Menu
▾
▴
ejbca-develop — Development discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(3) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(3) |
Feb
(2) |
Mar
(8) |
Apr
(3) |
May
(6) |
Jun
(1) |
Jul
(15) |
Aug
(6) |
Sep
|
Oct
(10) |
Nov
(2) |
Dec
(4) |
| 2003 |
Jan
(1) |
Feb
(7) |
Mar
(3) |
Apr
(6) |
May
(7) |
Jun
(5) |
Jul
(5) |
Aug
(25) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
(2) |
| 2004 |
Jan
(7) |
Feb
(4) |
Mar
(12) |
Apr
(16) |
May
(43) |
Jun
(56) |
Jul
(43) |
Aug
(40) |
Sep
(66) |
Oct
(12) |
Nov
(26) |
Dec
(10) |
| 2005 |
Jan
(13) |
Feb
(33) |
Mar
(16) |
Apr
(7) |
May
(10) |
Jun
(34) |
Jul
(41) |
Aug
(8) |
Sep
(4) |
Oct
(32) |
Nov
(20) |
Dec
(25) |
| 2006 |
Jan
(30) |
Feb
(101) |
Mar
(5) |
Apr
(75) |
May
(74) |
Jun
(22) |
Jul
(6) |
Aug
(70) |
Sep
(19) |
Oct
(21) |
Nov
(31) |
Dec
(50) |
| 2007 |
Jan
(15) |
Feb
(20) |
Mar
(24) |
Apr
(33) |
May
(13) |
Jun
(18) |
Jul
(13) |
Aug
(7) |
Sep
(63) |
Oct
(68) |
Nov
(29) |
Dec
(68) |
| 2008 |
Jan
(30) |
Feb
(33) |
Mar
(30) |
Apr
(103) |
May
(78) |
Jun
(48) |
Jul
(72) |
Aug
(24) |
Sep
(62) |
Oct
(63) |
Nov
(70) |
Dec
(37) |
| 2009 |
Jan
(34) |
Feb
(35) |
Mar
(64) |
Apr
(34) |
May
(34) |
Jun
(58) |
Jul
(30) |
Aug
(30) |
Sep
(46) |
Oct
(52) |
Nov
(12) |
Dec
(23) |
| 2010 |
Jan
(121) |
Feb
(18) |
Mar
(53) |
Apr
(62) |
May
(62) |
Jun
(20) |
Jul
(33) |
Aug
(20) |
Sep
(36) |
Oct
(35) |
Nov
(44) |
Dec
(63) |
| 2011 |
Jan
(19) |
Feb
(32) |
Mar
(94) |
Apr
(41) |
May
(47) |
Jun
(25) |
Jul
(34) |
Aug
(20) |
Sep
(9) |
Oct
(41) |
Nov
(33) |
Dec
(24) |
| 2012 |
Jan
(12) |
Feb
(36) |
Mar
(48) |
Apr
(32) |
May
(20) |
Jun
(15) |
Jul
(32) |
Aug
(13) |
Sep
(33) |
Oct
(54) |
Nov
(25) |
Dec
(16) |
| 2013 |
Jan
(45) |
Feb
(39) |
Mar
(38) |
Apr
(50) |
May
(29) |
Jun
(30) |
Jul
(33) |
Aug
(12) |
Sep
(9) |
Oct
(25) |
Nov
(29) |
Dec
(20) |
| 2014 |
Jan
(25) |
Feb
(19) |
Mar
(16) |
Apr
(33) |
May
(27) |
Jun
(37) |
Jul
(29) |
Aug
(27) |
Sep
(37) |
Oct
(58) |
Nov
(109) |
Dec
(26) |
| 2015 |
Jan
(4) |
Feb
(35) |
Mar
(22) |
Apr
(35) |
May
(28) |
Jun
(20) |
Jul
(4) |
Aug
(16) |
Sep
(37) |
Oct
(13) |
Nov
(13) |
Dec
(14) |
| 2016 |
Jan
(22) |
Feb
(7) |
Mar
(23) |
Apr
(30) |
May
(10) |
Jun
(10) |
Jul
(15) |
Aug
(12) |
Sep
(22) |
Oct
(31) |
Nov
(5) |
Dec
(5) |
| 2017 |
Jan
(30) |
Feb
(25) |
Mar
(28) |
Apr
(4) |
May
(19) |
Jun
(13) |
Jul
(7) |
Aug
(1) |
Sep
(2) |
Oct
(5) |
Nov
(12) |
Dec
(2) |
| 2018 |
Jan
(7) |
Feb
|
Mar
(7) |
Apr
(2) |
May
(8) |
Jun
(18) |
Jul
(6) |
Aug
(3) |
Sep
(15) |
Oct
(33) |
Nov
(13) |
Dec
(7) |
| 2019 |
Jan
(5) |
Feb
(7) |
Mar
(30) |
Apr
(5) |
May
(4) |
Jun
(69) |
Jul
(86) |
Aug
(22) |
Sep
(6) |
Oct
(7) |
Nov
(5) |
Dec
(3) |
| 2020 |
Jan
(10) |
Feb
(12) |
Mar
(22) |
Apr
(5) |
May
(1) |
Jun
(4) |
Jul
(6) |
Aug
|
Sep
(9) |
Oct
|
Nov
|
Dec
(1) |
| 2021 |
Jan
(4) |
Feb
(11) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(3) |
Jul
(10) |
Aug
(6) |
Sep
|
Oct
|
Nov
(18) |
Dec
(2) |
| 2022 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Anders R. <and...@gm...> - 2014-08-09 14:45:35
|
On 2014-08-09 14:34, Pavel Bychykhin wrote: > Hello Everyone, > In the public EJBCA pages, is there any difference between "Create > Browser Certificate" and "Create Keystore". Because I don't see any. > The only thing that affects this menus behavior is the "Token" option > from "Edit End Entity" dialogue. > If I chose "User Generated" than both "Create Browser Certificate" and > "Create Keystore" show a browser certificate enrollment page where I can > chose a Key length (High grade or Medium grade). As an outcome I get a > certificate installed into browser automatically. > If I chose "P12 file" than both "Create Browser Certificate" and "Create > Keystore" show a EJBCA Token Certificate Enrollment (keystore > enrollment) page where I can chose a Key length from all the spectrum I > set up in a Certificate profile. As an outcome I get a P12 keystore > (file) which I have to save somewhere. > So why do we need two enrollment options with different names but with > the similar behavior? > You are right, EJBCA appears to be smarter these days than before. It was (also for me) somewhat surprising but it works :-) Anders |
|
From: Pavel B. <byc...@ht...> - 2014-08-09 12:34:44
|
Hello Everyone, In the public EJBCA pages, is there any difference between "Create Browser Certificate" and "Create Keystore". Because I don't see any. The only thing that affects this menus behavior is the "Token" option from "Edit End Entity" dialogue. If I chose "User Generated" than both "Create Browser Certificate" and "Create Keystore" show a browser certificate enrollment page where I can chose a Key length (High grade or Medium grade). As an outcome I get a certificate installed into browser automatically. If I chose "P12 file" than both "Create Browser Certificate" and "Create Keystore" show a EJBCA Token Certificate Enrollment (keystore enrollment) page where I can chose a Key length from all the spectrum I set up in a Certificate profile. As an outcome I get a P12 keystore (file) which I have to save somewhere. So why do we need two enrollment options with different names but with the similar behavior? -- Best regards, Pavel |
|
From: eilaf s. <eil...@gm...> - 2014-08-05 09:24:38
|
Hello, I would like to ask you what is the difference between management certification authority, signing Certification authority and authentication certification authority? If management certification authority do authentication and signing what is the need for seperated authentication and signing certification authority? How to setup/Install each of them? Regards, -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
|
From: Anders R. <and...@gm...> - 2014-08-04 14:42:12
|
I have built a plugin to EJBCA that does secure messaging so it is possible at least. You can test it here: https://mobilepki.org/scc Yes, it is my take on secure messaging :-) Anders On 2014-08-04 13:47, Tomas Gustavsson wrote: > Thanks Andreas, > > It would be great fun to test. Honestly though, it will be hard to get > the time to do it without business driver at this time unfortunately. > There's just too much to do just to have business running. > > Cheers, > Tomas > > On 2014-07-28 10:11, Andreas Schwier wrote: >> Hi Tomas, >> >> let me know if you would like to get some SmartCard-HSM samples. >> >> I'm not really a J2EE expert, so I'm probably not in position to code that. >> >> Andreas >> >> On 07/22/2014 12:48 PM, Tomas Gustavsson wrote: >>> >>> So for EJBCA a new CryptoToken is probably needed, in order to use your >>> the provider (sine it is not generic PKCS#11). >>> >>> That's a very isolated code though, and can be done in an almost >>> pluggable way I think. >>> >>> Cheers, >>> Tomas >>> >>> On 2014-07-21 14:43, Andreas Schwier wrote: >>>> After the client connects to the server, the server reads the device and >>>> device issuer CV-certificates from the SmartCard-HSM and verifies the >>>> integrity and authenticity of the device authentication public key. This >>>> public key is then used to establish symmetric session keys using ECDH >>>> and an ephemeral key pair at the server. The session keys are >>>> subsequently used to protect all APDU exchange between the server and >>>> the remote device. This happens in the OCF layer and is transparent at >>>> the JCE layer. >>>> >>>> Using this mechanism, the CA server knows that he talks to an identified >>>> and authentic remote device. Encryption and MACing in the secure channel >>>> protects all data exchanged, in particular data to be signed by the >>>> private key in the remote device. >>>> >>>> CV certificates are used because they are considerably smaller that >>>> X.509 certificates. >>>> >>>> The mechanics are similar to TLS server authentication, with the smart >>>> card as the server and X.509 certificates replaced by CV-certificates. >>>> The protection is actually on the APDU layer, HTTP is just used as >>>> transport channel to carry APDU exchange. >>>> >>>> Andreas >>>> >>>> On 07/21/2014 01:45 PM, Andreas Kuehne wrote: >>>>> Hi Andreas, >>>>>> Would be interesting to get something like this integrated with EJBCA. >>>>>> >>>>>> That shouldn't be too complicated: The server side is just a small >>>>>> servlet that provides the APDU channel via HTTP to the device on the >>>>>> client side. The servlet talks to OCF on the server and a JCE Provider >>>>>> on top of it. >>>>>> >>>>>> The CA would just need to access the private key operation via JCE. >>>>> I would go with any security enhancement ... but dtmo the >>>>> cv-certificates do make sense when two cards interact. If one and is a >>>>> server with 'usual' security level it does not provide any benefit, does >>>>> it? Just just a strong link to chain but leave the other links weak as >>>>> they are ... >>>>> >>>>> Greetings, >>>>> >>>>> Andreas Kuehne >>>>> >>>>> >>>> >>>> >>> >>> ------------------------------------------------------------------------------ >>> Want fast and easy access to all the code in your enterprise? Index and >>> search up to 200,000 lines of code with a free copy of Black Duck >>> Code Sight - the same software that powers the world's largest code >>> search on Ohloh, the Black Duck Open Hub! Try it now. >>> http://p.sf.net/sfu/bds >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> >> > > ------------------------------------------------------------------------------ > Infragistics Professional > Build stunning WinForms apps today! > Reboot your WinForms applications with our WinForms controls. > Build a bridge from your legacy apps to the future. > http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Tomas G. <to...@pr...> - 2014-08-04 11:47:34
|
Thanks Andreas, It would be great fun to test. Honestly though, it will be hard to get the time to do it without business driver at this time unfortunately. There's just too much to do just to have business running. Cheers, Tomas On 2014-07-28 10:11, Andreas Schwier wrote: > Hi Tomas, > > let me know if you would like to get some SmartCard-HSM samples. > > I'm not really a J2EE expert, so I'm probably not in position to code that. > > Andreas > > On 07/22/2014 12:48 PM, Tomas Gustavsson wrote: >> >> So for EJBCA a new CryptoToken is probably needed, in order to use your >> the provider (sine it is not generic PKCS#11). >> >> That's a very isolated code though, and can be done in an almost >> pluggable way I think. >> >> Cheers, >> Tomas >> >> On 2014-07-21 14:43, Andreas Schwier wrote: >>> After the client connects to the server, the server reads the device and >>> device issuer CV-certificates from the SmartCard-HSM and verifies the >>> integrity and authenticity of the device authentication public key. This >>> public key is then used to establish symmetric session keys using ECDH >>> and an ephemeral key pair at the server. The session keys are >>> subsequently used to protect all APDU exchange between the server and >>> the remote device. This happens in the OCF layer and is transparent at >>> the JCE layer. >>> >>> Using this mechanism, the CA server knows that he talks to an identified >>> and authentic remote device. Encryption and MACing in the secure channel >>> protects all data exchanged, in particular data to be signed by the >>> private key in the remote device. >>> >>> CV certificates are used because they are considerably smaller that >>> X.509 certificates. >>> >>> The mechanics are similar to TLS server authentication, with the smart >>> card as the server and X.509 certificates replaced by CV-certificates. >>> The protection is actually on the APDU layer, HTTP is just used as >>> transport channel to carry APDU exchange. >>> >>> Andreas >>> >>> On 07/21/2014 01:45 PM, Andreas Kuehne wrote: >>>> Hi Andreas, >>>>> Would be interesting to get something like this integrated with EJBCA. >>>>> >>>>> That shouldn't be too complicated: The server side is just a small >>>>> servlet that provides the APDU channel via HTTP to the device on the >>>>> client side. The servlet talks to OCF on the server and a JCE Provider >>>>> on top of it. >>>>> >>>>> The CA would just need to access the private key operation via JCE. >>>> I would go with any security enhancement ... but dtmo the >>>> cv-certificates do make sense when two cards interact. If one and is a >>>> server with 'usual' security level it does not provide any benefit, does >>>> it? Just just a strong link to chain but leave the other links weak as >>>> they are ... >>>> >>>> Greetings, >>>> >>>> Andreas Kuehne >>>> >>>> >>> >>> >> >> ------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > |
|
From: Andreas S. <and...@ca...> - 2014-07-28 08:11:36
|
Hi Tomas, let me know if you would like to get some SmartCard-HSM samples. I'm not really a J2EE expert, so I'm probably not in position to code that. Andreas On 07/22/2014 12:48 PM, Tomas Gustavsson wrote: > > So for EJBCA a new CryptoToken is probably needed, in order to use your > the provider (sine it is not generic PKCS#11). > > That's a very isolated code though, and can be done in an almost > pluggable way I think. > > Cheers, > Tomas > > On 2014-07-21 14:43, Andreas Schwier wrote: >> After the client connects to the server, the server reads the device and >> device issuer CV-certificates from the SmartCard-HSM and verifies the >> integrity and authenticity of the device authentication public key. This >> public key is then used to establish symmetric session keys using ECDH >> and an ephemeral key pair at the server. The session keys are >> subsequently used to protect all APDU exchange between the server and >> the remote device. This happens in the OCF layer and is transparent at >> the JCE layer. >> >> Using this mechanism, the CA server knows that he talks to an identified >> and authentic remote device. Encryption and MACing in the secure channel >> protects all data exchanged, in particular data to be signed by the >> private key in the remote device. >> >> CV certificates are used because they are considerably smaller that >> X.509 certificates. >> >> The mechanics are similar to TLS server authentication, with the smart >> card as the server and X.509 certificates replaced by CV-certificates. >> The protection is actually on the APDU layer, HTTP is just used as >> transport channel to carry APDU exchange. >> >> Andreas >> >> On 07/21/2014 01:45 PM, Andreas Kuehne wrote: >>> Hi Andreas, >>>> Would be interesting to get something like this integrated with EJBCA. >>>> >>>> That shouldn't be too complicated: The server side is just a small >>>> servlet that provides the APDU channel via HTTP to the device on the >>>> client side. The servlet talks to OCF on the server and a JCE Provider >>>> on top of it. >>>> >>>> The CA would just need to access the private key operation via JCE. >>> I would go with any security enhancement ... but dtmo the >>> cv-certificates do make sense when two cards interact. If one and is a >>> server with 'usual' security level it does not provide any benefit, does >>> it? Just just a strong link to chain but leave the other links weak as >>> they are ... >>> >>> Greetings, >>> >>> Andreas Kuehne >>> >>> >> >> > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com |
|
From: Pavel B. <byc...@ht...> - 2014-07-22 11:50:46
|
Hi Tomas, I've fixed the hostname according to your advice. Everything works just fine now. Thank you very much. Best regards, Pavel On 16.07.2014 18:43, Tomas Gustavsson wrote: > First fix your server configuration and re-do the install, dropping the > database and restarting JBoss and ant install. > > Cheers, > Tomas > > On 2014-07-16 17:40, Pavel Bychykhin wrote: >> Hi Tomas, >> This is the part of console output right after the `ant install' was >> invoked. If the previous output about successful deployment does matter >> I can send it as well. Should I? >> >> Best regards, >> Pavel >> >> On 16.07.2014 18:33, Tomas Gustavsson wrote: >>> Also, the entire JBoss console log was _not_ in the attachment, it was >>> only a selected snippet showing a symptom, not a cause. >>> >>> Cheers, >>> Tomas >>> >>> On 2014-07-16 17:19, Pavel Bychykhin wrote: >>>> Hi Everyone, >>>> >>>> I've already sent this question so I do apologize for repeating. But I >>>> had been waiting for an answer during 2 months an didn't get a solution, >>>> so I decided to repeat my question. >>>> Since my first letter the new EJBCA release has been issued. >>>> Unfortunately it doesn't solve my problem. So once again: >>>> >>>> I'm trying to install a new instance of EJBCA (6.2.0). >>>> My system is: FreeBSD 9.2, Jboss 7.1.1, openjdk version "1.7.0_60", >>>> PostgreSQL 9.3. >>>> `ant deploy' finishes with success and I able to see a database tables >>>> after that. >>>> >>>> `ant install finishes with failure. Here is the error message, which I >>>> observe in Jboss console: >>>> 08:58:30,905 ERROR [org.jboss.ejb3.invocation] (EJB default - 3) >>>> JBAS014134: EJB Invocation failed on component >>>> GlobalConfigurationSessionBean for method public abstract >>>> org.ejbca.config.Configuration >>>> org.ejbca.core.ejb.config.GlobalConfigurationSession.getCachedConfiguration(java.lang.String): >>>> java.lang.RuntimeException: Internal admin was denied access. This >>>> should not be able to happen. >>>> >>>> Please see the entire ant and Jboss console logs in the attachments. >>>> Hope very much for your help. >>>> >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Want fast and easy access to all the code in your enterprise? Index and >>>> search up to 200,000 lines of code with a free copy of Black Duck >>>> Code Sight - the same software that powers the world's largest code >>>> search on Ohloh, the Black Duck Open Hub! Try it now. >>>> http://p.sf.net/sfu/bds >>>> >>>> >>>> >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejb...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>> ------------------------------------------------------------------------------ >>> Want fast and easy access to all the code in your enterprise? Index and >>> search up to 200,000 lines of code with a free copy of Black Duck >>> Code Sight - the same software that powers the world's largest code >>> search on Ohloh, the Black Duck Open Hub! Try it now. >>> http://p.sf.net/sfu/bds >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> ------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Tomas G. <to...@pr...> - 2014-07-22 10:48:12
|
So for EJBCA a new CryptoToken is probably needed, in order to use your the provider (sine it is not generic PKCS#11). That's a very isolated code though, and can be done in an almost pluggable way I think. Cheers, Tomas On 2014-07-21 14:43, Andreas Schwier wrote: > After the client connects to the server, the server reads the device and > device issuer CV-certificates from the SmartCard-HSM and verifies the > integrity and authenticity of the device authentication public key. This > public key is then used to establish symmetric session keys using ECDH > and an ephemeral key pair at the server. The session keys are > subsequently used to protect all APDU exchange between the server and > the remote device. This happens in the OCF layer and is transparent at > the JCE layer. > > Using this mechanism, the CA server knows that he talks to an identified > and authentic remote device. Encryption and MACing in the secure channel > protects all data exchanged, in particular data to be signed by the > private key in the remote device. > > CV certificates are used because they are considerably smaller that > X.509 certificates. > > The mechanics are similar to TLS server authentication, with the smart > card as the server and X.509 certificates replaced by CV-certificates. > The protection is actually on the APDU layer, HTTP is just used as > transport channel to carry APDU exchange. > > Andreas > > On 07/21/2014 01:45 PM, Andreas Kuehne wrote: >> Hi Andreas, >>> Would be interesting to get something like this integrated with EJBCA. >>> >>> That shouldn't be too complicated: The server side is just a small >>> servlet that provides the APDU channel via HTTP to the device on the >>> client side. The servlet talks to OCF on the server and a JCE Provider >>> on top of it. >>> >>> The CA would just need to access the private key operation via JCE. >> I would go with any security enhancement ... but dtmo the >> cv-certificates do make sense when two cards interact. If one and is a >> server with 'usual' security level it does not provide any benefit, does >> it? Just just a strong link to chain but leave the other links weak as >> they are ... >> >> Greetings, >> >> Andreas Kuehne >> >> > > |
|
From: Andreas S. <and...@ca...> - 2014-07-21 12:43:11
|
After the client connects to the server, the server reads the device and
device issuer CV-certificates from the SmartCard-HSM and verifies the
integrity and authenticity of the device authentication public key. This
public key is then used to establish symmetric session keys using ECDH
and an ephemeral key pair at the server. The session keys are
subsequently used to protect all APDU exchange between the server and
the remote device. This happens in the OCF layer and is transparent at
the JCE layer.
Using this mechanism, the CA server knows that he talks to an identified
and authentic remote device. Encryption and MACing in the secure channel
protects all data exchanged, in particular data to be signed by the
private key in the remote device.
CV certificates are used because they are considerably smaller that
X.509 certificates.
The mechanics are similar to TLS server authentication, with the smart
card as the server and X.509 certificates replaced by CV-certificates.
The protection is actually on the APDU layer, HTTP is just used as
transport channel to carry APDU exchange.
Andreas
On 07/21/2014 01:45 PM, Andreas Kuehne wrote:
> Hi Andreas,
>> Would be interesting to get something like this integrated with EJBCA.
>>
>> That shouldn't be too complicated: The server side is just a small
>> servlet that provides the APDU channel via HTTP to the device on the
>> client side. The servlet talks to OCF on the server and a JCE Provider
>> on top of it.
>>
>> The CA would just need to access the private key operation via JCE.
> I would go with any security enhancement ... but dtmo the
> cv-certificates do make sense when two cards interact. If one and is a
> server with 'usual' security level it does not provide any benefit, does
> it? Just just a strong link to chain but leave the other links weak as
> they are ...
>
> Greetings,
>
> Andreas Kuehne
>
>
--
--------- CardContact Software & System Consulting
|.##> <##.| Andreas Schwier
|# #| Schülerweg 38
|# #| 32429 Minden, Germany
|'##> <##'| Phone +49 571 56149
--------- http://www.cardcontact.de
http://www.tscons.de
http://www.openscdp.org
http://www.smartcard-hsm.com
|
|
From: Andreas K. <ku...@tr...> - 2014-07-21 12:00:24
|
Hi Andreas, > Would be interesting to get something like this integrated with EJBCA. > > That shouldn't be too complicated: The server side is just a small > servlet that provides the APDU channel via HTTP to the device on the > client side. The servlet talks to OCF on the server and a JCE Provider > on top of it. > > The CA would just need to access the private key operation via JCE. I would go with any security enhancement ... but dtmo the cv-certificates do make sense when two cards interact. If one and is a server with 'usual' security level it does not provide any benefit, does it? Just just a strong link to chain but leave the other links weak as they are ... Greetings, Andreas Kuehne -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868 Directors Andreas Kühne, Heiko Veit Company UK Company No: 5218868 Registered in England and Wales |
|
From: Andreas S. <and...@ca...> - 2014-07-21 09:57:08
|
Would be interesting to get something like this integrated with EJBCA. That shouldn't be too complicated: The server side is just a small servlet that provides the APDU channel via HTTP to the device on the client side. The servlet talks to OCF on the server and a JCE Provider on top of it. The CA would just need to access the private key operation via JCE. Andreas On 07/16/2014 10:17 PM, Tomas Gustavsson wrote: > Yeah, I read on the demo page about CA as a service, where you keep the CA keys on the smart card, in your control. > This is a very interesting and innovative concept I think. Very cool, and we'll done. > > /Tomas > > On July 16, 2014 10:11:09 PM CEST, Andreas Schwier <and...@ca...> wrote: >> I guess I have to clarify how the SmartCard-HSM relates to CVCs: >> >> In it's core, the SmartCard-HSM is a secure key store for RSA and ECC >> keys, that unlike other PKI token has key management function that you >> normally find in large (and expensive) HSMs (Key Backup, Cluster >> Operation, Key Offloading). >> >> One of these function is the ability to have a trusted channel between >> the device and the RA/CA. This trusted channel is established using >> Chip >> Authentication known from ePassports and eID cards. But while in >> Passports the authenticity of the chip authentication public key is >> based on passive authentication and the docsigner / CSCA certificate, >> the authenticity in the SC-HSM is proved using a CVC based PKI. >> >> Just like in EAC, where you have a CVCA, DVCA and terminal certificate, >> in a SmartCard-HSM you have a Scheme Root CA (CRCA), Device Issuer CA >> (DICA) and a device certificate. The ECC public key for chip >> authentication is certified in the device certificate and linked to the >> unique id of the SmartCard-HSM. >> >> In addition, newly generated public keys are exported in the >> authenticated CVC request format as per TR-03110. The inner signature >> is >> provided by the private key, the outer signature by the device >> authentication key or any other key on the device. The later is used in >> an EAC PKI to renew certificates. >> >> The SmartCard-HSM can of course be used with EJBCA, either via OpenSC >> or >> using the multithreading-enabled PKCS#11 Module from the >> sc-hsm-embedded >> project. >> >> Andreas >> >> >> On 07/16/2014 08:50 AM, Christian Felsing wrote: >>> Am 15.07.14 15:29, schrieb Tomas Gustavsson: >>>> >>>> On 2014-07-15 13:38, Christian Felsing wrote: >>>>> Hello, >>>>> >>>>> while trying to create a CVC CA in EJBCA Community I got following >> message: >>>>> >>>>> CVC CA type is not available in this version of EJBCA >>>>> >>>>> Does that mean community edition does not support CVC? >>>> >>>> That is correct. Since it's so specific for country/government usage >> >>>> there is no possibility to maintain it for free, and the community >> is >>>> pretty small. >>>> >>>> Cheers, >>>> Tomas >>> >>> CVC is not only for government related applications, there is an open >> source project sc-hsm which also supports CVC, because that >>> card will claim to be suitable for CVC applications. With this card >> ejbca may become a solution für CVC based application besides >>> government applications. >>> >>> At demo.openscdp.org s a demo for EAC-PKI applications. >>> >>> cheers >>> Christian >>> >>> >> ------------------------------------------------------------------------------ >>> Want fast and easy access to all the code in your enterprise? Index >> and >>> search up to 200,000 lines of code with a free copy of Black Duck >>> Code Sight - the same software that powers the world's largest code >>> search on Ohloh, the Black Duck Open Hub! Try it now. >>> http://p.sf.net/sfu/bds >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> >> >> -- >> >> --------- CardContact Software & System Consulting >> |.##> <##.| Andreas Schwier >> |# #| Schülerweg 38 >> |# #| 32429 Minden, Germany >> |'##> <##'| Phone +49 571 56149 >> --------- http://www.cardcontact.de >> http://www.tscons.de >> http://www.openscdp.org >> http://www.smartcard-hsm.com >> >> >> ------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com |
|
From: Tomas G. <to...@pr...> - 2014-07-17 05:34:23
|
So skip the debugging and use a normal console output, and check the jboss server log. -- PrimeKey Solutions AB Internet: www.primekey.se Twitter: twitter.com/primekeyPKI Mob: +46 (0)707421096 On July 16, 2014 10:31:24 PM CEST, Michael Green <mik...@ho...> wrote: >I didn't find it very informative either. But the VM is running 4 cores >and 4gb. So it's not a resource issue. > >> Date: Wed, 16 Jul 2014 19:54:14 +0200 >> From: to...@pr... >> To: ejb...@li... >> Subject: Re: [Ejbca-develop] ant install fails with JAVA return 1 >> >> >> Wow. That debug log is horrible. I can not even see where/if it >fails? >> >> Perhaps you are running in a VM with only one core or something? See >> earlier threads expplaining why JBoss needs quite good performance to > >> complete a "deploy". >> >> Cheers, >> Tomas >> >> On 2014-07-16 19:39, Michael Green wrote: >> > I fixed that. And JBOSS started without error. I cleaned it up and >> > re-ran "ant deploy" which fails: >> > >> > Last ~10000 lines from debug: http://pastebin.com/dz5XQDnz >> > >> > BUILD FAILED >> > /opt/ejbca_ce_6_2_0/build.xml:649: The following error occurred >while >> > executing this line: >> > /opt/ejbca_ce_6_2_0/bin/jboss.xml:257: The following error occurred >> > while executing this line: >> > /opt/ejbca_ce_6_2_0/bin/jboss.xml:578: exec returned: 1 >> > at >> > >org.apache.tools.ant.taskdefs.ExecTask.runExecute(ExecTask.java:646) >> > at >> > org.apache.tools.ant.taskdefs.ExecTask.runExec(ExecTask.java:672) >> > at >> > org.apache.tools.ant.taskdefs.ExecTask.execute(ExecTask.java:498) >> > at >> > >org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) >> > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown >Source) >> > at >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA >> > ccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:606) >> > at >> > >org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) >> > at org.apache.tools.ant.Task.perform(Task.java:348) >> > at >> > >org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:68) >> > at >> > >org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) >> > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown >Source) >> > at >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA >> > ccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:606) >> > at >> > >org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) >> > at org.apache.tools.ant.Task.perform(Task.java:348) >> > at >> > >org.apache.tools.ant.taskdefs.MacroInstance.execute(MacroInstance.java:398) >> > at >> > >org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) >> > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown >Source) >> > at >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA >> > ccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:606) >> > at >> > >org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) >> > at org.apache.tools.ant.Task.perform(Task.java:348) >> > at org.apache.tools.ant.Target.execute(Target.java:390) >> > at >org.apache.tools.ant.Target.performTasks(Target.java:411) >> > at >> > >org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399) >> > at >> > org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(Si >> > >ngleCheckExecutor.java:38) >> > at >org.apache.tools.ant.Project.executeTargets(Project.java:1251) >> > at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:442) >> > at >> > >org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:105) >> > at >> > >org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) >> > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown >Source) >> > at >> > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA >> > ccessorImpl.java:43) >> > at java.lang.reflect.Method.invoke(Method.java:606) >> > at >> > >org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) >> > at org.apache.tools.ant.Task.perform(Task.java:348) >> > at org.apache.tools.ant.Target.execute(Target.java:390) >> > at >org.apache.tools.ant.Target.performTasks(Target.java:411) >> > at >> > >org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399) >> > at >org.apache.tools.ant.Project.executeTarget(Project.java:1368) >> > at >> > org.apache.tools.ant.helper.DefaultExecutor.executeTargets(Defaul >> > tExecutor.java:41) >> > at >org.apache.tools.ant.Project.executeTargets(Project.java:1251) >> > at org.apache.tools.ant.Main.runBuild(Main.java:809) >> > at org.apache.tools.ant.Main.startAnt(Main.java:217) >> > at >org.apache.tools.ant.launch.Launcher.run(Launcher.java:280) >> > at >org.apache.tools.ant.launch.Launcher.main(Launcher.java:109) >> > >> > > Date: Wed, 16 Jul 2014 10:41:48 +0200 >> > > From: to...@pr... >> > > To: ejb...@li... >> > > Subject: Re: [Ejbca-develop] ant install fails with JAVA return >1 >> > > >> > > >> > > Hi, >> > > >> > > In your log you have this database error: >> > > >> > > Unable to fill pool: javax.resource.ResourceException: Could not >create >> > > connection >> > > org.postgresql.util.PSQLException: FATAL: password >authentication failed >> > > for user "ejbca" >> > > >> > > You need to fix you database configuration. >> > > >> > > Always read the log file from top to bottom, in order to see the >first >> > > errors. >> > > >> > > Cheers, >> > > Tomas >> > > Save time and money with an Enterprise support subscription. >Please see >> > > www.primekey.se for more information. >> > > http://www.primekey.se/Products/EJBCA+PKI/ >> > > http://www.primekey.se/Services/Support/ >> > > >> > > >> > > On 2014-07-15 21:54, Michael Green wrote: >> > > > So I'm trying to deploy EJBCA 6.0.3 to JBOSS 7.1.1 with a >> > Postgresql 9.1 >> > > > backend on Wheezy. I've added the driver and created the >> > datasource. But >> > > > JBOSS gives this error at startup: >> > > > >> > > > 14:33:44,479 INFO [org.jboss.as.controller] >(DeploymentScanner-threads >> > > > - 2) JBAS014774: Service status report >> > > > JBAS014775: New missing/unsatisfied dependencies: >> > > > service jboss.naming.context.java.module.ejbca.adminweb >(missing) >> > > > dependents: [service >> > > > >jboss.naming.context.java.module.ejbca.adminweb.ValidatorFactory, >> > > > service >jboss.naming.context.java.module.ejbca.adminweb.Validator] >> > > > JBAS014777: Services which failed to start: service >> > > > >jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: >> > > > org.jboss.msc.service.StartException in service >> > > > >jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: >> > > > Failed to process phase POST_MODULE of subdeployment >"ejbca-ws-ejb.jar" >> > > > of deployment "ejbca.ear" >> > > > service >> > > > >jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: >> > > > org.jboss.msc.service.StartException in service >> > > > >jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: >> > > > Failed to process phase POST_MODULE of subdeployment >> > > > "systemtests-ejb.jar" of deployment "ejbca.ear" >> > > > service >> > > > >jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: >> > > > org.jboss.msc.service.StartException in service >> > > > >jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: >> > Failed >> > > > to process phase POST_MODULE of subdeployment "ejbca-ejb.jar" >of >> > > > deployment "ejbca.ear" >> > > > service >> > > > >jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: >> > > > org.jboss.msc.service.StartException in service >> > > > >jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: >> > Failed >> > > > to process phase POST_MODULE of subdeployment "publicweb.war" >of >> > > > deployment "ejbca.ear" >> > > > service >> > > > >jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: >> > > > org.jboss.msc.service.StartException in service >> > > > >jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: Failed >> > > > to process phase POST_MODULE of subdeployment "adminweb.war" >of >> > > > deployment "ejbca.ear" >> > > > service >> > > > >jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: >> > > > org.jboss.msc.service.StartException in service >> > > > >jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: >> > > > Failed to process phase POST_MODULE of subdeployment >"cesecore-ejb.jar" >> > > > of deployment "ejbca.ear" >> > > > >> > > > Full JBOSS log ---> http://pastebin.com/qzLfTMh2 >> > > > >> > > > ant deploy completed successfully but ant install errored out >with >> > "JAVA >> > > > returned 1". >> > > > >> > > > >> > > > >> > > > >> > >------------------------------------------------------------------------------ >> > > > Want fast and easy access to all the code in your enterprise? >Index and >> > > > search up to 200,000 lines of code with a free copy of Black >Duck >> > > > Code Sight - the same software that powers the world's largest >code >> > > > search on Ohloh, the Black Duck Open Hub! Try it now. >> > > > http://p.sf.net/sfu/bds >> > > > >> > > > >> > > > >> > > > _______________________________________________ >> > > > Ejbca-develop mailing list >> > > > Ejb...@li... >> > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > > >> > > >> > > >> > >------------------------------------------------------------------------------ >> > > Want fast and easy access to all the code in your enterprise? >Index and >> > > search up to 200,000 lines of code with a free copy of Black >Duck >> > > Code Sight - the same software that powers the world's largest >code >> > > search on Ohloh, the Black Duck Open Hub! Try it now. >> > > http://p.sf.net/sfu/bds >> > > _______________________________________________ >> > > Ejbca-develop mailing list >> > > Ejb...@li... >> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > >> > >> > >------------------------------------------------------------------------------ >> > Want fast and easy access to all the code in your enterprise? Index >and >> > search up to 200,000 lines of code with a free copy of Black Duck >> > Code Sight - the same software that powers the world's largest code >> > search on Ohloh, the Black Duck Open Hub! Try it now. >> > http://p.sf.net/sfu/bds >> > >> > >> > >> > _______________________________________________ >> > Ejbca-develop mailing list >> > Ejb...@li... >> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > >> >> >------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index >and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------------ >Want fast and easy access to all the code in your enterprise? Index and >search up to 200,000 lines of code with a free copy of Black Duck >Code Sight - the same software that powers the world's largest code >search on Ohloh, the Black Duck Open Hub! Try it now. >http://p.sf.net/sfu/bds > >------------------------------------------------------------------------ > >_______________________________________________ >Ejbca-develop mailing list >Ejb...@li... >https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Michael G. <mik...@ho...> - 2014-07-16 20:31:33
|
I didn't find it very informative either. But the VM is running 4 cores and 4gb. So it's not a resource issue. > Date: Wed, 16 Jul 2014 19:54:14 +0200 > From: to...@pr... > To: ejb...@li... > Subject: Re: [Ejbca-develop] ant install fails with JAVA return 1 > > > Wow. That debug log is horrible. I can not even see where/if it fails? > > Perhaps you are running in a VM with only one core or something? See > earlier threads expplaining why JBoss needs quite good performance to > complete a "deploy". > > Cheers, > Tomas > > On 2014-07-16 19:39, Michael Green wrote: > > I fixed that. And JBOSS started without error. I cleaned it up and > > re-ran "ant deploy" which fails: > > > > Last ~10000 lines from debug: http://pastebin.com/dz5XQDnz > > > > BUILD FAILED > > /opt/ejbca_ce_6_2_0/build.xml:649: The following error occurred while > > executing this line: > > /opt/ejbca_ce_6_2_0/bin/jboss.xml:257: The following error occurred > > while executing this line: > > /opt/ejbca_ce_6_2_0/bin/jboss.xml:578: exec returned: 1 > > at > > org.apache.tools.ant.taskdefs.ExecTask.runExecute(ExecTask.java:646) > > at > > org.apache.tools.ant.taskdefs.ExecTask.runExec(ExecTask.java:672) > > at > > org.apache.tools.ant.taskdefs.ExecTask.execute(ExecTask.java:498) > > at > > org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) > > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA > > ccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at > > org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) > > at org.apache.tools.ant.Task.perform(Task.java:348) > > at > > org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:68) > > at > > org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) > > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA > > ccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at > > org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) > > at org.apache.tools.ant.Task.perform(Task.java:348) > > at > > org.apache.tools.ant.taskdefs.MacroInstance.execute(MacroInstance.java:398) > > at > > org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) > > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA > > ccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at > > org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) > > at org.apache.tools.ant.Task.perform(Task.java:348) > > at org.apache.tools.ant.Target.execute(Target.java:390) > > at org.apache.tools.ant.Target.performTasks(Target.java:411) > > at > > org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399) > > at > > org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(Si > > ngleCheckExecutor.java:38) > > at org.apache.tools.ant.Project.executeTargets(Project.java:1251) > > at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:442) > > at > > org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:105) > > at > > org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) > > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) > > at > > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA > > ccessorImpl.java:43) > > at java.lang.reflect.Method.invoke(Method.java:606) > > at > > org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) > > at org.apache.tools.ant.Task.perform(Task.java:348) > > at org.apache.tools.ant.Target.execute(Target.java:390) > > at org.apache.tools.ant.Target.performTasks(Target.java:411) > > at > > org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399) > > at org.apache.tools.ant.Project.executeTarget(Project.java:1368) > > at > > org.apache.tools.ant.helper.DefaultExecutor.executeTargets(Defaul > > tExecutor.java:41) > > at org.apache.tools.ant.Project.executeTargets(Project.java:1251) > > at org.apache.tools.ant.Main.runBuild(Main.java:809) > > at org.apache.tools.ant.Main.startAnt(Main.java:217) > > at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280) > > at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109) > > > > > Date: Wed, 16 Jul 2014 10:41:48 +0200 > > > From: to...@pr... > > > To: ejb...@li... > > > Subject: Re: [Ejbca-develop] ant install fails with JAVA return 1 > > > > > > > > > Hi, > > > > > > In your log you have this database error: > > > > > > Unable to fill pool: javax.resource.ResourceException: Could not create > > > connection > > > org.postgresql.util.PSQLException: FATAL: password authentication failed > > > for user "ejbca" > > > > > > You need to fix you database configuration. > > > > > > Always read the log file from top to bottom, in order to see the first > > > errors. > > > > > > Cheers, > > > Tomas > > > Save time and money with an Enterprise support subscription. Please see > > > www.primekey.se for more information. > > > http://www.primekey.se/Products/EJBCA+PKI/ > > > http://www.primekey.se/Services/Support/ > > > > > > > > > On 2014-07-15 21:54, Michael Green wrote: > > > > So I'm trying to deploy EJBCA 6.0.3 to JBOSS 7.1.1 with a > > Postgresql 9.1 > > > > backend on Wheezy. I've added the driver and created the > > datasource. But > > > > JBOSS gives this error at startup: > > > > > > > > 14:33:44,479 INFO [org.jboss.as.controller] (DeploymentScanner-threads > > > > - 2) JBAS014774: Service status report > > > > JBAS014775: New missing/unsatisfied dependencies: > > > > service jboss.naming.context.java.module.ejbca.adminweb (missing) > > > > dependents: [service > > > > jboss.naming.context.java.module.ejbca.adminweb.ValidatorFactory, > > > > service jboss.naming.context.java.module.ejbca.adminweb.Validator] > > > > JBAS014777: Services which failed to start: service > > > > jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: > > > > org.jboss.msc.service.StartException in service > > > > jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: > > > > Failed to process phase POST_MODULE of subdeployment "ejbca-ws-ejb.jar" > > > > of deployment "ejbca.ear" > > > > service > > > > jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: > > > > org.jboss.msc.service.StartException in service > > > > jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: > > > > Failed to process phase POST_MODULE of subdeployment > > > > "systemtests-ejb.jar" of deployment "ejbca.ear" > > > > service > > > > jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: > > > > org.jboss.msc.service.StartException in service > > > > jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: > > Failed > > > > to process phase POST_MODULE of subdeployment "ejbca-ejb.jar" of > > > > deployment "ejbca.ear" > > > > service > > > > jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: > > > > org.jboss.msc.service.StartException in service > > > > jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: > > Failed > > > > to process phase POST_MODULE of subdeployment "publicweb.war" of > > > > deployment "ejbca.ear" > > > > service > > > > jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: > > > > org.jboss.msc.service.StartException in service > > > > jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: Failed > > > > to process phase POST_MODULE of subdeployment "adminweb.war" of > > > > deployment "ejbca.ear" > > > > service > > > > jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: > > > > org.jboss.msc.service.StartException in service > > > > jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: > > > > Failed to process phase POST_MODULE of subdeployment "cesecore-ejb.jar" > > > > of deployment "ejbca.ear" > > > > > > > > Full JBOSS log ---> http://pastebin.com/qzLfTMh2 > > > > > > > > ant deploy completed successfully but ant install errored out with > > "JAVA > > > > returned 1". > > > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > Want fast and easy access to all the code in your enterprise? Index and > > > > search up to 200,000 lines of code with a free copy of Black Duck > > > > Code Sight - the same software that powers the world's largest code > > > > search on Ohloh, the Black Duck Open Hub! Try it now. > > > > http://p.sf.net/sfu/bds > > > > > > > > > > > > > > > > _______________________________________________ > > > > Ejbca-develop mailing list > > > > Ejb...@li... > > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Want fast and easy access to all the code in your enterprise? Index and > > > search up to 200,000 lines of code with a free copy of Black Duck > > > Code Sight - the same software that powers the world's largest code > > > search on Ohloh, the Black Duck Open Hub! Try it now. > > > http://p.sf.net/sfu/bds > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > ------------------------------------------------------------------------------ > > Want fast and easy access to all the code in your enterprise? Index and > > search up to 200,000 lines of code with a free copy of Black Duck > > Code Sight - the same software that powers the world's largest code > > search on Ohloh, the Black Duck Open Hub! Try it now. > > http://p.sf.net/sfu/bds > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Tomas G. <to...@pr...> - 2014-07-16 20:19:27
|
Yeah, I read on the demo page about CA as a service, where you keep the CA keys on the smart card, in your control. This is a very interesting and innovative concept I think. Very cool, and we'll done. /Tomas On July 16, 2014 10:11:09 PM CEST, Andreas Schwier <and...@ca...> wrote: >I guess I have to clarify how the SmartCard-HSM relates to CVCs: > >In it's core, the SmartCard-HSM is a secure key store for RSA and ECC >keys, that unlike other PKI token has key management function that you >normally find in large (and expensive) HSMs (Key Backup, Cluster >Operation, Key Offloading). > >One of these function is the ability to have a trusted channel between >the device and the RA/CA. This trusted channel is established using >Chip >Authentication known from ePassports and eID cards. But while in >Passports the authenticity of the chip authentication public key is >based on passive authentication and the docsigner / CSCA certificate, >the authenticity in the SC-HSM is proved using a CVC based PKI. > >Just like in EAC, where you have a CVCA, DVCA and terminal certificate, >in a SmartCard-HSM you have a Scheme Root CA (CRCA), Device Issuer CA >(DICA) and a device certificate. The ECC public key for chip >authentication is certified in the device certificate and linked to the >unique id of the SmartCard-HSM. > >In addition, newly generated public keys are exported in the >authenticated CVC request format as per TR-03110. The inner signature >is >provided by the private key, the outer signature by the device >authentication key or any other key on the device. The later is used in >an EAC PKI to renew certificates. > >The SmartCard-HSM can of course be used with EJBCA, either via OpenSC >or >using the multithreading-enabled PKCS#11 Module from the >sc-hsm-embedded >project. > >Andreas > > >On 07/16/2014 08:50 AM, Christian Felsing wrote: >> Am 15.07.14 15:29, schrieb Tomas Gustavsson: >>> >>> On 2014-07-15 13:38, Christian Felsing wrote: >>>> Hello, >>>> >>>> while trying to create a CVC CA in EJBCA Community I got following >message: >>>> >>>> CVC CA type is not available in this version of EJBCA >>>> >>>> Does that mean community edition does not support CVC? >>> >>> That is correct. Since it's so specific for country/government usage > >>> there is no possibility to maintain it for free, and the community >is >>> pretty small. >>> >>> Cheers, >>> Tomas >> >> CVC is not only for government related applications, there is an open >source project sc-hsm which also supports CVC, because that >> card will claim to be suitable for CVC applications. With this card >ejbca may become a solution für CVC based application besides >> government applications. >> >> At demo.openscdp.org s a demo for EAC-PKI applications. >> >> cheers >> Christian >> >> >------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index >and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > >-- > > --------- CardContact Software & System Consulting > |.##> <##.| Andreas Schwier > |# #| Schülerweg 38 > |# #| 32429 Minden, Germany > |'##> <##'| Phone +49 571 56149 > --------- http://www.cardcontact.de > http://www.tscons.de > http://www.openscdp.org > http://www.smartcard-hsm.com > > >------------------------------------------------------------------------------ >Want fast and easy access to all the code in your enterprise? Index and >search up to 200,000 lines of code with a free copy of Black Duck >Code Sight - the same software that powers the world's largest code >search on Ohloh, the Black Duck Open Hub! Try it now. >http://p.sf.net/sfu/bds >_______________________________________________ >Ejbca-develop mailing list >Ejb...@li... >https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Andreas S. <and...@ca...> - 2014-07-16 20:11:18
|
I guess I have to clarify how the SmartCard-HSM relates to CVCs: In it's core, the SmartCard-HSM is a secure key store for RSA and ECC keys, that unlike other PKI token has key management function that you normally find in large (and expensive) HSMs (Key Backup, Cluster Operation, Key Offloading). One of these function is the ability to have a trusted channel between the device and the RA/CA. This trusted channel is established using Chip Authentication known from ePassports and eID cards. But while in Passports the authenticity of the chip authentication public key is based on passive authentication and the docsigner / CSCA certificate, the authenticity in the SC-HSM is proved using a CVC based PKI. Just like in EAC, where you have a CVCA, DVCA and terminal certificate, in a SmartCard-HSM you have a Scheme Root CA (CRCA), Device Issuer CA (DICA) and a device certificate. The ECC public key for chip authentication is certified in the device certificate and linked to the unique id of the SmartCard-HSM. In addition, newly generated public keys are exported in the authenticated CVC request format as per TR-03110. The inner signature is provided by the private key, the outer signature by the device authentication key or any other key on the device. The later is used in an EAC PKI to renew certificates. The SmartCard-HSM can of course be used with EJBCA, either via OpenSC or using the multithreading-enabled PKCS#11 Module from the sc-hsm-embedded project. Andreas On 07/16/2014 08:50 AM, Christian Felsing wrote: > Am 15.07.14 15:29, schrieb Tomas Gustavsson: >> >> On 2014-07-15 13:38, Christian Felsing wrote: >>> Hello, >>> >>> while trying to create a CVC CA in EJBCA Community I got following message: >>> >>> CVC CA type is not available in this version of EJBCA >>> >>> Does that mean community edition does not support CVC? >> >> That is correct. Since it's so specific for country/government usage >> there is no possibility to maintain it for free, and the community is >> pretty small. >> >> Cheers, >> Tomas > > CVC is not only for government related applications, there is an open source project sc-hsm which also supports CVC, because that > card will claim to be suitable for CVC applications. With this card ejbca may become a solution für CVC based application besides > government applications. > > At demo.openscdp.org s a demo for EAC-PKI applications. > > cheers > Christian > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com |
|
From: Tomas G. <to...@pr...> - 2014-07-16 17:54:26
|
Wow. That debug log is horrible. I can not even see where/if it fails? Perhaps you are running in a VM with only one core or something? See earlier threads expplaining why JBoss needs quite good performance to complete a "deploy". Cheers, Tomas On 2014-07-16 19:39, Michael Green wrote: > I fixed that. And JBOSS started without error. I cleaned it up and > re-ran "ant deploy" which fails: > > Last ~10000 lines from debug: http://pastebin.com/dz5XQDnz > > BUILD FAILED > /opt/ejbca_ce_6_2_0/build.xml:649: The following error occurred while > executing this line: > /opt/ejbca_ce_6_2_0/bin/jboss.xml:257: The following error occurred > while executing this line: > /opt/ejbca_ce_6_2_0/bin/jboss.xml:578: exec returned: 1 > at > org.apache.tools.ant.taskdefs.ExecTask.runExecute(ExecTask.java:646) > at > org.apache.tools.ant.taskdefs.ExecTask.runExec(ExecTask.java:672) > at > org.apache.tools.ant.taskdefs.ExecTask.execute(ExecTask.java:498) > at > org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA > ccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) > at org.apache.tools.ant.Task.perform(Task.java:348) > at > org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:68) > at > org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA > ccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) > at org.apache.tools.ant.Task.perform(Task.java:348) > at > org.apache.tools.ant.taskdefs.MacroInstance.execute(MacroInstance.java:398) > at > org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA > ccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) > at org.apache.tools.ant.Task.perform(Task.java:348) > at org.apache.tools.ant.Target.execute(Target.java:390) > at org.apache.tools.ant.Target.performTasks(Target.java:411) > at > org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399) > at > org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(Si > ngleCheckExecutor.java:38) > at org.apache.tools.ant.Project.executeTargets(Project.java:1251) > at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:442) > at > org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:105) > at > org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) > at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA > ccessorImpl.java:43) > at java.lang.reflect.Method.invoke(Method.java:606) > at > org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) > at org.apache.tools.ant.Task.perform(Task.java:348) > at org.apache.tools.ant.Target.execute(Target.java:390) > at org.apache.tools.ant.Target.performTasks(Target.java:411) > at > org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399) > at org.apache.tools.ant.Project.executeTarget(Project.java:1368) > at > org.apache.tools.ant.helper.DefaultExecutor.executeTargets(Defaul > tExecutor.java:41) > at org.apache.tools.ant.Project.executeTargets(Project.java:1251) > at org.apache.tools.ant.Main.runBuild(Main.java:809) > at org.apache.tools.ant.Main.startAnt(Main.java:217) > at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280) > at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109) > > > Date: Wed, 16 Jul 2014 10:41:48 +0200 > > From: to...@pr... > > To: ejb...@li... > > Subject: Re: [Ejbca-develop] ant install fails with JAVA return 1 > > > > > > Hi, > > > > In your log you have this database error: > > > > Unable to fill pool: javax.resource.ResourceException: Could not create > > connection > > org.postgresql.util.PSQLException: FATAL: password authentication failed > > for user "ejbca" > > > > You need to fix you database configuration. > > > > Always read the log file from top to bottom, in order to see the first > > errors. > > > > Cheers, > > Tomas > > Save time and money with an Enterprise support subscription. Please see > > www.primekey.se for more information. > > http://www.primekey.se/Products/EJBCA+PKI/ > > http://www.primekey.se/Services/Support/ > > > > > > On 2014-07-15 21:54, Michael Green wrote: > > > So I'm trying to deploy EJBCA 6.0.3 to JBOSS 7.1.1 with a > Postgresql 9.1 > > > backend on Wheezy. I've added the driver and created the > datasource. But > > > JBOSS gives this error at startup: > > > > > > 14:33:44,479 INFO [org.jboss.as.controller] (DeploymentScanner-threads > > > - 2) JBAS014774: Service status report > > > JBAS014775: New missing/unsatisfied dependencies: > > > service jboss.naming.context.java.module.ejbca.adminweb (missing) > > > dependents: [service > > > jboss.naming.context.java.module.ejbca.adminweb.ValidatorFactory, > > > service jboss.naming.context.java.module.ejbca.adminweb.Validator] > > > JBAS014777: Services which failed to start: service > > > jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: > > > org.jboss.msc.service.StartException in service > > > jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: > > > Failed to process phase POST_MODULE of subdeployment "ejbca-ws-ejb.jar" > > > of deployment "ejbca.ear" > > > service > > > jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: > > > org.jboss.msc.service.StartException in service > > > jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: > > > Failed to process phase POST_MODULE of subdeployment > > > "systemtests-ejb.jar" of deployment "ejbca.ear" > > > service > > > jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: > > > org.jboss.msc.service.StartException in service > > > jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: > Failed > > > to process phase POST_MODULE of subdeployment "ejbca-ejb.jar" of > > > deployment "ejbca.ear" > > > service > > > jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: > > > org.jboss.msc.service.StartException in service > > > jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: > Failed > > > to process phase POST_MODULE of subdeployment "publicweb.war" of > > > deployment "ejbca.ear" > > > service > > > jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: > > > org.jboss.msc.service.StartException in service > > > jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: Failed > > > to process phase POST_MODULE of subdeployment "adminweb.war" of > > > deployment "ejbca.ear" > > > service > > > jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: > > > org.jboss.msc.service.StartException in service > > > jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: > > > Failed to process phase POST_MODULE of subdeployment "cesecore-ejb.jar" > > > of deployment "ejbca.ear" > > > > > > Full JBOSS log ---> http://pastebin.com/qzLfTMh2 > > > > > > ant deploy completed successfully but ant install errored out with > "JAVA > > > returned 1". > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Want fast and easy access to all the code in your enterprise? Index and > > > search up to 200,000 lines of code with a free copy of Black Duck > > > Code Sight - the same software that powers the world's largest code > > > search on Ohloh, the Black Duck Open Hub! Try it now. > > > http://p.sf.net/sfu/bds > > > > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > ------------------------------------------------------------------------------ > > Want fast and easy access to all the code in your enterprise? Index and > > search up to 200,000 lines of code with a free copy of Black Duck > > Code Sight - the same software that powers the world's largest code > > search on Ohloh, the Black Duck Open Hub! Try it now. > > http://p.sf.net/sfu/bds > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Michael G. <mik...@ho...> - 2014-07-16 17:39:52
|
I fixed that. And JBOSS started without error. I cleaned it up and re-ran "ant deploy" which fails: Last ~10000 lines from debug: http://pastebin.com/dz5XQDnz BUILD FAILED/opt/ejbca_ce_6_2_0/build.xml:649: The following error occurred while executing this line:/opt/ejbca_ce_6_2_0/bin/jboss.xml:257: The following error occurred while executing this line:/opt/ejbca_ce_6_2_0/bin/jboss.xml:578: exec returned: 1 at org.apache.tools.ant.taskdefs.ExecTask.runExecute(ExecTask.java:646) at org.apache.tools.ant.taskdefs.ExecTask.runExec(ExecTask.java:672) at org.apache.tools.ant.taskdefs.ExecTask.execute(ExecTask.java:498) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA ccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) at org.apache.tools.ant.Task.perform(Task.java:348) at org.apache.tools.ant.taskdefs.Sequential.execute(Sequential.java:68) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA ccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) at org.apache.tools.ant.Task.perform(Task.java:348) at org.apache.tools.ant.taskdefs.MacroInstance.execute(MacroInstance.java:398) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA ccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) at org.apache.tools.ant.Task.perform(Task.java:348) at org.apache.tools.ant.Target.execute(Target.java:390) at org.apache.tools.ant.Target.performTasks(Target.java:411) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399) at org.apache.tools.ant.helper.SingleCheckExecutor.executeTargets(Si ngleCheckExecutor.java:38) at org.apache.tools.ant.Project.executeTargets(Project.java:1251) at org.apache.tools.ant.taskdefs.Ant.execute(Ant.java:442) at org.apache.tools.ant.taskdefs.CallTarget.execute(CallTarget.java:105) at org.apache.tools.ant.UnknownElement.execute(UnknownElement.java:291) at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodA ccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.apache.tools.ant.dispatch.DispatchUtils.execute(DispatchUtils.java:106) at org.apache.tools.ant.Task.perform(Task.java:348) at org.apache.tools.ant.Target.execute(Target.java:390) at org.apache.tools.ant.Target.performTasks(Target.java:411) at org.apache.tools.ant.Project.executeSortedTargets(Project.java:1399) at org.apache.tools.ant.Project.executeTarget(Project.java:1368) at org.apache.tools.ant.helper.DefaultExecutor.executeTargets(Defaul tExecutor.java:41) at org.apache.tools.ant.Project.executeTargets(Project.java:1251) at org.apache.tools.ant.Main.runBuild(Main.java:809) at org.apache.tools.ant.Main.startAnt(Main.java:217) at org.apache.tools.ant.launch.Launcher.run(Launcher.java:280) at org.apache.tools.ant.launch.Launcher.main(Launcher.java:109) > Date: Wed, 16 Jul 2014 10:41:48 +0200 > From: to...@pr... > To: ejb...@li... > Subject: Re: [Ejbca-develop] ant install fails with JAVA return 1 > > > Hi, > > In your log you have this database error: > > Unable to fill pool: javax.resource.ResourceException: Could not create > connection > org.postgresql.util.PSQLException: FATAL: password authentication failed > for user "ejbca" > > You need to fix you database configuration. > > Always read the log file from top to bottom, in order to see the first > errors. > > Cheers, > Tomas > Save time and money with an Enterprise support subscription. Please see > www.primekey.se for more information. > http://www.primekey.se/Products/EJBCA+PKI/ > http://www.primekey.se/Services/Support/ > > > On 2014-07-15 21:54, Michael Green wrote: > > So I'm trying to deploy EJBCA 6.0.3 to JBOSS 7.1.1 with a Postgresql 9.1 > > backend on Wheezy. I've added the driver and created the datasource. But > > JBOSS gives this error at startup: > > > > 14:33:44,479 INFO [org.jboss.as.controller] (DeploymentScanner-threads > > - 2) JBAS014774: Service status report > > JBAS014775: New missing/unsatisfied dependencies: > > service jboss.naming.context.java.module.ejbca.adminweb (missing) > > dependents: [service > > jboss.naming.context.java.module.ejbca.adminweb.ValidatorFactory, > > service jboss.naming.context.java.module.ejbca.adminweb.Validator] > > JBAS014777: Services which failed to start: service > > jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: > > org.jboss.msc.service.StartException in service > > jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: > > Failed to process phase POST_MODULE of subdeployment "ejbca-ws-ejb.jar" > > of deployment "ejbca.ear" > > service > > jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: > > org.jboss.msc.service.StartException in service > > jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: > > Failed to process phase POST_MODULE of subdeployment > > "systemtests-ejb.jar" of deployment "ejbca.ear" > > service > > jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: > > org.jboss.msc.service.StartException in service > > jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: Failed > > to process phase POST_MODULE of subdeployment "ejbca-ejb.jar" of > > deployment "ejbca.ear" > > service > > jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: > > org.jboss.msc.service.StartException in service > > jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: Failed > > to process phase POST_MODULE of subdeployment "publicweb.war" of > > deployment "ejbca.ear" > > service > > jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: > > org.jboss.msc.service.StartException in service > > jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: Failed > > to process phase POST_MODULE of subdeployment "adminweb.war" of > > deployment "ejbca.ear" > > service > > jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: > > org.jboss.msc.service.StartException in service > > jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: > > Failed to process phase POST_MODULE of subdeployment "cesecore-ejb.jar" > > of deployment "ejbca.ear" > > > > Full JBOSS log ---> http://pastebin.com/qzLfTMh2 > > > > ant deploy completed successfully but ant install errored out with "JAVA > > returned 1". > > > > > > > > ------------------------------------------------------------------------------ > > Want fast and easy access to all the code in your enterprise? Index and > > search up to 200,000 lines of code with a free copy of Black Duck > > Code Sight - the same software that powers the world's largest code > > search on Ohloh, the Black Duck Open Hub! Try it now. > > http://p.sf.net/sfu/bds > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Tomas G. <to...@pr...> - 2014-07-16 15:43:08
|
First fix your server configuration and re-do the install, dropping the database and restarting JBoss and ant install. Cheers, Tomas On 2014-07-16 17:40, Pavel Bychykhin wrote: > Hi Tomas, > This is the part of console output right after the `ant install' was > invoked. If the previous output about successful deployment does matter > I can send it as well. Should I? > > Best regards, > Pavel > > On 16.07.2014 18:33, Tomas Gustavsson wrote: >> Also, the entire JBoss console log was _not_ in the attachment, it was >> only a selected snippet showing a symptom, not a cause. >> >> Cheers, >> Tomas >> >> On 2014-07-16 17:19, Pavel Bychykhin wrote: >>> Hi Everyone, >>> >>> I've already sent this question so I do apologize for repeating. But I >>> had been waiting for an answer during 2 months an didn't get a solution, >>> so I decided to repeat my question. >>> Since my first letter the new EJBCA release has been issued. >>> Unfortunately it doesn't solve my problem. So once again: >>> >>> I'm trying to install a new instance of EJBCA (6.2.0). >>> My system is: FreeBSD 9.2, Jboss 7.1.1, openjdk version "1.7.0_60", >>> PostgreSQL 9.3. >>> `ant deploy' finishes with success and I able to see a database tables >>> after that. >>> >>> `ant install finishes with failure. Here is the error message, which I >>> observe in Jboss console: >>> 08:58:30,905 ERROR [org.jboss.ejb3.invocation] (EJB default - 3) >>> JBAS014134: EJB Invocation failed on component >>> GlobalConfigurationSessionBean for method public abstract >>> org.ejbca.config.Configuration >>> org.ejbca.core.ejb.config.GlobalConfigurationSession.getCachedConfiguration(java.lang.String): >>> java.lang.RuntimeException: Internal admin was denied access. This >>> should not be able to happen. >>> >>> Please see the entire ant and Jboss console logs in the attachments. >>> Hope very much for your help. >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> Want fast and easy access to all the code in your enterprise? Index and >>> search up to 200,000 lines of code with a free copy of Black Duck >>> Code Sight - the same software that powers the world's largest code >>> search on Ohloh, the Black Duck Open Hub! Try it now. >>> http://p.sf.net/sfu/bds >>> >>> >>> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> ------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Pavel B. <byc...@ht...> - 2014-07-16 15:40:45
|
Hi Tomas, This is the part of console output right after the `ant install' was invoked. If the previous output about successful deployment does matter I can send it as well. Should I? Best regards, Pavel On 16.07.2014 18:33, Tomas Gustavsson wrote: > Also, the entire JBoss console log was _not_ in the attachment, it was > only a selected snippet showing a symptom, not a cause. > > Cheers, > Tomas > > On 2014-07-16 17:19, Pavel Bychykhin wrote: >> Hi Everyone, >> >> I've already sent this question so I do apologize for repeating. But I >> had been waiting for an answer during 2 months an didn't get a solution, >> so I decided to repeat my question. >> Since my first letter the new EJBCA release has been issued. >> Unfortunately it doesn't solve my problem. So once again: >> >> I'm trying to install a new instance of EJBCA (6.2.0). >> My system is: FreeBSD 9.2, Jboss 7.1.1, openjdk version "1.7.0_60", >> PostgreSQL 9.3. >> `ant deploy' finishes with success and I able to see a database tables >> after that. >> >> `ant install finishes with failure. Here is the error message, which I >> observe in Jboss console: >> 08:58:30,905 ERROR [org.jboss.ejb3.invocation] (EJB default - 3) >> JBAS014134: EJB Invocation failed on component >> GlobalConfigurationSessionBean for method public abstract >> org.ejbca.config.Configuration >> org.ejbca.core.ejb.config.GlobalConfigurationSession.getCachedConfiguration(java.lang.String): >> java.lang.RuntimeException: Internal admin was denied access. This >> should not be able to happen. >> >> Please see the entire ant and Jboss console logs in the attachments. >> Hope very much for your help. >> >> >> >> ------------------------------------------------------------------------------ >> Want fast and easy access to all the code in your enterprise? Index and >> search up to 200,000 lines of code with a free copy of Black Duck >> Code Sight - the same software that powers the world's largest code >> search on Ohloh, the Black Duck Open Hub! Try it now. >> http://p.sf.net/sfu/bds >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Pavel B. <byc...@ht...> - 2014-07-16 15:40:34
|
Thank you Tomas. I will try to set something reasonable for the hostname and see if it works. Best regards, Pavel On 16.07.2014 18:32, Tomas Gustavsson wrote: > As you can see from the messages you get your server seems wrongly > configured. Hostname and ip lookups does not work as they should. > > Cheers, > Tomas > > On 2014-07-16 17:19, Pavel Bychykhin wrote: >> java.net.UnknownHostException: mtamonitor1: mtamonitor1: hostname nor servname provided, or not known > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Tomas G. <to...@pr...> - 2014-07-16 15:33:12
|
Also, the entire JBoss console log was _not_ in the attachment, it was only a selected snippet showing a symptom, not a cause. Cheers, Tomas On 2014-07-16 17:19, Pavel Bychykhin wrote: > Hi Everyone, > > I've already sent this question so I do apologize for repeating. But I > had been waiting for an answer during 2 months an didn't get a solution, > so I decided to repeat my question. > Since my first letter the new EJBCA release has been issued. > Unfortunately it doesn't solve my problem. So once again: > > I'm trying to install a new instance of EJBCA (6.2.0). > My system is: FreeBSD 9.2, Jboss 7.1.1, openjdk version "1.7.0_60", > PostgreSQL 9.3. > `ant deploy' finishes with success and I able to see a database tables > after that. > > `ant install finishes with failure. Here is the error message, which I > observe in Jboss console: > 08:58:30,905 ERROR [org.jboss.ejb3.invocation] (EJB default - 3) > JBAS014134: EJB Invocation failed on component > GlobalConfigurationSessionBean for method public abstract > org.ejbca.config.Configuration > org.ejbca.core.ejb.config.GlobalConfigurationSession.getCachedConfiguration(java.lang.String): > java.lang.RuntimeException: Internal admin was denied access. This > should not be able to happen. > > Please see the entire ant and Jboss console logs in the attachments. > Hope very much for your help. > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Tomas G. <to...@pr...> - 2014-07-16 15:32:12
|
As you can see from the messages you get your server seems wrongly configured. Hostname and ip lookups does not work as they should. Cheers, Tomas On 2014-07-16 17:19, Pavel Bychykhin wrote: > java.net.UnknownHostException: mtamonitor1: mtamonitor1: hostname nor servname provided, or not known |
|
From: Pavel B. <byc...@ht...> - 2014-07-16 15:20:25
|
Hi Everyone, I've already sent this question so I do apologize for repeating. But I had been waiting for an answer during 2 months an didn't get a solution, so I decided to repeat my question. Since my first letter the new EJBCA release has been issued. Unfortunately it doesn't solve my problem. So once again: I'm trying to install a new instance of EJBCA (6.2.0). My system is: FreeBSD 9.2, Jboss 7.1.1, openjdk version "1.7.0_60", PostgreSQL 9.3. `ant deploy' finishes with success and I able to see a database tables after that. `ant install finishes with failure. Here is the error message, which I observe in Jboss console: 08:58:30,905 ERROR [org.jboss.ejb3.invocation] (EJB default - 3) JBAS014134: EJB Invocation failed on component GlobalConfigurationSessionBean for method public abstract org.ejbca.config.Configuration org.ejbca.core.ejb.config.GlobalConfigurationSession.getCachedConfiguration(java.lang.String): java.lang.RuntimeException: Internal admin was denied access. This should not be able to happen. Please see the entire ant and Jboss console logs in the attachments. Hope very much for your help. -- Best regards, Pavel |
|
From: Tomas G. <to...@pr...> - 2014-07-16 09:11:03
|
On 2014-07-16 08:50, Christian Felsing wrote: > Am 15.07.14 15:29, schrieb Tomas Gustavsson: >> >> On 2014-07-15 13:38, Christian Felsing wrote: >>> Hello, >>> >>> while trying to create a CVC CA in EJBCA Community I got following message: >>> >>> CVC CA type is not available in this version of EJBCA >>> >>> Does that mean community edition does not support CVC? >> >> That is correct. Since it's so specific for country/government usage >> there is no possibility to maintain it for free, and the community is >> pretty small. >> >> Cheers, >> Tomas > > CVC is not only for government related applications, there is an open source project sc-hsm which also supports CVC, because that > card will claim to be suitable for CVC applications. With this card ejbca may become a solution für CVC based application besides > government applications. > > At demo.openscdp.org s a demo for EAC-PKI applications. Cool. I have seen discussions about using CVC also for other things. Would be cool if the website mentioned those use cases a little? Unfortunately ePassport and eID has for the last years been the main financing for the developers of EJBCA and SignServer. Unfortunately some (only a few) large corporations find that it is nice to have others developing software for them, so they can participate in the same tenders with a low price (since they don't do the development). This is the main drivers for all Enterprise version of Open Source software today I would say, the need to finance the development balanced with wealthy corporations (only some) over-using the community. Cheers, Tomas > > cheers > Christian > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Tomas G. <to...@pr...> - 2014-07-16 08:42:00
|
Hi, In your log you have this database error: Unable to fill pool: javax.resource.ResourceException: Could not create connection org.postgresql.util.PSQLException: FATAL: password authentication failed for user "ejbca" You need to fix you database configuration. Always read the log file from top to bottom, in order to see the first errors. Cheers, Tomas Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. http://www.primekey.se/Products/EJBCA+PKI/ http://www.primekey.se/Services/Support/ On 2014-07-15 21:54, Michael Green wrote: > So I'm trying to deploy EJBCA 6.0.3 to JBOSS 7.1.1 with a Postgresql 9.1 > backend on Wheezy. I've added the driver and created the datasource. But > JBOSS gives this error at startup: > > 14:33:44,479 INFO [org.jboss.as.controller] (DeploymentScanner-threads > - 2) JBAS014774: Service status report > JBAS014775: New missing/unsatisfied dependencies: > service jboss.naming.context.java.module.ejbca.adminweb (missing) > dependents: [service > jboss.naming.context.java.module.ejbca.adminweb.ValidatorFactory, > service jboss.naming.context.java.module.ejbca.adminweb.Validator] > JBAS014777: Services which failed to start: service > jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: > org.jboss.msc.service.StartException in service > jboss.deployment.subunit."ejbca.ear"."ejbca-ws-ejb.jar".POST_MODULE: > Failed to process phase POST_MODULE of subdeployment "ejbca-ws-ejb.jar" > of deployment "ejbca.ear" > service > jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: > org.jboss.msc.service.StartException in service > jboss.deployment.subunit."ejbca.ear"."systemtests-ejb.jar".POST_MODULE: > Failed to process phase POST_MODULE of subdeployment > "systemtests-ejb.jar" of deployment "ejbca.ear" > service > jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: > org.jboss.msc.service.StartException in service > jboss.deployment.subunit."ejbca.ear"."ejbca-ejb.jar".POST_MODULE: Failed > to process phase POST_MODULE of subdeployment "ejbca-ejb.jar" of > deployment "ejbca.ear" > service > jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: > org.jboss.msc.service.StartException in service > jboss.deployment.subunit."ejbca.ear"."publicweb.war".POST_MODULE: Failed > to process phase POST_MODULE of subdeployment "publicweb.war" of > deployment "ejbca.ear" > service > jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: > org.jboss.msc.service.StartException in service > jboss.deployment.subunit."ejbca.ear"."adminweb.war".POST_MODULE: Failed > to process phase POST_MODULE of subdeployment "adminweb.war" of > deployment "ejbca.ear" > service > jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: > org.jboss.msc.service.StartException in service > jboss.deployment.subunit."ejbca.ear"."cesecore-ejb.jar".POST_MODULE: > Failed to process phase POST_MODULE of subdeployment "cesecore-ejb.jar" > of deployment "ejbca.ear" > > Full JBOSS log ---> http://pastebin.com/qzLfTMh2 > > ant deploy completed successfully but ant install errored out with "JAVA > returned 1". > > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck > Code Sight - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
106 messages has been excluded from this view by a project administrator.
