |
Feb
(7) |
Mar
(23) |
Apr
(30) |
May
(10) |
Jun
(10) |
Jul
(15) |
Aug
(12) |
Sep
(22) |
Oct
(31) |
Nov
(5) |
Dec
(5) |
| 2017 |
Jan
(30) |
Feb
(25) |
Mar
(28) |
Apr
(4) |
May
(19) |
Jun
(13) |
Jul
(7) |
Aug
(1) |
Sep
(2) |
Oct
(5) |
Nov
(12) |
Dec
(2) |
| 2018 |
Jan
(7) |
Feb
|
Mar
(7) |
Apr
(2) |
May
(8) |
Jun
(18) |
Jul
(6) |
Aug
(3) |
Sep
(15) |
Oct
(33) |
Nov
(13) |
Dec
(7) |
| 2019 |
Jan
(5) |
Feb
(7) |
Mar
(30) |
Apr
(5) |
May
(4) |
Jun
(69) |
Jul
(86) |
Aug
(22) |
Sep
(6) |
Oct
(7) |
Nov
(5) |
Dec
(3) |
| 2020 |
Jan
(10) |
Feb
(12) |
Mar
(22) |
Apr
(5) |
May
(1) |
Jun
(4) |
Jul
(6) |
Aug
|
Sep
(9) |
Oct
|
Nov
|
Dec
(1) |
| 2021 |
Jan
(4) |
Feb
(11) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(3) |
Jul
(10) |
Aug
(6) |
Sep
|
Oct
|
Nov
(18) |
Dec
(2) |
| 2022 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Ivan R <iva...@gm...> - 2016-05-10 06:56:45
|
Hi Thomas, Thanks for the reply it cleared things up quite a bit. I have a few more questions regarding debugging and database installation.Would the proper way to ask be to ask in a reply such as this one or is it better to ask in a separate mail? Regards, Ivan On Mon, May 9, 2016 at 5:30 PM, Tomas Gustavsson <to...@pr...> wrote: > > Hi Ivan, > > This is a great place to ask. Parsing an end entity profile XML is a bit > tricky unfortunately, but others have proven it can be done :-) > > The XML is a direct representation of the internal format, so no human > readable formatting done. > > This part from the javadoc should help you. Unless you use Java, then > you can simply load the XML into an EndEntity class that you can find in > EJBCA. > > > ----- > * The algorithm for constants in the EndEntityProfile is: > * Values are stored as 100*parameternumber+parameter, so the first > COMMONNAME value is 105, the second 205 etc. > * Use flags are stored as 10000+100*parameternumber+parameter, so the > first USE_COMMONNAME value is 10105, the second 10205 etc. > * Required flags are stored as 20000+100*parameternumber+parameter, so > the first REQUIRED_COMMONNAME value is 20105, the second 20205 etc. > * Modifyable flags are stored as 30000+100*parameternumber+parameter, > so the first MODIFYABLE_COMMONNAME value is 30105, the second 30205 etc. > * > * Parsing an exported End Entity Profile XML: > * In the EndEntityProfile XML there is for example a field > SUBJECTDNFIELDORDER which contains the defined DN components. > * The algorithm is: > * 100*parameter + size > * > * So for example if SUBJECTDNFIELDORDER contains the two values "500, > 1100" this means there is one CN and one OU. > * Numbers are defined in src/java/profilemappings.properties and CN=5 > and OU=11, so 100*5+0 = 500 and 100*11+0 = 1100. > * If there would be two OU fields there would also be one 1101 > (100*11+1) in the SUBJECTDNFIELDORDER. > * > * You can see if the first CN field is required by finding a key in the > XML with the formula: > * 20000+100*0+5 = 20005 > * if the value of this key is true, the first CN field is required and > not optional. > * etc, for the second CN field (if there was a second one in > SUBJECTDNFIELDORDER) it would be 20000+100*1+5. > ----- > > Regards, > Tomas > ----- > Save time and money with an Enterprise support subscription. Please see > www.primekey.se for more information. > https://www.primekey.se/technologies/products-overview/ > https://www.primekey.se/service-support/support/ > > On 2016-05-09 09:10, Ivan R wrote: > > Hi, > > I get an end entity profile xml using the WSs and want to parse it in > > order to create a similar form to the one on the site elsewhere. I've > > looked around however I couldn't find documentation on how to do that. > > Any useful links or tips? > > > > Sorry if this isn't the place to ask and thanks in advance. > > > > Best Regards, > > Ivan > > > > > > > ------------------------------------------------------------------------------ > > Find and fix application performance issues faster with Applications > Manager > > Applications Manager provides deep performance insights into multiple > tiers of > > your business applications. It resolves application problems quickly and > > reduces your MTTR. Get your free trial! > > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications > Manager > Applications Manager provides deep performance insights into multiple > tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Tomas G. <to...@pr...> - 2016-05-09 14:30:26
|
Hi Ivan, This is a great place to ask. Parsing an end entity profile XML is a bit tricky unfortunately, but others have proven it can be done :-) The XML is a direct representation of the internal format, so no human readable formatting done. This part from the javadoc should help you. Unless you use Java, then you can simply load the XML into an EndEntity class that you can find in EJBCA. ----- * The algorithm for constants in the EndEntityProfile is: * Values are stored as 100*parameternumber+parameter, so the first COMMONNAME value is 105, the second 205 etc. * Use flags are stored as 10000+100*parameternumber+parameter, so the first USE_COMMONNAME value is 10105, the second 10205 etc. * Required flags are stored as 20000+100*parameternumber+parameter, so the first REQUIRED_COMMONNAME value is 20105, the second 20205 etc. * Modifyable flags are stored as 30000+100*parameternumber+parameter, so the first MODIFYABLE_COMMONNAME value is 30105, the second 30205 etc. * * Parsing an exported End Entity Profile XML: * In the EndEntityProfile XML there is for example a field SUBJECTDNFIELDORDER which contains the defined DN components. * The algorithm is: * 100*parameter + size * * So for example if SUBJECTDNFIELDORDER contains the two values "500, 1100" this means there is one CN and one OU. * Numbers are defined in src/java/profilemappings.properties and CN=5 and OU=11, so 100*5+0 = 500 and 100*11+0 = 1100. * If there would be two OU fields there would also be one 1101 (100*11+1) in the SUBJECTDNFIELDORDER. * * You can see if the first CN field is required by finding a key in the XML with the formula: * 20000+100*0+5 = 20005 * if the value of this key is true, the first CN field is required and not optional. * etc, for the second CN field (if there was a second one in SUBJECTDNFIELDORDER) it would be 20000+100*1+5. ----- Regards, Tomas ----- Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. https://www.primekey.se/technologies/products-overview/ https://www.primekey.se/service-support/support/ On 2016-05-09 09:10, Ivan R wrote: > Hi, > I get an end entity profile xml using the WSs and want to parse it in > order to create a similar form to the one on the site elsewhere. I've > looked around however I couldn't find documentation on how to do that. > Any useful links or tips? > > Sorry if this isn't the place to ask and thanks in advance. > > Best Regards, > Ivan > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Ivan R <iva...@gm...> - 2016-05-09 07:10:31
|
Hi, I get an end entity profile xml using the WSs and want to parse it in order to create a similar form to the one on the site elsewhere. I've looked around however I couldn't find documentation on how to do that. Any useful links or tips? Sorry if this isn't the place to ask and thanks in advance. Best Regards, Ivan |
|
From: Maurício G. P. <mau...@ho...> - 2016-04-27 19:51:56
|
I found the solution it was described on userguide: "Note that application for certificates only work when the status of a user is NEW, FAILED or INPROCESS (one time password thing). The status is set to GENERATED after a certificate has been issued. To issue a new certificate, the status must be reset to NEW, which can be done through the Admin GUI or the CLI." Kind regards,Mauricio Giacomini Penteado From: mau...@ho... To: ejb...@li... Date: Wed, 27 Apr 2016 19:28:10 +0000 Subject: Re: [Ejbca-develop] Enroll certificates doubts Dear friends Reading the installation doc I understood that if I want enroll more than one superadmin certificate I must just enroll it other time with the correct username and password that other superadmin certificate will be generated. But trying it I receive an error: Wrong user status! To generate a certificate for a user the user must have status New, Failed or In process. To me this process just works once how can I do it more than one time? Kind regards,Maurício Giacomini Penteado From: mau...@ho... To: ejb...@li... Date: Sun, 24 Apr 2016 23:12:35 +0000 Subject: Re: [Ejbca-develop] Enroll certificates doubts I get success to my first question runing the enroll in IE. It should be cause activex components that this code process. Kind regards,Maurício Giacomini Penteado From: mau...@ho... To: ejb...@li... Date: Fri, 22 Apr 2016 23:31:04 +0000 Subject: [Ejbca-develop] Enroll certificates doubts Dear friends I am trying put the initial superadmin certificate on a smartcard. I read in installation document that just putting the instruction "superadmin.batch=false" in web.properties works. But doing it I just got a superadmin certificate as a software security device. Somebody knows and can help me about how can I get enroll the initial superadmin certificate directly in smartcard device? Other thing I am having difficulty is that I understood reading the installation doc that if I want enroll other superadmin certificate with "superadmin.batch=false" is just enroll other time with the correct username and password that another superadmin certificate will be generated but trying I receive an error: Wrong user status! To generate a certificate for a user the user must have status New, Failed or In process. To me this process just works once how can I do it more than one time? Kind regards,Maurício Giacomini Penteado ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Maurício G. P. <mau...@ho...> - 2016-04-27 19:28:19
|
Dear friends Reading the installation doc I understood that if I want enroll more than one superadmin certificate I must just enroll it other time with the correct username and password that other superadmin certificate will be generated. But trying it I receive an error: Wrong user status! To generate a certificate for a user the user must have status New, Failed or In process. To me this process just works once how can I do it more than one time? Kind regards,Maurício Giacomini Penteado From: mau...@ho... To: ejb...@li... Date: Sun, 24 Apr 2016 23:12:35 +0000 Subject: Re: [Ejbca-develop] Enroll certificates doubts I get success to my first question runing the enroll in IE. It should be cause activex components that this code process. Kind regards,Maurício Giacomini Penteado From: mau...@ho... To: ejb...@li... Date: Fri, 22 Apr 2016 23:31:04 +0000 Subject: [Ejbca-develop] Enroll certificates doubts Dear friends I am trying put the initial superadmin certificate on a smartcard. I read in installation document that just putting the instruction "superadmin.batch=false" in web.properties works. But doing it I just got a superadmin certificate as a software security device. Somebody knows and can help me about how can I get enroll the initial superadmin certificate directly in smartcard device? Other thing I am having difficulty is that I understood reading the installation doc that if I want enroll other superadmin certificate with "superadmin.batch=false" is just enroll other time with the correct username and password that another superadmin certificate will be generated but trying I receive an error: Wrong user status! To generate a certificate for a user the user must have status New, Failed or In process. To me this process just works once how can I do it more than one time? Kind regards,Maurício Giacomini Penteado ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Tomas G. <to...@pr...> - 2016-04-27 07:14:00
|
Hi, You should follow the troubleshooting guide at. https://www.ejbca.org/docs/adminguide.html#Troubleshooting Probably your deployment didn't work and you may have a database configuration problem for example. Regards, Tomas On 2016-04-26 15:28, udaykumar patil wrote: > > > Hi Sir/Madam, > > i'm trying to install EJBCA6 and while "ant install " i'm > getting below error. > Could you please help me > > > ejbca:init: > [echo] > [echo] ------------------- CA Properties ---------------- > [echo] ca.name <http://ca.name> : ManagementCA > [echo] ca.dn : CN=ManagementCA,O=EJBCA Sample,C=SE > [echo] ca.tokentype : soft > [echo] ca.keytype : RSA > [echo] ca.keyspec : 2048 > [echo] ca.signaturealgorithm : SHA256WithRSA > [echo] ca.validity : 3650 > [echo] ca.policy : null > [echo] ca.tokenproperties : ${ca.tokenproperties} > [echo] httpsserver.hostname : localhost > [echo] httpsserver.dn : CN=localhost,O=EJBCA Sample,C=SE > [echo] superadmin.cn <http://superadmin.cn> : SuperAdmin > [echo] superadmin.dn : CN=SuperAdmin > [echo] superadmin.batch : true > [echo] appserver.home : /opt/jboss-as-7.1.1.Final > [echo] > > ejbca:install: > > ejbca:initCA: > [echo] Initializing CA with 'ManagementCA' 'CN=ManagementCA,O=EJBCA > Sample,C=SE' 'soft' <ca.tokenpassword hidden> '2048' 'RSA' '3650' 'null' > 'SHA256WithRSA' -superadmincn 'SuperAdmin'... > [java] Error: CA 'ManagementCA' exists already > > BUILD FAILED > /opt/ejbca_ce_6_3_1_1/build.xml:64: The following error occurred while > executing this line: > /opt/ejbca_ce_6_3_1_1/build.xml:70: The following error occurred while > executing this line: > /opt/ejbca_ce_6_3_1_1/bin/cli.xml:94: The following error occurred while > executing this line: > /opt/ejbca_ce_6_3_1_1/bin/cli.xml:112: The following error occurred > while executing this line: > /opt/ejbca_ce_6_3_1_1/bin/cli.xml:186: Java returned: 1 > > Total time: 1 minute 20 seconds > [root@vSAM194-206 ejbca_ce_6_3_1_1]# > > > -- > Thanks & Regards > Uday > 9901764003 > > > > -- > Thanks & Regards > Uday > 9901764003 |
|
From: Florent Le S. <f.l...@ke...> - 2016-04-26 17:03:08
|
Hi Andras, Of course, I have no doubt about that. My point was just to make sure I understood correctly his point , and to try to summarize all the steps between pressing on the button in EJBCA and getting a private key. I fully agree that entropy also depends on the Java Runtime implementation. I just have to verify that in my case I use /dev/random, and then if I need, there is plenty of methods to improve the entropy pool. Thanks for your answers, Florent. Le 26/04/2016 18:43, Andreas Kuehne a écrit : > Hi Florent, > > for sure Tomas knows how the ejbca is implemented. But to be sure to > have a good source of entropy for your keys watch out for several > pitfalls: > > - different Java runtime may or may not use /dev/random > - /dev/random has it problems on virtual platforms > - the OS itself may affect the quality of the random source > > If you are reaching out to do serious stuff please consider mixing > several sources of randomness. > > Greetings, > > Andreas >> Hi Tomas, >> >> Thank you for your answer. >> >> I'm not planning to use HSM, so it will be done via EJBCA directly. >> >> So if I understand correctly, the underlying method used by EJBCA to >> generate private key is via the Java class java.util.Random and the >> class java.security.SecureRandom. >> => The key are generated by the method createCryptoToken from the class >> CryptoTokenManagementSessionBean which uses SecureRandom() >> At the end OpenJDK SecureRandom implementation uses /dev/random. >> So the overall entropy is the entropy of /dev/random. >> >> Are those statements correct ? >> >> Thanks, >> Florent. >> >> >> >> Le 26/04/2016 12:33, Tomas Gustavsson a écrit : >>> Hi, >>> >>> If you use an HSM CA key generation is performed in the HSM. >>> >>> As for other randomness you can search for Java Random or SecureRandom. >>> >>> Java random is good, and in general uses the OS random source where needed. >>> >>> Regards, >>> Tomas >>> >>> On 2016-04-25 17:49, Florent Le Saout wrote: >>>> Hi, >>>> >>>> I'm looking for the method used by EJBCA to generate the private keys in >>>> general (CA, Sub-Ca, certificates...). >>>> >>>> _So I have multiple questions, which at the end are all related to the >>>> same thing:_ >>>> >>>> * Is the generation process all done in EJBCA application ? >>>> * Or do they rely on Java EE-based application server random number >>>> generation (in my case Jboss) ? >>>> * Is there a link somewhere with the locally implemented random number >>>> generation, so for instance on Linux /dev/random ? >>>> * What is the level of entropy, and is there some guaranty about a >>>> minimum value, and could we improve it by taking some action while >>>> it's generating a key ? >>>> >>>> >>>> I looked in the documentation and didn't find any informations about >>>> that, but maybe I missed it. >>>> >>>> Thanks for your help, >>>> Florent. >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Find and fix application performance issues faster with Applications Manager >>>> Applications Manager provides deep performance insights into multiple tiers of >>>> your business applications. It resolves application problems quickly and >>>> reduces your MTTR. Get your free trial! >>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejb...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>> ------------------------------------------------------------------------------ >>> Find and fix application performance issues faster with Applications Manager >>> Applications Manager provides deep performance insights into multiple tiers of >>> your business applications. It resolves application problems quickly and >>> reduces your MTTR. Get your free trial! >>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> >> ------------------------------------------------------------------------------ >> Find and fix application performance issues faster with Applications Manager >> Applications Manager provides deep performance insights into multiple tiers of >> your business applications. It resolves application problems quickly and >> reduces your MTTR. Get your free trial! >> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > -- > Andreas Kühne > phone: +49 177 293 24 97 > mailto: ku...@tr... > > Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 > > Director Andreas Kühne > > Company UK Company No: 5218868 Registered in England and Wales > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- *Florent LE SAOUT* R&D department Embedded Software Developer AUSY contractor for KERLINK |
|
From: Andreas K. <ku...@tr...> - 2016-04-26 16:44:47
|
Hi Florent, for sure Tomas knows how the ejbca is implemented. But to be sure to have a good source of entropy for your keys watch out for several pitfalls: - different Java runtime may or may not use /dev/random - /dev/random has it problems on virtual platforms - the OS itself may affect the quality of the random source If you are reaching out to do serious stuff please consider mixing several sources of randomness. Greetings, Andreas > Hi Tomas, > > Thank you for your answer. > > I'm not planning to use HSM, so it will be done via EJBCA directly. > > So if I understand correctly, the underlying method used by EJBCA to > generate private key is via the Java class java.util.Random and the > class java.security.SecureRandom. > => The key are generated by the method createCryptoToken from the class > CryptoTokenManagementSessionBean which uses SecureRandom() > At the end OpenJDK SecureRandom implementation uses /dev/random. > So the overall entropy is the entropy of /dev/random. > > Are those statements correct ? > > Thanks, > Florent. > > > > Le 26/04/2016 12:33, Tomas Gustavsson a écrit : >> Hi, >> >> If you use an HSM CA key generation is performed in the HSM. >> >> As for other randomness you can search for Java Random or SecureRandom. >> >> Java random is good, and in general uses the OS random source where needed. >> >> Regards, >> Tomas >> >> On 2016-04-25 17:49, Florent Le Saout wrote: >>> Hi, >>> >>> I'm looking for the method used by EJBCA to generate the private keys in >>> general (CA, Sub-Ca, certificates...). >>> >>> _So I have multiple questions, which at the end are all related to the >>> same thing:_ >>> >>> * Is the generation process all done in EJBCA application ? >>> * Or do they rely on Java EE-based application server random number >>> generation (in my case Jboss) ? >>> * Is there a link somewhere with the locally implemented random number >>> generation, so for instance on Linux /dev/random ? >>> * What is the level of entropy, and is there some guaranty about a >>> minimum value, and could we improve it by taking some action while >>> it's generating a key ? >>> >>> >>> I looked in the documentation and didn't find any informations about >>> that, but maybe I missed it. >>> >>> Thanks for your help, >>> Florent. >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Find and fix application performance issues faster with Applications Manager >>> Applications Manager provides deep performance insights into multiple tiers of >>> your business applications. It resolves application problems quickly and >>> reduces your MTTR. Get your free trial! >>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >>> >>> >>> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> ------------------------------------------------------------------------------ >> Find and fix application performance issues faster with Applications Manager >> Applications Manager provides deep performance insights into multiple tiers of >> your business applications. It resolves application problems quickly and >> reduces your MTTR. Get your free trial! >> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales |
|
From: Florent Le S. <f.l...@ke...> - 2016-04-26 15:57:22
|
Hi Tomas, Thank you for your answer. I'm not planning to use HSM, so it will be done via EJBCA directly. So if I understand correctly, the underlying method used by EJBCA to generate private key is via the Java class java.util.Random and the class java.security.SecureRandom. => The key are generated by the method createCryptoToken from the class CryptoTokenManagementSessionBean which uses SecureRandom() At the end OpenJDK SecureRandom implementation uses /dev/random. So the overall entropy is the entropy of /dev/random. Are those statements correct ? Thanks, Florent. Le 26/04/2016 12:33, Tomas Gustavsson a écrit : > Hi, > > If you use an HSM CA key generation is performed in the HSM. > > As for other randomness you can search for Java Random or SecureRandom. > > Java random is good, and in general uses the OS random source where needed. > > Regards, > Tomas > > On 2016-04-25 17:49, Florent Le Saout wrote: >> Hi, >> >> I'm looking for the method used by EJBCA to generate the private keys in >> general (CA, Sub-Ca, certificates...). >> >> _So I have multiple questions, which at the end are all related to the >> same thing:_ >> >> * Is the generation process all done in EJBCA application ? >> * Or do they rely on Java EE-based application server random number >> generation (in my case Jboss) ? >> * Is there a link somewhere with the locally implemented random number >> generation, so for instance on Linux /dev/random ? >> * What is the level of entropy, and is there some guaranty about a >> minimum value, and could we improve it by taking some action while >> it's generating a key ? >> >> >> I looked in the documentation and didn't find any informations about >> that, but maybe I missed it. >> >> Thanks for your help, >> Florent. >> >> >> >> ------------------------------------------------------------------------------ >> Find and fix application performance issues faster with Applications Manager >> Applications Manager provides deep performance insights into multiple tiers of >> your business applications. It resolves application problems quickly and >> reduces your MTTR. Get your free trial! >> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- *Florent LE SAOUT* R&D department Embedded Software Developer AUSY contractor for KERLINK |
|
From: Tomas G. <to...@pr...> - 2016-04-26 10:33:43
|
Hi, If you use an HSM CA key generation is performed in the HSM. As for other randomness you can search for Java Random or SecureRandom. Java random is good, and in general uses the OS random source where needed. Regards, Tomas On 2016-04-25 17:49, Florent Le Saout wrote: > Hi, > > I'm looking for the method used by EJBCA to generate the private keys in > general (CA, Sub-Ca, certificates...). > > _So I have multiple questions, which at the end are all related to the > same thing:_ > > * Is the generation process all done in EJBCA application ? > * Or do they rely on Java EE-based application server random number > generation (in my case Jboss) ? > * Is there a link somewhere with the locally implemented random number > generation, so for instance on Linux /dev/random ? > * What is the level of entropy, and is there some guaranty about a > minimum value, and could we improve it by taking some action while > it's generating a key ? > > > I looked in the documentation and didn't find any informations about > that, but maybe I missed it. > > Thanks for your help, > Florent. > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Florent Le S. <f.l...@ke...> - 2016-04-25 16:05:14
|
Hi,
I'm looking for the method used by EJBCA to generate the private keys in
general (CA, Sub-Ca, certificates...).
_So I have multiple questions, which at the end are all related to the
same thing:_
* Is the generation process all done in EJBCA application ?
* Or do they rely on Java EE-based application server random number
generation (in my case Jboss) ?
* Is there a link somewhere with the locally implemented random number
generation, so for instance on Linux /dev/random ?
* What is the level of entropy, and is there some guaranty about a
minimum value, and could we improve it by taking some action while
it's generating a key ?
I looked in the documentation and didn't find any informations about
that, but maybe I missed it.
Thanks for your help,
Florent.
|
|
From: Tomas G. <to...@pr...> - 2016-04-25 14:02:46
|
Hi Maurício, Browser enrollment is a chapter in itself, and combining with smart cards adds an additional layer of complexity. Currently IE and FireFox (not Edge, not Chrome since v49) support certificate enrollment using the web browser. Then for the smart card it depends on the smart card drivers if enrollment using the card is supported. You have a smart card middle-ware installed, and this needs to support it. It works with browsers for a few tokens, but for large scale enrollment to smart cards and Token Management System should be used. We have some examples documented. https://www.ejbca.org/complementary.html#Token%20Management You are not allowed to enroll twice using the same username/enrollment code. It is by design a "one-time enrollment code". You can find information about the in the FAQ and documentation. https://www.ejbca.org/docs/faq.html#errorUserStatus Cheers, Tomas ----- Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. https://www.primekey.se/technologies/products-overview/ https://www.primekey.se/service-support/support/ On 2016-04-25 01:12, Maurício Giacomini Penteado wrote: > I get success to my first question runing the enroll in IE. It should be > cause activex components that this code process. > > Kind regards, > Maurício Giacomini Penteado > > ------------------------------------------------------------------------ > From: mau...@ho... > To: ejb...@li... > Date: Fri, 22 Apr 2016 23:31:04 +0000 > Subject: [Ejbca-develop] Enroll certificates doubts > > Dear friends > > I am trying put the initial superadmin certificate on a smartcard. I > read in installation document that just putting the instruction > "superadmin.batch=false" in web.properties works. But doing it I just > got a superadmin certificate as a software security device. Somebody > knows and can help me about how can I get enroll the initial superadmin > certificate directly in smartcard device? > > Other thing I am having difficulty is that I understood reading the > installation doc that if I want enroll other superadmin certificate with > "superadmin.batch=false" is just enroll other time with the correct > username and password that another superadmin certificate will be > generated but trying I receive an error: Wrong user status! To generate > a certificate for a user the user must have status New, Failed or In > process. To me this process just works once how can I do it more than > one time? > > Kind regards, > Maurício Giacomini Penteado > > > > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications > Manager Applications Manager provides deep performance insights into > multiple tiers of your business applications. It resolves application > problems quickly and reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ Ejbca-develop mailing > list Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Maurício G. P. <mau...@ho...> - 2016-04-24 23:12:42
|
I get success to my first question runing the enroll in IE. It should be cause activex components that this code process. Kind regards,Maurício Giacomini Penteado From: mau...@ho... To: ejb...@li... Date: Fri, 22 Apr 2016 23:31:04 +0000 Subject: [Ejbca-develop] Enroll certificates doubts Dear friends I am trying put the initial superadmin certificate on a smartcard. I read in installation document that just putting the instruction "superadmin.batch=false" in web.properties works. But doing it I just got a superadmin certificate as a software security device. Somebody knows and can help me about how can I get enroll the initial superadmin certificate directly in smartcard device? Other thing I am having difficulty is that I understood reading the installation doc that if I want enroll other superadmin certificate with "superadmin.batch=false" is just enroll other time with the correct username and password that another superadmin certificate will be generated but trying I receive an error: Wrong user status! To generate a certificate for a user the user must have status New, Failed or In process. To me this process just works once how can I do it more than one time? Kind regards,Maurício Giacomini Penteado ------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Maurício G. P. <mau...@ho...> - 2016-04-22 23:31:11
|
Dear friends I am trying put the initial superadmin certificate on a smartcard. I read in installation document that just putting the instruction "superadmin.batch=false" in web.properties works. But doing it I just got a superadmin certificate as a software security device. Somebody knows and can help me about how can I get enroll the initial superadmin certificate directly in smartcard device? Other thing I am having difficulty is that I understood reading the installation doc that if I want enroll other superadmin certificate with "superadmin.batch=false" is just enroll other time with the correct username and password that another superadmin certificate will be generated but trying I receive an error: Wrong user status! To generate a certificate for a user the user must have status New, Failed or In process. To me this process just works once how can I do it more than one time? Kind regards,Maurício Giacomini Penteado |
|
From: Andreas K. <ku...@tr...> - 2016-04-22 12:14:36
|
Hi Tomas, > Hints are: > - A new RA function > - Much improved Approvals (connected with the new RA functionality) > > The email issue discussed here will probably be solved very nicely with > Approval Profiles. > https://jira.primekey.se/browse/ECA-4907 thanks very much! This indeed may affect my planning! Greetings, Andreas > On 2016-04-22 11:06, Andreas Kuehne wrote: >> Hi Tomas, >>> (Dev-pipeline is really full at the moment, you will see new exciting >>> things in the fall) >> can you give us a small hint? Don't want to spend the summer building >> stuff that will be included in ejbca better & smarter in fall! >> >> Greetings, >> >> Andreas >> >> ------------------------------------------------------------------------------ >> Find and fix application performance issues faster with Applications Manager >> Applications Manager provides deep performance insights into multiple tiers of >> your business applications. It resolves application problems quickly and >> reduces your MTTR. Get your free trial! >> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales |
|
From: Tomas G. <to...@pr...> - 2016-04-22 12:00:08
|
Hi Andreas, Hints are: - A new RA function - Much improved Approvals (connected with the new RA functionality) The email issue discussed here will probably be solved very nicely with Approval Profiles. https://jira.primekey.se/browse/ECA-4907 Regards, Tomas On 2016-04-22 11:06, Andreas Kuehne wrote: > Hi Tomas, >> (Dev-pipeline is really full at the moment, you will see new exciting >> things in the fall) > can you give us a small hint? Don't want to spend the summer building > stuff that will be included in ejbca better & smarter in fall! > > Greetings, > > Andreas > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Andreas K. <ku...@tr...> - 2016-04-22 09:08:27
|
Hi Tomas, > (Dev-pipeline is really full at the moment, you will see new exciting > things in the fall) can you give us a small hint? Don't want to spend the summer building stuff that will be included in ejbca better & smarter in fall! Greetings, Andreas |
|
From: Tomas G. <to...@pr...> - 2016-04-22 08:57:23
|
Hi, I created a Jira issue for this. https://jira.primekey.se/browse/ECA-5017 (Dev-pipeline is really full at the moment, you will see new exciting things in the fall) Regards, Tomas On 2016-04-18 19:52, Ralf Hornik wrote: > How about an extra field in the end entity profile properties with the name > "Approval Email" > > -----Ursprüngliche Nachricht----- > Von: Tomas Gustavsson [mailto:to...@pr...] > Gesendet: Montag, 18. April 2016 17:28 > An: ejb...@li... > Betreff: Re: [Ejbca-develop] patch to send approval requests to different > email addresses > > > Thanks for the patch. Great solution for your use case. > > In EJBCA we're nowadays requiring that configuration can be done in the GUI, > so users don't have to edit configuration files etc. So I would like to add > it as Admin GUI configuration somehow. > > Would it be possible for you to outline how such a configuration would > ideally look if you could decide? > > Regards, > Tomas > ********** > PrimeKey Solutions AB > Lundagatan 16, 171 63 Solna, Sweden > Mob: +46 (0)707421096 > Internet: www.primekey.se > Twitter: twitter.com/primekeyPKI > ********** > > On 2016-04-15 13:36, Andreas Paul wrote: >> Hi there, >> >> we want to send certificate approval requests for different EEPs to >> different RA admin email addresses. >> Currently EJBCA only supports one email address for this under system >> configuration. >> >> To configure the different RA admins mailing addresses we are using >> system properties in the JBoss configuration XML: >> >> <system-properties> >> <property name="end.entity.profile.1927555933.email" >> value="pki...@do..."/> >> <property name="end.entity.profile.1338322978.email" >> value="pki...@do..."/> >> <property name="end.entity.profile.1101666034.email" >> value="pki...@do..."/> >> </system-properties> >> >> As you can see we use the unique ID of the end entity which should >> send the approval request to the specific email address. >> >> You can lookup the unique ID of your end entity by querying your ejbca >> database: >> >> select id, profilename from endentityprofiledata; >> >> If there is no specific end entity email address configured if falls >> back to the original email address form the system configuration. >> >> Github gist link: >> https://gist.github.com/xorpaul/822ecb5113137ac1c889e87c1ebc10ca >> >> Kind regards, >> >> Andreas Paul >> >> >> >> >> ---------------------------------------------------------------------- >> -------- Find and fix application performance issues faster with >> Applications Manager Applications Manager provides deep performance >> insights into multiple tiers of your business applications. It >> resolves application problems quickly and reduces your MTTR. Get your >> free trial! >> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > ---------------------------------------------------------------------------- > -- > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers > of your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Andreas P. <xo...@gm...> - 2016-04-19 16:54:04
|
Yes, I agree. A simple text field in the EEP to override the general system configuration RA admin email address. On Apr 18, 2016 23:04, "Andreas Kuehne" <ku...@tr...> wrote: > Hi folks, > > yes, a '+1' from me! The end entity profile is a good starting point for > RA officer wakeup call! > > Greetings, > > Andreas > > Ralf Hornik wrote: > > How about an extra field in the end entity profile properties with the name > "Approval Email" > > > Yupp. An option in the end entity profile would be the most appropriate > solution. I guess Andreas would also appreciate that. ;-) > > Ciao, Michael. > > > -----Ursprüngliche Nachricht----- > Von: Tomas Gustavsson [mailto:to...@pr... <to...@pr...>] > Gesendet: Montag, 18. April 2016 17:28 > An: ejb...@li... > Betreff: Re: [Ejbca-develop] patch to send approval requests to different > email addresses > > > Thanks for the patch. Great solution for your use case. > > In EJBCA we're nowadays requiring that configuration can be done in the GUI, > so users don't have to edit configuration files etc. So I would like to add > it as Admin GUI configuration somehow. > > Would it be possible for you to outline how such a configuration would > ideally look if you could decide? > > Regards, > Tomas > ********** > PrimeKey Solutions AB > Lundagatan 16, 171 63 Solna, Sweden > Mob: +46 (0)707421096 > Internet: www.primekey.se > Twitter: twitter.com/primekeyPKI > ********** > > On 2016-04-15 13:36, Andreas Paul wrote: > > Hi there, > > we want to send certificate approval requests for different EEPs to > different RA admin email addresses. > Currently EJBCA only supports one email address for this under system > configuration. > > To configure the different RA admins mailing addresses we are using > system properties in the JBoss configuration XML: > > <system-properties> > <property name="end.entity.profile.1927555933.email" > value="pki...@do..." <pki...@do...>/> > <property name="end.entity.profile.1338322978.email" > value="pki...@do..." <pki...@do...>/> > <property name="end.entity.profile.1101666034.email" > value="pki...@do..." <pki...@do...>/> > </system-properties> > > As you can see we use the unique ID of the end entity which should > send the approval request to the specific email address. > > You can lookup the unique ID of your end entity by querying your ejbca > database: > > select id, profilename from endentityprofiledata; > > If there is no specific end entity email address configured if falls > back to the original email address form the system configuration. > > Github gist link:https://gist.github.com/xorpaul/822ecb5113137ac1c889e87c1ebc10ca > > Kind regards, > > Andreas Paul > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial!https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > _______________________________________________ > Ejbca-develop mailing lis...@li...://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > -- > Andreas Kühne > phone: +49 177 293 24 97 > mailto: ku...@tr... > > Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 > > Director Andreas Kühne > > Company UK Company No: 5218868 Registered in England and Wales > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications > Manager > Applications Manager provides deep performance insights into multiple > tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > |
|
From: Tomas G. <to...@pr...> - 2016-04-19 06:42:32
|
Your error is noted below. "Permission Denied" means that you have performed some tasks as root, giving files root permission. And now you try to run as non-root, meaning that JBoss can not access it's own files. You need to fix file permission to be able to run as non-root. Cheers, Tomas On 2016-04-19 08:26, S Rajesh wrote: > Caused by: java.io.FileNotFoundException: > /home/user/jboss-as-7.1.1.Final/standalone/log/boot.log (Permission denied) |
|
From: Tomas G. <to...@pr...> - 2016-04-19 06:41:19
|
Check the troubleshooting section here. https://www.ejbca.org/docs/adminguide.html#Troubleshooting Cheers, Tomas ********** PrimeKey Solutions AB Lundagatan 16, 171 63 Solna, Sweden Mob: +46 (0)707421096 Internet: www.primekey.se Twitter: twitter.com/primekeyPKI ********** On 2016-04-19 08:26, S Rajesh wrote: > Hi Thomas, > Thanks a lot for looking into this, please let me know > what kind of logs you are looking at, is there a path where it will get > saved. > > Meanwhile i tried running jboss and i am pasting complete output here: > > user@vpn-ejbca:~/jboss-as-7.1.1.Final/bin$ ./standalone.sh > ========================================================================= > > JBoss Bootstrap Environment > > JBOSS_HOME: /home/user/jboss-as-7.1.1.Final > > JAVA: java > > JAVA_OPTS: -server -XX:+UseCompressedOops -XX:+TieredCompilation > -Xms64m -Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true > -Dorg.jboss.resolver.warning=true > -Dsun.rmi.dgc.client.gcInterval=3600000 > -Dsun.rmi.dgc.server.gcInterval=3600000 > -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true > -Djboss.server.default.config=standalone.xml > > ========================================================================= > > Unable to set property fileName on class > org.jboss.logmanager.handlers.FileHandler: > java.lang.reflect.InvocationTargetException > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.jboss.logmanager.PropertyConfigurator.configureProperties(PropertyConfigurator.java:187) > at > org.jboss.logmanager.PropertyConfigurator.configureHandler(PropertyConfigurator.java:312) > at > org.jboss.logmanager.PropertyConfigurator.configure(PropertyConfigurator.java:128) > at > org.jboss.logmanager.PropertyConfigurator.configure(PropertyConfigurator.java:86) > at > org.jboss.logmanager.LogManager.readConfiguration(LogManager.java:246) > at > org.jboss.logmanager.LogManager.readConfiguration(LogManager.java:231) > at java.util.logging.LogManager$2.run(LogManager.java:320) > at java.util.logging.LogManager$2.run(LogManager.java:318) > at java.security.AccessController.doPrivileged(Native Method) > at > java.util.logging.LogManager.readPrimordialConfiguration(LogManager.java:318) > at java.util.logging.LogManager.getLogManager(LogManager.java:300) > at java.util.logging.Logger.<init>(Logger.java:265) > at > java.util.logging.LogManager$RootLogger.<init>(LogManager.java:1468) > at > java.util.logging.LogManager$RootLogger.<init>(LogManager.java:1466) > at java.util.logging.LogManager$1.run(LogManager.java:204) > at java.security.AccessController.doPrivileged(Native Method) > at java.util.logging.LogManager.<clinit>(LogManager.java:181) > at org.jboss.modules.Main.main(Main.java:275) > Caused by: java.io.FileNotFoundException: > /home/user/jboss-as-7.1.1.Final/standalone/log/boot.log (Permission denied) > at java.io.FileOutputStream.open(Native Method) > at java.io.FileOutputStream.<init>(FileOutputStream.java:221) > at > org.jboss.logmanager.handlers.FileHandler.setFile(FileHandler.java:152) > at > org.jboss.logmanager.handlers.FileHandler.setFileName(FileHandler.java:183) > ... 22 more > 11:10:28,853 INFO [org.jboss.modules] JBoss Modules version 1.1.1.GA > <http://1.1.1.GA> > 11:10:29,236 INFO [org.jboss.msc] JBoss MSC version 1.0.2.GA > <http://1.0.2.GA> > 11:10:29,300 INFO [org.jboss.as <http://org.jboss.as>] JBAS015899: > JBoss AS 7.1.1.Final "Brontes" starting11:10:29,314 ERROR > [org.jboss.msc.service.fail] MSC00001: Failed to start service jboss.as > <http://jboss.as>: org.jboss.msc.service.StartException in service > jboss.as <http://jboss.as>: Failed to start service > at > org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1767) > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > [rt.jar:1.7.0_95] > at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > [rt.jar:1.7.0_95] > at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_95] > Caused by: java.lang.IllegalStateException: JBAS014922: Directory > /home/user/jboss-as-7.1.1.Final/standalone/data/content is not writable > at > org.jboss.as.repository.ContentRepository$Factory$ContentRepositoryImpl.<init>(ContentRepository.java:123) > at > org.jboss.as.repository.ContentRepository$Factory.addService(ContentRepository.java:97) > at > org.jboss.as.server.ApplicationServerService.start(ApplicationServerService.java:134) > [jboss-as-server-7.1.1.Final.jar:7.1.1.Final] > at > org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > at > org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) > [jboss-msc-1.0.2.GA.jar:1.0.2.GA <http://1.0.2.GA>] > ... 3 more > > 11:10:29,323 ERROR [stderr] java.util.concurrent.ExecutionException: > Operation failed > 11:10:29,325 ERROR [stderr] at > org.jboss.threads.AsyncFutureTask.operationFailed(AsyncFutureTask.java:74) > 11:10:29,325 ERROR [stderr] at > org.jboss.threads.AsyncFutureTask.get(AsyncFutureTask.java:268) > 11:10:29,326 ERROR [stderr] at > org.jboss.as.server.Main.main(Main.java:98) > 11:10:29,326 ERROR [stderr] at > sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > 11:10:29,327 ERROR [stderr] at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) > 11:10:29,328 ERROR [stderr] at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) > 11:10:29,329 ERROR [stderr] at > java.lang.reflect.Method.invoke(Method.java:606) > 11:10:29,329 ERROR [stderr] at > org.jboss.modules.Module.run(Module.java:260) > 11:10:29,329 ERROR [stderr] at > org.jboss.modules.Main.main(Main.java:291) > 11:10:29,330 ERROR [stderr] Caused by: > org.jboss.msc.service.StartException in service jboss.as > <http://jboss.as>: Failed to start service > 11:10:29,330 ERROR [stderr] at > org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1767) > 11:10:29,331 ERROR [stderr] at > java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) > 11:10:29,331 ERROR [stderr] at > java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) > 11:10:29,332 ERROR [stderr] at java.lang.Thread.run(Thread.java:745) > 11:10:29,335 ERROR [stderr] Caused by: java.lang.IllegalStateException: > JBAS014922: Directory > /home/user/jboss-as-7.1.1.Final/standalone/data/content is not writable > 11:10:29,335 ERROR [stderr] at > org.jboss.as.repository.ContentRepository$Factory$ContentRepositoryImpl.<init>(ContentRepository.java:123) > 11:10:29,336 ERROR [stderr] at > org.jboss.as.repository.ContentRepository$Factory.addService(ContentRepository.java:97) > 11:10:29,336 ERROR [stderr] at > org.jboss.as.server.ApplicationServerService.start(ApplicationServerService.java:134) > 11:10:29,337 ERROR [stderr] at > org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811) > 11:10:29,337 ERROR [stderr] at > org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746) > 11:10:29,338 ERROR [stderr] ... 3 more > user@vpn-ejbca:~/jboss-as-7.1.1.Final/bin$ > > > On Mon, Apr 18, 2016 at 5:02 PM, Tomas Gustavsson <to...@pr... > <mailto:to...@pr...>> wrote: > > > Hi Rajesh, > > You can't really tell what's wrong with a few snippets from the log. The > real, causing, error message is in there somewhere, but you haven't > pasted it here. > > Regards, > Tomas > ********** > PrimeKey Solutions AB > Lundagatan 16, 171 63 Solna, Sweden > Mob: +46 (0)707421096 <tel:%2B46%20%280%29707421096> > Internet: www.primekey.se <http://www.primekey.se> > Twitter: twitter.com/primekeyPKI <http://twitter.com/primekeyPKI> > ********** > > On 2016-04-18 06:47, S Rajesh wrote: > > second try.. > > > > Hi All, > > > > I am bringing up EJBCA setup, I have followed > > steps given in installation guide and installed all required packages, > > but while running Jboss I am seeing below error, please help me in > > resolving this issue. > > > > > > > > Error log: > > > > 14:58:14,972 INFO [org.jboss.as.connector.subsystems.datasources] (MSC > > service thread 1-2) JBAS010400: Bound data source > > [java:jboss/datasources/ExampleDS] > > > > 14:58:14,997 INFO [org.jboss.as.controller] (Controller Boot Thread) > > JBAS014774: Service status report > > > > JBAS014777: Services which failed to start: service > > jboss.web.connector.http: org.jboss.msc.service.StartException in > > service jboss.web.connector.http: JBAS018007: Error starting web connector > > > > > > > > 14:58:15,016 INFO [org.jboss.as <http://org.jboss.as> > <http://org.jboss.as>] (Controller Boot > > Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990 > > > > 14:58:15,017 ERROR [org.jboss.as <http://org.jboss.as> > <http://org.jboss.as>] (Controller Boot > > Thread) JBAS015875: JBoss AS 7.1.1.Final "Brontes" started (with errors) > > in 4541ms - Started 132 of 208 services (1 services failed or missing > > dependencies, 74 services are passive or on-demand) > > > > > > > > Thanks, > > > > Rajesh. > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > Find and fix application performance issues faster with > Applications Manager > > Applications Manager provides deep performance insights into > multiple tiers of > > your business applications. It resolves application problems > quickly and > > reduces your MTTR. Get your free trial! > > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications > Manager > Applications Manager provides deep performance insights into > multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: S R. <raj...@gm...> - 2016-04-19 06:26:32
|
Hi Thomas,
Thanks a lot for looking into this, please let me know
what kind of logs you are looking at, is there a path where it will get
saved.
Meanwhile i tried running jboss and i am pasting complete output here:
user@vpn-ejbca:~/jboss-as-7.1.1.Final/bin$ ./standalone.sh
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /home/user/jboss-as-7.1.1.Final
JAVA: java
JAVA_OPTS: -server -XX:+UseCompressedOops -XX:+TieredCompilation -Xms64m
-Xmx512m -XX:MaxPermSize=256m -Djava.net.preferIPv4Stack=true
-Dorg.jboss.resolver.warning=true -Dsun.rmi.dgc.client.gcInterval=3600000
-Dsun.rmi.dgc.server.gcInterval=3600000
-Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true
-Djboss.server.default.config=standalone.xml
=========================================================================
Unable to set property fileName on class
org.jboss.logmanager.handlers.FileHandler:
java.lang.reflect.InvocationTargetException
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at
org.jboss.logmanager.PropertyConfigurator.configureProperties(PropertyConfigurator.java:187)
at
org.jboss.logmanager.PropertyConfigurator.configureHandler(PropertyConfigurator.java:312)
at
org.jboss.logmanager.PropertyConfigurator.configure(PropertyConfigurator.java:128)
at
org.jboss.logmanager.PropertyConfigurator.configure(PropertyConfigurator.java:86)
at
org.jboss.logmanager.LogManager.readConfiguration(LogManager.java:246)
at
org.jboss.logmanager.LogManager.readConfiguration(LogManager.java:231)
at java.util.logging.LogManager$2.run(LogManager.java:320)
at java.util.logging.LogManager$2.run(LogManager.java:318)
at java.security.AccessController.doPrivileged(Native Method)
at
java.util.logging.LogManager.readPrimordialConfiguration(LogManager.java:318)
at java.util.logging.LogManager.getLogManager(LogManager.java:300)
at java.util.logging.Logger.<init>(Logger.java:265)
at
java.util.logging.LogManager$RootLogger.<init>(LogManager.java:1468)
at
java.util.logging.LogManager$RootLogger.<init>(LogManager.java:1466)
at java.util.logging.LogManager$1.run(LogManager.java:204)
at java.security.AccessController.doPrivileged(Native Method)
at java.util.logging.LogManager.<clinit>(LogManager.java:181)
at org.jboss.modules.Main.main(Main.java:275)
Caused by: java.io.FileNotFoundException:
/home/user/jboss-as-7.1.1.Final/standalone/log/boot.log (Permission denied)
at java.io.FileOutputStream.open(Native Method)
at java.io.FileOutputStream.<init>(FileOutputStream.java:221)
at
org.jboss.logmanager.handlers.FileHandler.setFile(FileHandler.java:152)
at
org.jboss.logmanager.handlers.FileHandler.setFileName(FileHandler.java:183)
... 22 more
11:10:28,853 INFO [org.jboss.modules] JBoss Modules version 1.1.1.GA
11:10:29,236 INFO [org.jboss.msc] JBoss MSC version 1.0.2.GA
11:10:29,300 INFO [org.jboss.as] JBAS015899: JBoss AS 7.1.1.Final
"Brontes" starting11:10:29,314 ERROR [org.jboss.msc.service.fail] MSC00001:
Failed to start service jboss.as: org.jboss.msc.service.StartException in
service jboss.as: Failed to start service
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1767)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
[rt.jar:1.7.0_95]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
[rt.jar:1.7.0_95]
at java.lang.Thread.run(Thread.java:745) [rt.jar:1.7.0_95]
Caused by: java.lang.IllegalStateException: JBAS014922: Directory
/home/user/jboss-as-7.1.1.Final/standalone/data/content is not writable
at
org.jboss.as.repository.ContentRepository$Factory$ContentRepositoryImpl.<init>(ContentRepository.java:123)
at
org.jboss.as.repository.ContentRepository$Factory.addService(ContentRepository.java:97)
at
org.jboss.as.server.ApplicationServerService.start(ApplicationServerService.java:134)
[jboss-as-server-7.1.1.Final.jar:7.1.1.Final]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
[jboss-msc-1.0.2.GA.jar:1.0.2.GA]
... 3 more
11:10:29,323 ERROR [stderr] java.util.concurrent.ExecutionException:
Operation failed
11:10:29,325 ERROR [stderr] at
org.jboss.threads.AsyncFutureTask.operationFailed(AsyncFutureTask.java:74)
11:10:29,325 ERROR [stderr] at
org.jboss.threads.AsyncFutureTask.get(AsyncFutureTask.java:268)
11:10:29,326 ERROR [stderr] at
org.jboss.as.server.Main.main(Main.java:98)
11:10:29,326 ERROR [stderr] at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
11:10:29,327 ERROR [stderr] at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
11:10:29,328 ERROR [stderr] at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
11:10:29,329 ERROR [stderr] at
java.lang.reflect.Method.invoke(Method.java:606)
11:10:29,329 ERROR [stderr] at
org.jboss.modules.Module.run(Module.java:260)
11:10:29,329 ERROR [stderr] at
org.jboss.modules.Main.main(Main.java:291)
11:10:29,330 ERROR [stderr] Caused by: org.jboss.msc.service.StartException
in service jboss.as: Failed to start service
11:10:29,330 ERROR [stderr] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1767)
11:10:29,331 ERROR [stderr] at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
11:10:29,331 ERROR [stderr] at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
11:10:29,332 ERROR [stderr] at java.lang.Thread.run(Thread.java:745)
11:10:29,335 ERROR [stderr] Caused by: java.lang.IllegalStateException:
JBAS014922: Directory
/home/user/jboss-as-7.1.1.Final/standalone/data/content is not writable
11:10:29,335 ERROR [stderr] at
org.jboss.as.repository.ContentRepository$Factory$ContentRepositoryImpl.<init>(ContentRepository.java:123)
11:10:29,336 ERROR [stderr] at
org.jboss.as.repository.ContentRepository$Factory.addService(ContentRepository.java:97)
11:10:29,336 ERROR [stderr] at
org.jboss.as.server.ApplicationServerService.start(ApplicationServerService.java:134)
11:10:29,337 ERROR [stderr] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1811)
11:10:29,337 ERROR [stderr] at
org.jboss.msc.service.ServiceControllerImpl$StartTask.run(ServiceControllerImpl.java:1746)
11:10:29,338 ERROR [stderr] ... 3 more
user@vpn-ejbca:~/jboss-as-7.1.1.Final/bin$
On Mon, Apr 18, 2016 at 5:02 PM, Tomas Gustavsson <to...@pr...> wrote:
>
> Hi Rajesh,
>
> You can't really tell what's wrong with a few snippets from the log. The
> real, causing, error message is in there somewhere, but you haven't
> pasted it here.
>
> Regards,
> Tomas
> **********
> PrimeKey Solutions AB
> Lundagatan 16, 171 63 Solna, Sweden
> Mob: +46 (0)707421096
> Internet: www.primekey.se
> Twitter: twitter.com/primekeyPKI
> **********
>
> On 2016-04-18 06:47, S Rajesh wrote:
> > second try..
> >
> > Hi All,
> >
> > I am bringing up EJBCA setup, I have followed
> > steps given in installation guide and installed all required packages,
> > but while running Jboss I am seeing below error, please help me in
> > resolving this issue.
> >
> >
> >
> > Error log:
> >
> > 14:58:14,972 INFO [org.jboss.as.connector.subsystems.datasources] (MSC
> > service thread 1-2) JBAS010400: Bound data source
> > [java:jboss/datasources/ExampleDS]
> >
> > 14:58:14,997 INFO [org.jboss.as.controller] (Controller Boot Thread)
> > JBAS014774: Service status report
> >
> > JBAS014777: Services which failed to start: service
> > jboss.web.connector.http: org.jboss.msc.service.StartException in
> > service jboss.web.connector.http: JBAS018007: Error starting web
> connector
> >
> >
> >
> > 14:58:15,016 INFO [org.jboss.as <http://org.jboss.as>] (Controller Boot
> > Thread) JBAS015951: Admin console listening on http://127.0.0.1:9990
> >
> > 14:58:15,017 ERROR [org.jboss.as <http://org.jboss.as>] (Controller Boot
> > Thread) JBAS015875: JBoss AS 7.1.1.Final "Brontes" started (with errors)
> > in 4541ms - Started 132 of 208 services (1 services failed or missing
> > dependencies, 74 services are passive or on-demand)
> >
> >
> >
> > Thanks,
> >
> > Rajesh.
> >
> >
> >
> >
> >
> >
> >
> ------------------------------------------------------------------------------
> > Find and fix application performance issues faster with Applications
> Manager
> > Applications Manager provides deep performance insights into multiple
> tiers of
> > your business applications. It resolves application problems quickly and
> > reduces your MTTR. Get your free trial!
> > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> >
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> ------------------------------------------------------------------------------
> Find and fix application performance issues faster with Applications
> Manager
> Applications Manager provides deep performance insights into multiple
> tiers of
> your business applications. It resolves application problems quickly and
> reduces your MTTR. Get your free trial!
> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
|
|
From: Andreas K. <ku...@tr...> - 2016-04-18 21:03:47
|
Hi folks, yes, a '+1' from me! The end entity profile is a good starting point for RA officer wakeup call! Greetings, Andreas > Ralf Hornik wrote: >> How about an extra field in the end entity profile properties with the name >> "Approval Email" > Yupp. An option in the end entity profile would be the most appropriate > solution. I guess Andreas would also appreciate that. ;-) > > Ciao, Michael. > >> -----Ursprüngliche Nachricht----- >> Von: Tomas Gustavsson [mailto:to...@pr...] >> Gesendet: Montag, 18. April 2016 17:28 >> An: ejb...@li... >> Betreff: Re: [Ejbca-develop] patch to send approval requests to different >> email addresses >> >> >> Thanks for the patch. Great solution for your use case. >> >> In EJBCA we're nowadays requiring that configuration can be done in the GUI, >> so users don't have to edit configuration files etc. So I would like to add >> it as Admin GUI configuration somehow. >> >> Would it be possible for you to outline how such a configuration would >> ideally look if you could decide? >> >> Regards, >> Tomas >> ********** >> PrimeKey Solutions AB >> Lundagatan 16, 171 63 Solna, Sweden >> Mob: +46 (0)707421096 >> Internet: www.primekey.se >> Twitter: twitter.com/primekeyPKI >> ********** >> >> On 2016-04-15 13:36, Andreas Paul wrote: >>> Hi there, >>> >>> we want to send certificate approval requests for different EEPs to >>> different RA admin email addresses. >>> Currently EJBCA only supports one email address for this under system >>> configuration. >>> >>> To configure the different RA admins mailing addresses we are using >>> system properties in the JBoss configuration XML: >>> >>> <system-properties> >>> <property name="end.entity.profile.1927555933.email" >>> value="pki...@do..."/> >>> <property name="end.entity.profile.1338322978.email" >>> value="pki...@do..."/> >>> <property name="end.entity.profile.1101666034.email" >>> value="pki...@do..."/> >>> </system-properties> >>> >>> As you can see we use the unique ID of the end entity which should >>> send the approval request to the specific email address. >>> >>> You can lookup the unique ID of your end entity by querying your ejbca >>> database: >>> >>> select id, profilename from endentityprofiledata; >>> >>> If there is no specific end entity email address configured if falls >>> back to the original email address form the system configuration. >>> >>> Github gist link: >>> https://gist.github.com/xorpaul/822ecb5113137ac1c889e87c1ebc10ca >>> >>> Kind regards, >>> >>> Andreas Paul > > > ------------------------------------------------------------------------------ > Find and fix application performance issues faster with Applications Manager > Applications Manager provides deep performance insights into multiple tiers of > your business applications. It resolves application problems quickly and > reduces your MTTR. Get your free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Gartenheimstr. 39C - 30659 Hannover Amtsgericht Hannover HRB 212612 Director Andreas Kühne Company UK Company No: 5218868 Registered in England and Wales |
|
From: Michael S. <mi...@st...> - 2016-04-18 20:13:27
|
Ralf Hornik wrote: > How about an extra field in the end entity profile properties with the name > "Approval Email" Yupp. An option in the end entity profile would be the most appropriate solution. I guess Andreas would also appreciate that. ;-) Ciao, Michael. > -----Ursprüngliche Nachricht----- > Von: Tomas Gustavsson [mailto:to...@pr...] > Gesendet: Montag, 18. April 2016 17:28 > An: ejb...@li... > Betreff: Re: [Ejbca-develop] patch to send approval requests to different > email addresses > > > Thanks for the patch. Great solution for your use case. > > In EJBCA we're nowadays requiring that configuration can be done in the GUI, > so users don't have to edit configuration files etc. So I would like to add > it as Admin GUI configuration somehow. > > Would it be possible for you to outline how such a configuration would > ideally look if you could decide? > > Regards, > Tomas > ********** > PrimeKey Solutions AB > Lundagatan 16, 171 63 Solna, Sweden > Mob: +46 (0)707421096 > Internet: www.primekey.se > Twitter: twitter.com/primekeyPKI > ********** > > On 2016-04-15 13:36, Andreas Paul wrote: >> Hi there, >> >> we want to send certificate approval requests for different EEPs to >> different RA admin email addresses. >> Currently EJBCA only supports one email address for this under system >> configuration. >> >> To configure the different RA admins mailing addresses we are using >> system properties in the JBoss configuration XML: >> >> <system-properties> >> <property name="end.entity.profile.1927555933.email" >> value="pki...@do..."/> >> <property name="end.entity.profile.1338322978.email" >> value="pki...@do..."/> >> <property name="end.entity.profile.1101666034.email" >> value="pki...@do..."/> >> </system-properties> >> >> As you can see we use the unique ID of the end entity which should >> send the approval request to the specific email address. >> >> You can lookup the unique ID of your end entity by querying your ejbca >> database: >> >> select id, profilename from endentityprofiledata; >> >> If there is no specific end entity email address configured if falls >> back to the original email address form the system configuration. >> >> Github gist link: >> https://gist.github.com/xorpaul/822ecb5113137ac1c889e87c1ebc10ca >> >> Kind regards, >> >> Andreas Paul |
|
From: Ralf H. <rh...@hc...> - 2016-04-18 18:09:08
|
How about an extra field in the end entity profile properties with the name "Approval Email" -----Ursprüngliche Nachricht----- Von: Tomas Gustavsson [mailto:to...@pr...] Gesendet: Montag, 18. April 2016 17:28 An: ejb...@li... Betreff: Re: [Ejbca-develop] patch to send approval requests to different email addresses Thanks for the patch. Great solution for your use case. In EJBCA we're nowadays requiring that configuration can be done in the GUI, so users don't have to edit configuration files etc. So I would like to add it as Admin GUI configuration somehow. Would it be possible for you to outline how such a configuration would ideally look if you could decide? Regards, Tomas ********** PrimeKey Solutions AB Lundagatan 16, 171 63 Solna, Sweden Mob: +46 (0)707421096 Internet: www.primekey.se Twitter: twitter.com/primekeyPKI ********** On 2016-04-15 13:36, Andreas Paul wrote: > Hi there, > > we want to send certificate approval requests for different EEPs to > different RA admin email addresses. > Currently EJBCA only supports one email address for this under system > configuration. > > To configure the different RA admins mailing addresses we are using > system properties in the JBoss configuration XML: > > <system-properties> > <property name="end.entity.profile.1927555933.email" > value="pki...@do..."/> > <property name="end.entity.profile.1338322978.email" > value="pki...@do..."/> > <property name="end.entity.profile.1101666034.email" > value="pki...@do..."/> > </system-properties> > > As you can see we use the unique ID of the end entity which should > send the approval request to the specific email address. > > You can lookup the unique ID of your end entity by querying your ejbca > database: > > select id, profilename from endentityprofiledata; > > If there is no specific end entity email address configured if falls > back to the original email address form the system configuration. > > Github gist link: > https://gist.github.com/xorpaul/822ecb5113137ac1c889e87c1ebc10ca > > Kind regards, > > Andreas Paul > > > > > ---------------------------------------------------------------------- > -------- Find and fix application performance issues faster with > Applications Manager Applications Manager provides deep performance > insights into multiple tiers of your business applications. It > resolves application problems quickly and reduces your MTTR. Get your > free trial! > https://ad.doubleclick.net/ddm/clk/302982198;130105516;z > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > ---------------------------------------------------------------------------- -- Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
106 messages has been excluded from this view by a project administrator.
