ejbca-develop — Development discussions

Re: [Ejbca-develop] The import org.cesecore cannot be resolved

[<mau...@ib...>]

 

Dear Tomas 

I don´t understand. The file internal.properties from community edition
(v.6.3.1.1) that I get from www.ejbca.org shows me: 

app.version.number=6.3.1.1
svn.revision=r21429
app.edition.verbose=Community 

This version dont have files called .project, .classpath, .svn, or
.settings 

When I try find the revision 21429 on repository
https://svn.cesecore.eu/svn/ejbca/trunk/ejbca I don´t have sucess I just
find the revisions 21423 or 21430. 

The revisions 21423 or 21430 have files called .project, .classpath,
.svn, or .settings but not seems community editions. 

Where can I find the revision 21429 that have the files .project,
.classpath, .svn, or .settings? 

In other words where can I get the source code from community edition
(v.6.3.1.1) in a eclipse project format like the other versions released
on the repository https://svn.cesecore.eu/svn/ejbca/trunk/ejbca that not
are community edition? 

How can I put the community edition (v.6.3.1.1) to build and compile in
eclipse? 

Yours sincerely,
Maurício Giacomini Penteado 

Em 02/03/2016 15:40, Tomas Gustavsson escreveu: 

> It should all be there if you have a proper .classpath eclipse file.
> 
> On 2016-03-02 10:15, mau...@ib...:
> 
>> Hello all I am trying compile ejbca by eclipse but I am not understanding where find the cesecore lib. Eclipse shows me "The import org.cesecore cannot be resolved". How can I resolve this? Kind regards, Maurício Giacomini Penteado ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 [1] _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop [2]
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 [1]
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop [2]
 

Links:
------
[1] http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
[2] https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: [Ejbca-develop] The import org.cesecore cannot be resolved

[Tomas G. <to...@pr...>]

It should all be there if you have a proper .classpath eclipse file.


On 2016-03-02 10:15, mau...@ib... wrote:
> Hello all
> 
> I am trying compile ejbca by eclipse but I am not understanding where
> find the cesecore lib. Eclipse shows me "The import org.cesecore cannot
> be resolved".
> 
> How can I resolve this?
> 
> Kind regards,
> 
> Maurício Giacomini Penteado
> 
>  
> 
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

[Ejbca-develop] The import org.cesecore cannot be resolved

[<mau...@ib...>]

 

Hello all 

I am trying compile ejbca by eclipse but I am not understanding where
find the cesecore lib. Eclipse shows me "The import org.cesecore cannot
be resolved". 

How can I resolve this? 

Kind regards, 

Maurício Giacomini Penteado 
 

Re: [Ejbca-develop] What is the correct subversion release from version 6.3.1.1 of EJBCA?

[<mau...@ib...>]

 

Ok, I undertood. 

Thank you so much. 

Best regards, 

Mauricio Giacomini Penteado 

Em 01/03/2016 19:58, Tomas Gustavsson escreveu: 

> Hi,
> 
> You can see on ejbca.org that 6.3.1.1 is the latest Community release,
> while 6.5.0 is the latest Enterprise release.
> Running 6.3.1.1 for example you can see the svn revision in the admin
> GUI (and in src/internal.properties.
> 
> For Community releases versions that you can download are stable ones.
> For Enterprise releases you're depending on PrimeKey to provide the
> stable releases.
> 
> You can read about the versioning principles of EJBCA at
> https://www.ejbca.org/releasecycle.html [4].
> 
> Kind regards,
> Tomas
> 
> On 2016-03-01 13:18, mau...@ib...:
> 
>> Hello everybody. I am trying study the source code of EJBCA project to collaborate with something but I do not understand the version schema used. I saw in website www.ejbca.org [1] that the last release of edition EJBCA community was the version 6.3.1.1 but on the HEAD of the source codes EJBCA repository there is other version. The version 6.5.0. I believe that the version 6.3.1.1 is the last stable of the project therefore is the best version to initiate my studies. The repository on EJBCA source code shows a list with a lot of revisions. I tried search any relation between some revision and ejbca version 6.3.1.1 but I can not find it . How can I take a copy of the version 6.3.1.1 from source codes of EJBCA? How can I identify stable versions or intermediate versions on repository of EJBCA source code? Please help! ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile
APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 [2] _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop [3]
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140 [2]
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop [3]
 

Links:
------
[1] http://www.ejbca.org
[2] http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
[3] https://lists.sourceforge.net/lists/listinfo/ejbca-develop
[4] https://www.ejbca.org/releasecycle.html

Re: [Ejbca-develop] What is the correct subversion release from version 6.3.1.1 of EJBCA?

[Tomas G. <to...@pr...>]

Hi,

You can see on ejbca.org that 6.3.1.1 is the latest Community release,
while 6.5.0 is the latest Enterprise release.
Running 6.3.1.1 for example you can see the svn revision in the admin
GUI (and in src/internal.properties.

For Community releases versions that you can download are stable ones.
For Enterprise releases you're depending on PrimeKey to provide the
stable releases.

You can read about the versioning principles  of EJBCA at
https://www.ejbca.org/releasecycle.html.

Kind regards,
Tomas

On 2016-03-01 13:18, mau...@ib... wrote:
> Hello everybody.
> 
> I am trying study the source code of EJBCA project to collaborate with
> something but I do not understand the version schema used.
> 
> I saw in website www.ejbca.org that the last release of edition EJBCA
> community was the version 6.3.1.1 but on the HEAD of the source codes
> EJBCA repository there is other version. The version 6.5.0.
> 
> I believe that the version 6.3.1.1 is the last stable of the project
> therefore is the best version to initiate my studies.
> 
> The repository on EJBCA source code shows a list with a lot of
> revisions. I tried search any relation between some revision and ejbca
> version 6.3.1.1 but I can not find it .
> 
> How can I take a copy of the version 6.3.1.1 from source codes of EJBCA?
> How can I identify stable versions or intermediate versions on
> repository of EJBCA source code?
> 
> Please help!
> 
>  
> 
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

[Ejbca-develop] What is the correct subversion release from version 6.3.1.1 of EJBCA?

[<mau...@ib...>]

 

Hello everybody. 

I am trying study the source code of EJBCA project to collaborate with
something but I do not understand the version schema used. 

I saw in website www.ejbca.org that the last release of edition EJBCA
community was the version 6.3.1.1 but on the HEAD of the source codes
EJBCA repository there is other version. The version 6.5.0. 

I believe that the version 6.3.1.1 is the last stable of the project
therefore is the best version to initiate my studies. 

The repository on EJBCA source code shows a list with a lot of
revisions. I tried search any relation between some revision and ejbca
version 6.3.1.1 but I can not find it . 

How can I take a copy of the version 6.3.1.1 from source codes of EJBCA?
How can I identify stable versions or intermediate versions on
repository of EJBCA source code? 

Please help! 
 

Re: [Ejbca-develop] Trial License

[Donabedian, V. L (2443782) <v.d...@be...>]

Thanks Thomas for your reply.

It looks like I would need the Vendors CA Authentication to validate their certs all the way up to the root. So hopefully sales could give me a an evaluation copy for 60 days or so.

Vahé Donabedian - P. Eng
Packet Data Domain Architect | Wireless Technology Core Networks
T: 905-282-2139 | M: 416-700-0022
Bell Mobility

-----Original Message-----
From: Tomas Gustavsson [mailto:to...@pr...] 
Sent: Monday, February 22, 2016 8:37 AM
To: ejb...@li...
Subject: Re: [Ejbca-develop] Trial License


Hi,

CMPv2 is available in all versions as described in the Admin Guide. Some functionality (Vendor CA authentication) is only available in Enterprise.

We have an on-line demo environment where clients can test, and there is also an evaluation VM of EJBCA Enterprise. Contact sa...@pr... to explore these options.

Kind regards,
Tomas Gustavsson
**********
PrimeKey Solutions AB
Lundagatan 16, 171 63 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********

On 2016-02-19 18:34, v.d...@be... wrote:
> Hello:
> 
>  
> 
> Is it possible to trial EJBCA with CMPv2 capability? I understand that 
> I would need an Enterprise license if I were to get the CMPv2 feature.
> 
> If so, how would I be able to obtain one?
> 
>  
> 
> Thanks
> 
>  
> 
> *Vahe***
> 
>  
> 
> 
> 
> ----------------------------------------------------------------------
> --------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance 
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month 
> Monitor end-to-end web transactions and take corrective actions now 
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: [Ejbca-develop] Trial License

[Tomas G. <to...@pr...>]

Hi,

CMPv2 is available in all versions as described in the Admin Guide. Some
functionality (Vendor CA authentication) is only available in Enterprise.

We have an on-line demo environment where clients can test, and there is
also an evaluation VM of EJBCA Enterprise. Contact sa...@pr... to
explore these options.

Kind regards,
Tomas Gustavsson
**********
PrimeKey Solutions AB
Lundagatan 16, 171 63 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********

On 2016-02-19 18:34, v.d...@be... wrote:
> Hello:
> 
>  
> 
> Is it possible to trial EJBCA with CMPv2 capability? I understand that I
> would need an Enterprise license if I were to get the CMPv2 feature.
> 
> If so, how would I be able to obtain one?
> 
>  
> 
> Thanks
> 
>  
> 
> *Vahe***
> 
>  
> 
> 
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

[Ejbca-develop] Trial License

[<v.d...@be...>]

Hello:

Is it possible to trial EJBCA with CMPv2 capability? I understand that I would need an Enterprise license if I were to get the CMPv2 feature.
If so, how would I be able to obtain one?

Thanks

Vahe

Re: [Ejbca-develop] PKI Software for Global network

[Tomas G. <to...@pr...>]

Hi,

EJBCA is mostly fit for larger installations. There are public CAs using
EJBCA, and there are installations managing many many millions of
certificates.

Some older references:
https://www.ejbca.org/installations.html

Some new references:
https://www.primekey.se/business-cases/explore-the-world-of-primekey/

Then there are lots non-public of course. National PKIs and
multi-national enterprise.

Regards,
Tomas
-----
Save time and money with an Enterprise support subscription. Please see
www.primekey.se for more information.
https://www.primekey.se/technologies/products-overview/
https://www.primekey.se/service-support/support/


On 2016-02-16 08:01, Zalezny Niezalezny wrote:
> Hi, 
> 
> I have a short question, does this software is good enough to build 
> infrastructure for > 300 000 Certificates ? Is it proper solution ? Or
> its fit more for small environments ?
> 
> I would really appreciate for any feedback.
> 
> 
> 
> With kind regards
> 
> Zalezny
> 
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

[Ejbca-develop] PKI Software for Global network

[Zalezny N. <zal...@gm...>]

Hi,

I have a short question, does this software is good enough to build
infrastructure for > 300 000 Certificates ? Is it proper solution ? Or its
fit more for small environments ?

I would really appreciate for any feedback.



With kind regards

Zalezny

Re: [Ejbca-develop] LDAP DN order flag not being respected

[Michael S. <mi...@st...>]

Chirpy Soft wrote:
> We are experimenting with the LDAP DN order flag but it does not seem to
> make a difference.

Short answer: Always switch this off.

Long answer:
https://sourceforge.net/p/ejbca/mailman/message/33029424/

Ciao, Michael.

[Ejbca-develop] LDAP DN order flag not being respected

[Chirpy S. <chi...@gm...>]

Hi all,

We are experimenting with the LDAP DN order flag but it does not seem to
make a difference.

Per EJBCA documentation,


There are two places in EJBCA where this can be configured:

   - In the Certificate profile (Edit certificate profiles)
   - In the CA configuration (Edit Certificate Authorities)

The relationship between the settings is that they are both evaluated in an
OR expression. This means that if both are true the DN will have Ldap DN
order, but if any one of them is false the DN will have X.500 order.

What we are seeing is irrespective of setting both the flags, the RDN order
in the input CSR is simply reversed by EJBCA.

i.e. if CSR has RDN order CN=...C=, then EJBCA issued certificate has
subject C=....CN= and vice versa.

Is this expected behaviour or a bug? We are using EJBCA 6.4.0

Thank you.

Re: [Ejbca-develop] Superadmin renewal problem

[Ralf H. <rh...@hc...>]

Try to create another admin Role using cli "./ejbca.sh admins addadmin ..." then go to the GUI, renew the AdminCA and then renew superadmin. (hth)

-----Ursprüngliche Nachricht-----
Von: Randy Yu [mailto:yu...@ec...]
Gesendet: Montag, 25. Januar 2016 15:45
An: ejb...@li...
Betreff: Re: [Ejbca-develop] Superadmin renewal problem

Is there any other advice or has anyone else encountered this combination before?  Superadmin cannot be renewed because the CA which signed the Superadmin is expired.  Other CA's in the instance are not assigned to sign new superadmin's.

-----Original Message-----
From: Randy Yu [mailto:yu...@ec...]
Sent: January-21-16 3:02 PM
To: ejb...@li...
Subject: Re: [Ejbca-develop] Superadmin renewal problem

Thanks Tomas.  We have renewed the superadmin ca before, but that was when our self signed CA that was used to sign the superadmin was not expired.  What would be the best case to create a superadmin when the CA that signs it is now expired?

-----Original Message-----
From: Tomas Gustavsson [mailto:to...@pr...]
Sent: January-20-16 11:07 AM
To: ejb...@li...
Subject: Re: [Ejbca-develop] Superadmin renewal problem


https://www.ejbca.org/docs/userguide.html#Renewing%20Superadmin

Regards,
Tomas
Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information.
https://www.primekey.se/technologies/products-overview/
https://www.primekey.se/service-support/support/

On 2016-01-20 16:19, Randy Yu wrote:
> I don’t believe you can renew the admin CA via batch.  If I’m missing
> something please let me know.  Has anyone run into this problem
> before, or is there a way to sign new superadmin users with other CA’s
> even though I am unable to access the superadmin UI currently?
>
>
>
>
>
> *From:*Ralf Hornik [mailto:rh...@hc...]
> *Sent:* November-06-15 3:10 PM
> *To:* ejb...@li...
> *Subject:* Re: [Ejbca-develop] Superadmin renewal problem
>
>
>
> Cant you renew the Admin CA via batch?
>
> Von meinem Windows Phone gesendet
>
> ----------------------------------------------------------------------
> --
>
> *Von: *Randy Yu <mailto:yu...@ec...>
> *Gesendet: *‎06.‎11.‎2015 18:00
> *An: *ejb...@li...
> <mailto:ejb...@li...>
> *Betreff: *Re: [Ejbca-develop] Superadmin renewal problem
>
> Apologize for bumping this message.  Has anyone else encountered this
> combination before?  Thanks.
>
>
>
> *From:*Randy Yu [mailto:yu...@ec...]
> *Sent:* November-02-15 9:30 AM
> *To:* ejb...@li...
> <mailto:ejb...@li...>
> *Subject:* [Ejbca-develop] Superadmin renewal problem
>
>
>
> Looking for help on a superadmin renewal issue in EJBCA 4.0.16.
>
>
>
> The initial EJBCA CA created in our EJBCA instance is expired, and was
> the CA used to sign the superadmin user.  The superadmin user key is
> also expired so I no longer can gain access to the administration
> section of EJBCA web interface.  Trying to reset the superadmin
> password results in the following stack trace.  Would the expired self
> signed CA be the reason for this, and does re-gaining access to the
> administration section require generating a new self signed CA?
> Thanks in advance for any input.
>
>
>
> An error happened, setting status to FAILED.
>
> javax.ejb.EJBException: Signing CA CN=someCA,O=some,C=US is not active.
>
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:420)
>
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:214)
>
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:232)
>
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
>
>         at java.lang.reflect.Method.invoke(Method.java:597)
>
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation
> .java:122)
>
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:111)
>
>         at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerIn
> vocationWrapper.java:69)
>
>         at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(Intercepto
> rSequencer.java:73)
>
>         at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(Inte
> rceptorSequencer.java:59)
>
>         at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown
> Source)
>
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
>
>         at java.lang.reflect.Method.invoke(Method.java:597)
>
>         at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java
> :174)
>
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:102)
>
>         at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMetho
> d(InvocationContextInterceptor.java:72)
>
>         at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContext
> Interceptor_z_fillMethod_7578460.invoke(InvocationContextInterceptor_z
> _fillMethod_7578460.java)
>
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:102)
>
>         at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(Inv
> ocationContextInterceptor.java:88)
>
>         at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContext
> Interceptor_z_setup_7578460.invoke(InvocationContex
>
>
>
> So it’s stating the self signed CA is offline.  But if I try to either
> activate or deactivate the self signed CA from command line, it
> doesn’t work.
>
>
>
> [root@server]# ./ejbca.sh ca activateca someCA
>
> Enter authorization code:
>
>
>
> CA or CAToken must be offline to be activated.
>
>
>
> [root@server]# ./ejbca.sh ca deactivateca someCA
>
> CA or CAToken must be active to be put offline.
>
>
>
>
>
> ----------------------------------------------------------------------
> --------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: [Ejbca-develop] Superadmin renewal problem

[Anders R. <and...@gm...>]

On 2016-01-25 15:45, Randy Yu wrote:
> Is there any other advice or has anyone else encountered this combination before?
 > Superadmin cannot be renewed because the CA which signed the Superadmin is expired.
 > Other CA's in the instance are not assigned to sign new superadmin's.

I haven't done this myself but it seems that you could renew the expired CA from
the command-line interface.

Anders

>
> -----Original Message-----
> From: Randy Yu [mailto:yu...@ec...]
> Sent: January-21-16 3:02 PM
> To: ejb...@li...
> Subject: Re: [Ejbca-develop] Superadmin renewal problem
>
> Thanks Tomas.  We have renewed the superadmin ca before, but that was when our self signed CA that was used to sign the superadmin was not expired.  What would be the best case to create a superadmin when the CA that signs it is now expired?
>
> -----Original Message-----
> From: Tomas Gustavsson [mailto:to...@pr...]
> Sent: January-20-16 11:07 AM
> To: ejb...@li...
> Subject: Re: [Ejbca-develop] Superadmin renewal problem
>
>
> https://www.ejbca.org/docs/userguide.html#Renewing%20Superadmin
>
> Regards,
> Tomas
> Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information.
> https://www.primekey.se/technologies/products-overview/
> https://www.primekey.se/service-support/support/
>
> On 2016-01-20 16:19, Randy Yu wrote:
>> I don’t believe you can renew the admin CA via batch.  If I’m missing
>> something please let me know.  Has anyone run into this problem
>> before, or is there a way to sign new superadmin users with other CA’s
>> even though I am unable to access the superadmin UI currently?
>>
>>
>>
>>
>>
>> *From:*Ralf Hornik [mailto:rh...@hc...]
>> *Sent:* November-06-15 3:10 PM
>> *To:* ejb...@li...
>> *Subject:* Re: [Ejbca-develop] Superadmin renewal problem
>>
>>
>>
>> Cant you renew the Admin CA via batch?
>>
>> Von meinem Windows Phone gesendet
>>
>> ----------------------------------------------------------------------
>> --
>>
>> *Von: *Randy Yu <mailto:yu...@ec...>
>> *Gesendet: *‎06.‎11.‎2015 18:00
>> *An: *ejb...@li...
>> <mailto:ejb...@li...>
>> *Betreff: *Re: [Ejbca-develop] Superadmin renewal problem
>>
>> Apologize for bumping this message.  Has anyone else encountered this
>> combination before?  Thanks.
>>
>>
>>
>> *From:*Randy Yu [mailto:yu...@ec...]
>> *Sent:* November-02-15 9:30 AM
>> *To:* ejb...@li...
>> <mailto:ejb...@li...>
>> *Subject:* [Ejbca-develop] Superadmin renewal problem
>>
>>
>>
>> Looking for help on a superadmin renewal issue in EJBCA 4.0.16.
>>
>>
>>
>> The initial EJBCA CA created in our EJBCA instance is expired, and was
>> the CA used to sign the superadmin user.  The superadmin user key is
>> also expired so I no longer can gain access to the administration
>> section of EJBCA web interface.  Trying to reset the superadmin
>> password results in the following stack trace.  Would the expired self
>> signed CA be the reason for this, and does re-gaining access to the
>> administration section require generating a new self signed CA?
>> Thanks in advance for any input.
>>
>>
>>
>> An error happened, setting status to FAILED.
>>
>> javax.ejb.EJBException: Signing CA CN=someCA,O=some,C=US is not active.
>>
>>          at
>> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
>> nSessionBean.java:420)
>>
>>          at
>> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
>> nSessionBean.java:214)
>>
>>          at
>> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
>> nSessionBean.java:232)
>>
>>          at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>
>>          at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
>> ava:39)
>>
>>          at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:25)
>>
>>          at java.lang.reflect.Method.invoke(Method.java:597)
>>
>>          at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation
>> .java:122)
>>
>>          at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
>> ava:111)
>>
>>          at
>> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerIn
>> vocationWrapper.java:69)
>>
>>          at
>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(Intercepto
>> rSequencer.java:73)
>>
>>          at
>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(Inte
>> rceptorSequencer.java:59)
>>
>>          at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown
>> Source)
>>
>>          at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
>> orImpl.java:25)
>>
>>          at java.lang.reflect.Method.invoke(Method.java:597)
>>
>>          at
>> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java
>> :174)
>>
>>          at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
>> ava:102)
>>
>>          at
>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMetho
>> d(InvocationContextInterceptor.java:72)
>>
>>          at
>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContext
>> Interceptor_z_fillMethod_7578460.invoke(InvocationContextInterceptor_z
>> _fillMethod_7578460.java)
>>
>>          at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
>> ava:102)
>>
>>          at
>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(Inv
>> ocationContextInterceptor.java:88)
>>
>>          at
>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContext
>> Interceptor_z_setup_7578460.invoke(InvocationContex
>>
>>
>>
>> So it’s stating the self signed CA is offline.  But if I try to either
>> activate or deactivate the self signed CA from command line, it
>> doesn’t work.
>>
>>
>>
>> [root@server]# ./ejbca.sh ca activateca someCA
>>
>> Enter authorization code:
>>
>>
>>
>> CA or CAToken must be offline to be activated.
>>
>>
>>
>> [root@server]# ./ejbca.sh ca deactivateca someCA
>>
>> CA or CAToken must be active to be put offline.
>>
>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> --------
>> Site24x7 APM Insight: Get Deep Visibility into Application Performance
>> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
>> Monitor end-to-end web transactions and take corrective actions now
>> Troubleshoot faster and improve end-user experience. Signup Now!
>> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
>>
>>
>>
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] Superadmin renewal problem

[Randy Yu <yu...@ec...>]

Is there any other advice or has anyone else encountered this combination before?  Superadmin cannot be renewed because the CA which signed the Superadmin is expired.  Other CA's in the instance are not assigned to sign new superadmin's.

-----Original Message-----
From: Randy Yu [mailto:yu...@ec...] 
Sent: January-21-16 3:02 PM
To: ejb...@li...
Subject: Re: [Ejbca-develop] Superadmin renewal problem

Thanks Tomas.  We have renewed the superadmin ca before, but that was when our self signed CA that was used to sign the superadmin was not expired.  What would be the best case to create a superadmin when the CA that signs it is now expired?

-----Original Message-----
From: Tomas Gustavsson [mailto:to...@pr...] 
Sent: January-20-16 11:07 AM
To: ejb...@li...
Subject: Re: [Ejbca-develop] Superadmin renewal problem


https://www.ejbca.org/docs/userguide.html#Renewing%20Superadmin

Regards,
Tomas
Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information.
https://www.primekey.se/technologies/products-overview/
https://www.primekey.se/service-support/support/

On 2016-01-20 16:19, Randy Yu wrote:
> I don’t believe you can renew the admin CA via batch.  If I’m missing 
> something please let me know.  Has anyone run into this problem 
> before, or is there a way to sign new superadmin users with other CA’s 
> even though I am unable to access the superadmin UI currently?
> 
>  
> 
>  
> 
> *From:*Ralf Hornik [mailto:rh...@hc...]
> *Sent:* November-06-15 3:10 PM
> *To:* ejb...@li...
> *Subject:* Re: [Ejbca-develop] Superadmin renewal problem
> 
>  
> 
> Cant you renew the Admin CA via batch?
> 
> Von meinem Windows Phone gesendet
> 
> ----------------------------------------------------------------------
> --
> 
> *Von: *Randy Yu <mailto:yu...@ec...>
> *Gesendet: *‎06.‎11.‎2015 18:00
> *An: *ejb...@li...
> <mailto:ejb...@li...>
> *Betreff: *Re: [Ejbca-develop] Superadmin renewal problem
> 
> Apologize for bumping this message.  Has anyone else encountered this 
> combination before?  Thanks.
> 
>  
> 
> *From:*Randy Yu [mailto:yu...@ec...]
> *Sent:* November-02-15 9:30 AM
> *To:* ejb...@li...
> <mailto:ejb...@li...>
> *Subject:* [Ejbca-develop] Superadmin renewal problem
> 
>  
> 
> Looking for help on a superadmin renewal issue in EJBCA 4.0.16.
> 
>  
> 
> The initial EJBCA CA created in our EJBCA instance is expired, and was 
> the CA used to sign the superadmin user.  The superadmin user key is 
> also expired so I no longer can gain access to the administration 
> section of EJBCA web interface.  Trying to reset the superadmin 
> password results in the following stack trace.  Would the expired self 
> signed CA be the reason for this, and does re-gaining access to the 
> administration section require generating a new self signed CA?  
> Thanks in advance for any input.
> 
>  
> 
> An error happened, setting status to FAILED.
> 
> javax.ejb.EJBException: Signing CA CN=someCA,O=some,C=US is not active.
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:420)
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:214)
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:232)
> 
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
> 
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> 
>         at java.lang.reflect.Method.invoke(Method.java:597)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation
> .java:122)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:111)
> 
>         at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerIn
> vocationWrapper.java:69)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(Intercepto
> rSequencer.java:73)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(Inte
> rceptorSequencer.java:59)
> 
>         at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown 
> Source)
> 
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> 
>         at java.lang.reflect.Method.invoke(Method.java:597)
> 
>         at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java
> :174)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:102)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMetho
> d(InvocationContextInterceptor.java:72)
> 
>         at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContext
> Interceptor_z_fillMethod_7578460.invoke(InvocationContextInterceptor_z
> _fillMethod_7578460.java)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:102)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(Inv
> ocationContextInterceptor.java:88)
> 
>         at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContext
> Interceptor_z_setup_7578460.invoke(InvocationContex
> 
>  
> 
> So it’s stating the self signed CA is offline.  But if I try to either 
> activate or deactivate the self signed CA from command line, it 
> doesn’t work.
> 
>  
> 
> [root@server]# ./ejbca.sh ca activateca someCA
> 
> Enter authorization code:
> 
>  
> 
> CA or CAToken must be offline to be activated.
> 
>  
> 
> [root@server]# ./ejbca.sh ca deactivateca someCA
> 
> CA or CAToken must be active to be put offline.
> 
>  
> 
> 
> 
> ----------------------------------------------------------------------
> --------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance 
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month 
> Monitor end-to-end web transactions and take corrective actions now 
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: [Ejbca-develop] Superadmin renewal problem

[Randy Yu <yu...@ec...>]

Thanks Tomas.  We have renewed the superadmin ca before, but that was when our self signed CA that was used to sign the superadmin was not expired.  What would be the best case to create a superadmin when the CA that signs it is now expired?

-----Original Message-----
From: Tomas Gustavsson [mailto:to...@pr...] 
Sent: January-20-16 11:07 AM
To: ejb...@li...
Subject: Re: [Ejbca-develop] Superadmin renewal problem


https://www.ejbca.org/docs/userguide.html#Renewing%20Superadmin

Regards,
Tomas
Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information.
https://www.primekey.se/technologies/products-overview/
https://www.primekey.se/service-support/support/

On 2016-01-20 16:19, Randy Yu wrote:
> I don’t believe you can renew the admin CA via batch.  If I’m missing 
> something please let me know.  Has anyone run into this problem 
> before, or is there a way to sign new superadmin users with other CA’s 
> even though I am unable to access the superadmin UI currently?
> 
>  
> 
>  
> 
> *From:*Ralf Hornik [mailto:rh...@hc...]
> *Sent:* November-06-15 3:10 PM
> *To:* ejb...@li...
> *Subject:* Re: [Ejbca-develop] Superadmin renewal problem
> 
>  
> 
> Cant you renew the Admin CA via batch?
> 
> Von meinem Windows Phone gesendet
> 
> ----------------------------------------------------------------------
> --
> 
> *Von: *Randy Yu <mailto:yu...@ec...>
> *Gesendet: *‎06.‎11.‎2015 18:00
> *An: *ejb...@li...
> <mailto:ejb...@li...>
> *Betreff: *Re: [Ejbca-develop] Superadmin renewal problem
> 
> Apologize for bumping this message.  Has anyone else encountered this 
> combination before?  Thanks.
> 
>  
> 
> *From:*Randy Yu [mailto:yu...@ec...]
> *Sent:* November-02-15 9:30 AM
> *To:* ejb...@li...
> <mailto:ejb...@li...>
> *Subject:* [Ejbca-develop] Superadmin renewal problem
> 
>  
> 
> Looking for help on a superadmin renewal issue in EJBCA 4.0.16.
> 
>  
> 
> The initial EJBCA CA created in our EJBCA instance is expired, and was 
> the CA used to sign the superadmin user.  The superadmin user key is 
> also expired so I no longer can gain access to the administration 
> section of EJBCA web interface.  Trying to reset the superadmin 
> password results in the following stack trace.  Would the expired self 
> signed CA be the reason for this, and does re-gaining access to the 
> administration section require generating a new self signed CA?  
> Thanks in advance for any input.
> 
>  
> 
> An error happened, setting status to FAILED.
> 
> javax.ejb.EJBException: Signing CA CN=someCA,O=some,C=US is not active.
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:420)
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:214)
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASig
> nSessionBean.java:232)
> 
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.j
> ava:39)
> 
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> 
>         at java.lang.reflect.Method.invoke(Method.java:597)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation
> .java:122)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:111)
> 
>         at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerIn
> vocationWrapper.java:69)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(Intercepto
> rSequencer.java:73)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(Inte
> rceptorSequencer.java:59)
> 
>         at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown 
> Source)
> 
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccess
> orImpl.java:25)
> 
>         at java.lang.reflect.Method.invoke(Method.java:597)
> 
>         at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java
> :174)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:102)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMetho
> d(InvocationContextInterceptor.java:72)
> 
>         at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContext
> Interceptor_z_fillMethod_7578460.invoke(InvocationContextInterceptor_z
> _fillMethod_7578460.java)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.j
> ava:102)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(Inv
> ocationContextInterceptor.java:88)
> 
>         at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContext
> Interceptor_z_setup_7578460.invoke(InvocationContex
> 
>  
> 
> So it’s stating the self signed CA is offline.  But if I try to either 
> activate or deactivate the self signed CA from command line, it 
> doesn’t work.
> 
>  
> 
> [root@server]# ./ejbca.sh ca activateca someCA
> 
> Enter authorization code:
> 
>  
> 
> CA or CAToken must be offline to be activated.
> 
>  
> 
> [root@server]# ./ejbca.sh ca deactivateca someCA
> 
> CA or CAToken must be active to be put offline.
> 
>  
> 
> 
> 
> ----------------------------------------------------------------------
> --------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance 
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month 
> Monitor end-to-end web transactions and take corrective actions now 
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: [Ejbca-develop] Superadmin renewal problem

[Tomas G. <to...@pr...>]

https://www.ejbca.org/docs/userguide.html#Renewing%20Superadmin

Regards,
Tomas
Save time and money with an Enterprise support subscription. Please see
www.primekey.se for more information.
https://www.primekey.se/technologies/products-overview/
https://www.primekey.se/service-support/support/

On 2016-01-20 16:19, Randy Yu wrote:
> I don’t believe you can renew the admin CA via batch.  If I’m missing
> something please let me know.  Has anyone run into this problem before,
> or is there a way to sign new superadmin users with other CA’s even
> though I am unable to access the superadmin UI currently?
> 
>  
> 
>  
> 
> *From:*Ralf Hornik [mailto:rh...@hc...]
> *Sent:* November-06-15 3:10 PM
> *To:* ejb...@li...
> *Subject:* Re: [Ejbca-develop] Superadmin renewal problem
> 
>  
> 
> Cant you renew the Admin CA via batch?
> 
> Von meinem Windows Phone gesendet
> 
> ------------------------------------------------------------------------
> 
> *Von: *Randy Yu <mailto:yu...@ec...>
> *Gesendet: *‎06.‎11.‎2015 18:00
> *An: *ejb...@li...
> <mailto:ejb...@li...>
> *Betreff: *Re: [Ejbca-develop] Superadmin renewal problem
> 
> Apologize for bumping this message.  Has anyone else encountered this
> combination before?  Thanks.
> 
>  
> 
> *From:*Randy Yu [mailto:yu...@ec...]
> *Sent:* November-02-15 9:30 AM
> *To:* ejb...@li...
> <mailto:ejb...@li...>
> *Subject:* [Ejbca-develop] Superadmin renewal problem
> 
>  
> 
> Looking for help on a superadmin renewal issue in EJBCA 4.0.16.
> 
>  
> 
> The initial EJBCA CA created in our EJBCA instance is expired, and was
> the CA used to sign the superadmin user.  The superadmin user key is
> also expired so I no longer can gain access to the administration
> section of EJBCA web interface.  Trying to reset the superadmin password
> results in the following stack trace.  Would the expired self signed CA
> be the reason for this, and does re-gaining access to the administration
> section require generating a new self signed CA?  Thanks in advance for
> any input.
> 
>  
> 
> An error happened, setting status to FAILED.
> 
> javax.ejb.EJBException: Signing CA CN=someCA,O=some,C=US is not active.
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:420)
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:214)
> 
>         at
> org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:232)
> 
>         at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 
>         at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 
>         at java.lang.reflect.Method.invoke(Method.java:597)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> 
>         at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> 
>         at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown Source)
> 
>         at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 
>         at java.lang.reflect.Method.invoke(Method.java:597)
> 
>         at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> 
>         at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_7578460.invoke(InvocationContextInterceptor_z_fillMethod_7578460.java)
> 
>         at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 
>         at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> 
>         at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_7578460.invoke(InvocationContex
> 
>  
> 
> So it’s stating the self signed CA is offline.  But if I try to either
> activate or deactivate the self signed CA from command line, it doesn’t
> work.
> 
>  
> 
> [root@server]# ./ejbca.sh ca activateca someCA
> 
> Enter authorization code:
> 
>  
> 
> CA or CAToken must be offline to be activated.
> 
>  
> 
> [root@server]# ./ejbca.sh ca deactivateca someCA
> 
> CA or CAToken must be active to be put offline.
> 
>  
> 
> 
> 
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

Re: [Ejbca-develop] Superadmin renewal problem

[Randy Yu <yu...@ec...>]

I don’t believe you can renew the admin CA via batch.  If I’m missing something please let me know.  Has anyone run into this problem before, or is there a way to sign new superadmin users with other CA’s even though I am unable to access the superadmin UI currently?


From: Ralf Hornik [mailto:rh...@hc...]
Sent: November-06-15 3:10 PM
To: ejb...@li...
Subject: Re: [Ejbca-develop] Superadmin renewal problem

Cant you renew the Admin CA via batch?

Von meinem Windows Phone gesendet
________________________________
Von: Randy Yu<mailto:yu...@ec...>
Gesendet: ‎06.‎11.‎2015 18:00
An: ejb...@li...<mailto:ejb...@li...>
Betreff: Re: [Ejbca-develop] Superadmin renewal problem
Apologize for bumping this message.  Has anyone else encountered this combination before?  Thanks.

From: Randy Yu [mailto:yu...@ec...]
Sent: November-02-15 9:30 AM
To: ejb...@li...<mailto:ejb...@li...>
Subject: [Ejbca-develop] Superadmin renewal problem

Looking for help on a superadmin renewal issue in EJBCA 4.0.16.

The initial EJBCA CA created in our EJBCA instance is expired, and was the CA used to sign the superadmin user.  The superadmin user key is also expired so I no longer can gain access to the administration section of EJBCA web interface.  Trying to reset the superadmin password results in the following stack trace.  Would the expired self signed CA be the reason for this, and does re-gaining access to the administration section require generating a new self signed CA?  Thanks in advance for any input.

An error happened, setting status to FAILED.
javax.ejb.EJBException: Signing CA CN=someCA,O=some,C=US is not active.
        at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:420)
        at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:214)
        at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:232)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
        at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
        at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
        at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
        at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
        at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown Source)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
        at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
        at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
        at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_7578460.invoke(InvocationContextInterceptor_z_fillMethod_7578460.java)
        at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
        at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
        at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_7578460.invoke(InvocationContex

So it’s stating the self signed CA is offline.  But if I try to either activate or deactivate the self signed CA from command line, it doesn’t work.

[root@server]# ./ejbca.sh ca activateca someCA
Enter authorization code:

CA or CAToken must be offline to be activated.

[root@server]# ./ejbca.sh ca deactivateca someCA
CA or CAToken must be active to be put offline.

Re: [Ejbca-develop] Hanging when creating a new CA

[Quintin B. <qui...@ja...>]

Hi Nick,

Manuel raised a valid concern. I had some a lot of problems deploying EJBCA to JBoss 7, running on a VM with a single core. When I gave the VM an extra core the problems disappeared.

Quintin

----- Original Message -----
From: "Manuel Dejonghe" <ma...@de...>
To: "ejbca-develop" <ejb...@li...>
Sent: Wednesday, 20 January, 2016 10:23:32 AM
Subject: Re: [Ejbca-develop] Hanging when creating a new CA

On Tue, Jan 19, 2016 at 8:14 PM, Nick Clark
<nic...@k3...> wrote:
> Thanks for responding to what I know is a rather generic question. The
> environment is as follows:
>
> Fresh install
> Keysize is/will be: 4096
> Environment: Docker
> CPU: 1
> Threads: 1
> Java: 1.6.0_45
> JBoss: 7.1.1
> EJBCA CE 6.3.1.1
>
> I'll look into increasing the CPU's.

Jep, I strongly recommend that. I am only lurking here, but as far as
I understand, some JBoss versions have issues with having only a total
of one core assigned.

cheers,
Manuel

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

JACKLIN ENTERPRISES
Quintin Beukes
Tel: +27 11 265 4442
Fax: +27 11 314 2984
Email: qui...@ja...

@|from|wwwhomepage|@

This e-mail may contain confidential information belonging to the sender which is legally privileged. It is the responsibility of the recipient to ensure that any e-mails or attachments are virus free as Jacklin Enterprises accepts no responsibility. Should you not be the intended recipient then any disclosure, copying, distribution or the taking of any action in reliance of the contents of this email is strictly prohibited. If you have received this transmission in error, please notify the sender immediately. 

Jacklin Enterprises Limited is registered in England No. 4398837 Registered office: 3rd Floor, 12 Gough Square, London, EC4A 3DW. VAT Registration No: 831 0256 68.

Please consider the environment before printing this email.

Re: [Ejbca-develop] Hanging when creating a new CA

[Manuel D. <ma...@de...>]

On Tue, Jan 19, 2016 at 8:14 PM, Nick Clark
<nic...@k3...> wrote:
> Thanks for responding to what I know is a rather generic question. The
> environment is as follows:
>
> Fresh install
> Keysize is/will be: 4096
> Environment: Docker
> CPU: 1
> Threads: 1
> Java: 1.6.0_45
> JBoss: 7.1.1
> EJBCA CE 6.3.1.1
>
> I'll look into increasing the CPU's.

Jep, I strongly recommend that. I am only lurking here, but as far as
I understand, some JBoss versions have issues with having only a total
of one core assigned.

cheers,
Manuel

Re: [Ejbca-develop] Hanging when creating a new CA

[Nick C. <nic...@k3...>]

Thanks for responding to what I know is a rather generic question. The
environment is as follows:

Fresh install
Keysize is/will be: 4096
Environment: Docker
CPU: 1
Threads: 1
Java: 1.6.0_45
JBoss: 7.1.1
EJBCA CE 6.3.1.1

I'll look into increasing the CPU's.

Thanks,

Nick


On Mon, Jan 18, 2016 at 6:48 PM Manuel Dejonghe <ma...@de...> wrote:

> On Tue, Jan 19, 2016 at 2:09 AM, Nick Clark
> <nic...@k3...> wrote:
> > Hi,
> >
> > I'm setting up a new deployment. Upon making a new CA from the management
> > page, It hangs indefinitely. The logs don't show anything and CPU maxes
> out.
> >
> > Any direction on what I should be looking at to debug this problem would
> be
> > handy.
>
> Could it perhaps be that the key generation actually takes that long ?
> Keysize, virtual machine perhaps, only little CPU ressources assigned,
> SoftKeys, very little entropy existing in the virtual machine ?
>
> Is there an HSM involved ?
>
> Otherwise I guess the guys will need your EJBCA version, your Java/JVM
> version, your application server and version of that, number of CPU
> cores assigned to the virtual machine and if possible, the logfile of
> the application server, even if you say they don't show anything.
> Is it a fresh installation, or have you been playing with it before,
> did you upgrade recently ?
>
> cheers,
> Manuel
>
>
> ------------------------------------------------------------------------------
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] Hanging when creating a new CA

[Manuel D. <ma...@de...>]

On Tue, Jan 19, 2016 at 2:09 AM, Nick Clark
<nic...@k3...> wrote:
> Hi,
>
> I'm setting up a new deployment. Upon making a new CA from the management
> page, It hangs indefinitely. The logs don't show anything and CPU maxes out.
>
> Any direction on what I should be looking at to debug this problem would be
> handy.

Could it perhaps be that the key generation actually takes that long ?
Keysize, virtual machine perhaps, only little CPU ressources assigned,
SoftKeys, very little entropy existing in the virtual machine ?

Is there an HSM involved ?

Otherwise I guess the guys will need your EJBCA version, your Java/JVM
version, your application server and version of that, number of CPU
cores assigned to the virtual machine and if possible, the logfile of
the application server, even if you say they don't show anything.
Is it a fresh installation, or have you been playing with it before,
did you upgrade recently ?

cheers,
Manuel

[Ejbca-develop] Hanging when creating a new CA

[Nick C. <nic...@k3...>]

Hi,

I'm setting up a new deployment. Upon making a new CA from the management
page, It hangs indefinitely. The logs don't show anything and CPU maxes out.

Any direction on what I should be looking at to debug this problem would be
handy.

Thanks,

Nick

Re: [Ejbca-develop] Running EJBCA with systemd

[Tomas G. <to...@pr...>]

I added the sample file to the EJBCA repo.

https://jira.primekey.se/browse/ECA-4717

Regards,
Tomas

On 2016-01-07 04:05, Christian Felsing wrote:
> Hello,
> 
> this is a ejbca.service file which works with EJBCA, it should be
> located at /usr/lib/systemd/system and works with CentOS7.2.
> 
> ---cut here--
> [Unit]
> Description=EJBCA PKI
> After=network.target mariadb.service
> 
> [Service]
> Type=simple
> User=ejbca
> Group=ejbca
> WorkingDirectory=/home/ejbca
> ExecStart=/home/ejbca/jboss/bin/standalone.sh -b 127.0.0.1
> ExecStop=/home/ejbca/jboss/bin/jboss-cli.sh --connect command=:shutdown
> Restart=on-failure
> RestartSec=300s
> 
> [Install]
> WantedBy=multi-user.target
> ---cut here--
> 
> It assumes:
> 
> * EJBCA is running as user ejbca
> * JBoss is installed on /home/ejbca/jboss
> * not forking
> * database is MariaDB
> 
> see also https://gist.github.com/ip6li/1b92a019567afdb5ff62
> 
> Christian
> 
> 
> 
> ------------------------------------------------------------------------------
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>