Menu
▾
▴
ejbca-develop — Development discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(3) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(3) |
Feb
(2) |
Mar
(8) |
Apr
(3) |
May
(6) |
Jun
(1) |
Jul
(15) |
Aug
(6) |
Sep
|
Oct
(10) |
Nov
(2) |
Dec
(4) |
| 2003 |
Jan
(1) |
Feb
(7) |
Mar
(3) |
Apr
(6) |
May
(7) |
Jun
(5) |
Jul
(5) |
Aug
(25) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
(2) |
| 2004 |
Jan
(7) |
Feb
(4) |
Mar
(12) |
Apr
(16) |
May
(43) |
Jun
(56) |
Jul
(43) |
Aug
(40) |
Sep
(66) |
Oct
(12) |
Nov
(26) |
Dec
(10) |
| 2005 |
Jan
(13) |
Feb
(33) |
Mar
(16) |
Apr
(7) |
May
(10) |
Jun
(34) |
Jul
(41) |
Aug
(8) |
Sep
(4) |
Oct
(32) |
Nov
(20) |
Dec
(25) |
| 2006 |
Jan
(30) |
Feb
(101) |
Mar
(5) |
Apr
(75) |
May
(74) |
Jun
(22) |
Jul
(6) |
Aug
(70) |
Sep
(19) |
Oct
(21) |
Nov
(31) |
Dec
(50) |
| 2007 |
Jan
(15) |
Feb
(20) |
Mar
(24) |
Apr
(33) |
May
(13) |
Jun
(18) |
Jul
(13) |
Aug
(7) |
Sep
(63) |
Oct
(68) |
Nov
(29) |
Dec
(68) |
| 2008 |
Jan
(30) |
Feb
(33) |
Mar
(30) |
Apr
(103) |
May
(78) |
Jun
(48) |
Jul
(72) |
Aug
(24) |
Sep
(62) |
Oct
(63) |
Nov
(70) |
Dec
(37) |
| 2009 |
Jan
(34) |
Feb
(35) |
Mar
(64) |
Apr
(34) |
May
(34) |
Jun
(58) |
Jul
(30) |
Aug
(30) |
Sep
(46) |
Oct
(52) |
Nov
(12) |
Dec
(23) |
| 2010 |
Jan
(121) |
Feb
(18) |
Mar
(53) |
Apr
(62) |
May
(62) |
Jun
(20) |
Jul
(33) |
Aug
(20) |
Sep
(36) |
Oct
(35) |
Nov
(44) |
Dec
(63) |
| 2011 |
Jan
(19) |
Feb
(32) |
Mar
(94) |
Apr
(41) |
May
(47) |
Jun
(25) |
Jul
(34) |
Aug
(20) |
Sep
(9) |
Oct
(41) |
Nov
(33) |
Dec
(24) |
| 2012 |
Jan
(12) |
Feb
(36) |
Mar
(48) |
Apr
(32) |
May
(20) |
Jun
(15) |
Jul
(32) |
Aug
(13) |
Sep
(33) |
Oct
(54) |
Nov
(25) |
Dec
(16) |
| 2013 |
Jan
(45) |
Feb
(39) |
Mar
(38) |
Apr
(50) |
May
(29) |
Jun
(30) |
Jul
(33) |
Aug
(12) |
Sep
(9) |
Oct
(25) |
Nov
(29) |
Dec
(20) |
| 2014 |
Jan
(25) |
Feb
(19) |
Mar
(16) |
Apr
(33) |
May
(27) |
Jun
(37) |
Jul
(29) |
Aug
(27) |
Sep
(37) |
Oct
(58) |
Nov
(109) |
Dec
(26) |
| 2015 |
Jan
(4) |
Feb
(35) |
Mar
(22) |
Apr
(35) |
May
(28) |
Jun
(20) |
Jul
(4) |
Aug
(16) |
Sep
(37) |
Oct
(13) |
Nov
(13) |
Dec
(14) |
| 2016 |
Jan
(22) |
Feb
(7) |
Mar
(23) |
Apr
(30) |
May
(10) |
Jun
(10) |
Jul
(15) |
Aug
(12) |
Sep
(22) |
Oct
(31) |
Nov
(5) |
Dec
(5) |
| 2017 |
Jan
(30) |
Feb
(25) |
Mar
(28) |
Apr
(4) |
May
(19) |
Jun
(13) |
Jul
(7) |
Aug
(1) |
Sep
(2) |
Oct
(5) |
Nov
(12) |
Dec
(2) |
| 2018 |
Jan
(7) |
Feb
|
Mar
(7) |
Apr
(2) |
May
(8) |
Jun
(18) |
Jul
(6) |
Aug
(3) |
Sep
(15) |
Oct
(33) |
Nov
(13) |
Dec
(7) |
| 2019 |
Jan
(5) |
Feb
(7) |
Mar
(30) |
Apr
(5) |
May
(4) |
Jun
(69) |
Jul
(86) |
Aug
(22) |
Sep
(6) |
Oct
(7) |
Nov
(5) |
Dec
(3) |
| 2020 |
Jan
(10) |
Feb
(12) |
Mar
(22) |
Apr
(5) |
May
(1) |
Jun
(4) |
Jul
(6) |
Aug
|
Sep
(9) |
Oct
|
Nov
|
Dec
(1) |
| 2021 |
Jan
(4) |
Feb
(11) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(3) |
Jul
(10) |
Aug
(6) |
Sep
|
Oct
|
Nov
(18) |
Dec
(2) |
| 2022 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Roman C. <rom...@wi...> - 2013-12-11 06:46:26
|
Hi mErRYo, The problem should be in your certificate profile configuration as it is written in your exception. In EJBCA administration and in certificate profile configuration you are setting which CAs are available for that profile. Probably you don't have your CA marked. Look at it and you should get it resolved. With regards, Roman From: mErRYo [mailto:mer...@ya...] Sent: Wednesday, December 11, 2013 6:47 AM To: ejb...@li... Subject: [Ejbca-develop] Ejbca 4.0.16 Create Browser Certificate Error Hi, I am trying to get a certificate after adding end user through a custom predefined end entity profile through "create browser certificate" option. What i did is i create a certificate profile against which i created a CA, than i created an end entity against that CA profile. In last step i also created a user against the end entity. All the three steps works fine. Problem occurs when i go for certificate download (install) through create browser cert. option i get following exception. Please HELP!! My exception is as follow: 2013-12-10 16:06:39,187 ERROR [org.ejbca.core.ejb.ca.sign.RSASignSessionBean] (http-0.0.0.0-8080-4) Error creating certificate: javax.ejb.EJBException: End Entity data contains a CA, -487214483, which the Certificate Profile, 2, isn't authorized to use. at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:821) at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:425) at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:209) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:622) at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69) at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73) at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:622) at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72) at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1239553344.invoke(InvocationContextInterceptor_z_fillMethod_1239553344.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88) at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1239553344.invoke(InvocationContextInterceptor_z_setup_1239553344.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176) at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164) at com.sun.proxy.$Proxy963.createCertificate(Unknown Source) at org.ejbca.ui.web.RequestHelper.nsCertRequest(RequestHelper.java:132) at org.ejbca.ui.web.pub.RequestInstance.doPost(RequestInstance.java:330) at org.ejbca.ui.web.pub.CertReqServlet.doPost(CertReqServlet.java:117) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:701) |
|
From: Ebtehal H. <h.e...@ya...> - 2013-12-11 06:37:05
|
what is the necessary properties of LDAP server certificate to connect the LDAP server securly to CA server?? |
|
From: mErRYo <mer...@ya...> - 2013-12-11 05:51:43
|
Hi there, I am using EJbca 4.0.16 with ubuntu and hsqldb for my testing. I implemented DemoCertReqServlet for instant issuance. The problem i am facing is that i get the request hold up in my RA portal for manual approval rather issuing the certificate instantly. My Exception is: exception javax.servlet.ServletException: Error adding user: org.ejbca.ui.web.pub.DemoCertReqServlet.doPost(DemoCertReqServlet.java:261) javax.servlet.http.HttpServlet.service(HttpServlet.java:637) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) root cause org.ejbca.core.model.approval.WaitingForApprovalException: Add Endity Action have been added for approval by authorized adminstrators. org.ejbca.core.ejb.ra.UserAdminSessionBean.addUser(UserAdminSessionBean.java:298) org.ejbca.core.ejb.ra.UserAdminSessionBean.addUser(UserAdminSessionBean.java:203) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:622) org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69) org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73) org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59) sun.reflect.GeneratedMethodAccessor530.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:622) org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72) org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1239553344.invoke(InvocationContextInterceptor_z_fillMethod_1239553344.java) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88) org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1239553344.invoke(InvocationContextInterceptor_z_setup_1239553344.java) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176) org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216) org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207) org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164) com.sun.proxy.$Proxy962.addUser(Unknown Source) org.ejbca.ui.web.pub.DemoCertReqServlet.doPost(DemoCertReqServlet.java:256) javax.servlet.http.HttpServlet.service(HttpServlet.java:637) javax.servlet.http.HttpServlet.service(HttpServlet.java:717) org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) Please guide me where i am mistakin. Thanks |
|
From: mErRYo <mer...@ya...> - 2013-12-11 05:50:29
|
Hi, I am trying to get a certificate after adding end user through a custom predefined end entity profile through "create browser certificate" option. What i did is i create a certificate profile against which i created a CA, than i created an end entity against that CA profile. In last step i also created a user against the end entity. All the three steps works fine. Problem occurs when i go for certificate download (install) through create browser cert. option i get following exception. Please HELP!! My exception is as follow: 2013-12-10 16:06:39,187 ERROR [org.ejbca.core.ejb.ca.sign.RSASignSessionBean] (http-0.0.0.0-8080-4) Error creating certificate: javax.ejb.EJBException: End Entity data contains a CA, -487214483, which the Certificate Profile, 2, isn't authorized to use. at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:821) at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:425) at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:209) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:622) at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69) at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73) at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:622) at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72) at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1239553344.invoke(InvocationContextInterceptor_z_fillMethod_1239553344.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88) at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1239553344.invoke(InvocationContextInterceptor_z_setup_1239553344.java) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79) at org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67) at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176) at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207) at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164) at com.sun.proxy.$Proxy963.createCertificate(Unknown Source) at org.ejbca.ui.web.RequestHelper.nsCertRequest(RequestHelper.java:132) at org.ejbca.ui.web.pub.RequestInstance.doPost(RequestInstance.java:330) at org.ejbca.ui.web.pub.CertReqServlet.doPost(CertReqServlet.java:117) at javax.servlet.http.HttpServlet.service(HttpServlet.java:637) at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191) at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433) at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126) at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102) at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330) at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829) at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598) at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447) at java.lang.Thread.run(Thread.java:701) |
|
From: Branko M. <br...@ma...> - 2013-12-04 13:55:09
|
On Tue, 3 Dec 2013 11:40:01 +0000 (GMT) Ebtehal Hassan <h.e...@ya...> wrote: > i was trying to securing the connection between CA server & LDAP server using TLS but i have the following error > > Following error occurred when testing connection : LDAP ERROR: Error binding to LDAP server. Connect Error > > and in jboss this msg was appear > > 14:36:14,907 ERROR [LdapPublisher] LDAP ERROR: Error binding to LDAP server. Connect Error > LDAPException: Unable to connect to 192.168.50.9:636. (91) Connect Error > LDAPException: Server Message: Unable to connect to 192.168.50.9:636. If you are using LDAP over SSL, you must make sure to import the CA certificates from the LDAP server chain into Java's default truststore (iirc the file is called cacerts). Instead of using system-wide truststore, you could also try using your own truststore (look at the javax.net.ssl.trustStore Java option). You can override it via JAVA_OPTS, for example. Also make sure you can actually connect to the LDAP server from your CA on port 636 at all. Best regards -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
|
From: Tomas G. <to...@pr...> - 2013-12-04 13:12:32
|
The publisher is unable to connect to your LDAP server. You need to look for the cause in your log files. Cheers, Tomas On 12/03/2013 12:40 PM, Ebtehal Hassan wrote: > i was trying to securing the connection between CA server & LDAP server > using TLS but i have the following error > > > Following error occurred when testing connection : LDAP ERROR: > Error binding to LDAP server. Connect Error > > > and in jboss this msg was appear > 14:36:14,907 ERROR [LdapPublisher] LDAP ERROR: Error binding to LDAP > server. Connect Error > LDAPException: Unable to connect to 192.168.50.9:636. (91) Connect Error > LDAPException: Server Message: Unable to connect to 192.168.50.9:636. > > > > ------------------------------------------------------------------------------ > Rapidly troubleshoot problems before they affect your business. Most IT > organizations don't have a clear picture of how application performance > affects their revenue. With AppDynamics, you get 100% visibility into your > Java,.NET, & PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro! > http://pubads.g.doubleclick.net/gampad/clk?id=84349351&iu=/4140/ostg.clktrk > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Ebtehal H. <h.e...@ya...> - 2013-12-03 11:43:05
|
i was trying to securing the connection between CA server & LDAP server using TLS but i have the following error Following error occurred when testing connection : LDAP ERROR: Error binding to LDAP server. Connect Error and in jboss this msg was appear 14:36:14,907 ERROR [LdapPublisher] LDAP ERROR: Error binding to LDAP server. Connect Error LDAPException: Unable to connect to 192.168.50.9:636. (91) Connect Error LDAPException: Server Message: Unable to connect to 192.168.50.9:636. |
|
From: PREMKUMAR <pre...@gm...> - 2013-11-29 07:00:13
|
Hi Experts, I am trying to do CMPv2 certificate enrollment with EJBCA server.I see the following error message while doing so. My Initialize and Update requests are working fine. EJBCA Version : 4.0.10 JBOSS : JBoss-5.1.0.GA Please find the error log below. ERROR [CrmfMessageHandler] Could not create CmpPbeVerifyer This is my ssh-cmpclient command cmd: ssh-cmpclient enroll -y -e -P generate://pkcs8@rsa:1024/segw-SAMI -o segw-SAMI -c segwSLOT3SAMI3_20131108102752.crt -k file://pkcs8@/segwSLOT3SAMI3_20131108102752.prv -s "CN=ejbcaCA;dns=test1.cisco.com" -u keyencipherment -C ejbcaCA.crt http://44.44.44.95:8080/ejbca/publicweb/cmp 2>&1 | tee /app/segw/enroll.log Please let me know why I am seeing this issue,and let me know if you need more information. Thanks, Prem |
|
From: PREMKUMAR <pre...@gm...> - 2013-11-29 06:57:54
|
Hi Experts, I am trying to do CMPv2 certificate enrollment with EJBCA server.I see the following error message while doing so. My Initialize and Update requests are working fine. EJBCA Version : 4.0.10 JBOSS : JBoss-5.1.0.GA Please find the error log below. ERROR [CrmfMessageHandler] Could not create CmpPbeVerifyer This is my ssh-cmpclient command cmd: ssh-cmpclient enroll -y -e -P generate://pkcs8@rsa:1024/segw-SAMI -o segw-SAMI -c segwSLOT3SAMI3_20131108102752.crt -k file://pkcs8@/segwSLOT3SAMI3_20131108102752.prv -s "CN=ejbcaCA;dns=test1.cisco.com" -u keyencipherment -C ejbcaCA.crt http://44.44.44.95:8080/ejbca/publicweb/cmp 2>&1 | tee /app/segw/enroll.log Please let me know why I am seeing this issue,and let me know if you need more information. Thanks, Prem |
|
From: Tomas G. <to...@pr...> - 2013-11-27 13:44:52
|
I have written a final piece in the blog series about EJBCA 6 related to EJBCA Enterprise and Community. http://blog.ejbca.org/2013/11/whats-new-in-ejbca-6-part-4-enterprise.html Kind regards PrimeKey EJBCA Team |
|
From: Tomas G. <to...@pr...> - 2013-11-26 08:12:16
|
No, the debug log contains lots of lines, marked with Debug, with information what EJBCA is doing. You have sent only one line, marked with ERROR.
Is the other lines, above this one that describes what EJBCA does.
On Nov 26, 2013 7:36 AM, eilaf sorkatti <eil...@gm...> wrote:
I configure it for DEBUG, IS this OK:
12:31:27,041 ERROR [ServiceSessionBean] Service worker execution failed.
javax.ejb.EJBException: org.ejbca.core.model.ca.publisher.PublisherException: LDAP ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP (top;applicationProcess;certificationAuthority-V2) for DN (CN=testCA1,o=test,c=SW). Message: Object Class Violation.
at org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:104)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at sun.proxy.$Proxy330.storeCRLNonTransactional(Unknown Source)
at org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.doPublish(PublisherQueueSessionBean.java:312)
at org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.doChunk(PublisherQueueSessionBean.java:237)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor322.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_246041724.invoke(InvocationContextInterceptor_z_fillMethod_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_246041724.invoke(InvocationContextInterceptor_z_setup_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
at org.jboss.aspects.tx.TxInterceptor$RequiresNew.invoke(TxInterceptor.java:261)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at sun.proxy.$Proxy330.doChunk(Unknown Source)
at org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.plainFifoTryAlwaysLimit100EntriesOrderByTimeCreated(PublisherQueueSessionBean.java:228)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor322.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_246041724.invoke(InvocationContextInterceptor_z_fillMethod_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_246041724.invoke(InvocationContextInterceptor_z_setup_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:114)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at sun.proxy.$Proxy330.plainFifoTryAlwaysLimit100EntriesOrderByTimeCreated(Unknown Source)
at org.ejbca.core.model.services.workers.PublishQueueProcessWorker.work(PublishQueueProcessWorker.java:83)
at org.ejbca.core.ejb.services.ServiceSessionBean.executeServiceInNoTransaction(ServiceSessionBean.java:578)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor322.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_246041724.invoke(InvocationContextInterceptor_z_fillMethod_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_246041724.invoke(InvocationContextInterceptor_z_setup_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:114)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
at org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
at org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
at sun.proxy.$Proxy455.executeServiceInNoTransaction(Unknown Source)
at org.ejbca.core.ejb.services.ServiceSessionBean.timeoutHandler(ServiceSessionBean.java:457)
at sun.reflect.GeneratedMethodAccessor389.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor322.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_246041724.invoke(InvocationContextInterceptor_z_fillMethod_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_246041724.invoke(InvocationContextInterceptor_z_setup_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:114)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:138)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:80)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessContainer.callTimeout(StatelessContainer.java:249)
at org.jboss.as.ejb3.timerservice.TimedObjectInvokerBridge.callTimeout(TimedObjectInvokerBridge.java:44)
at org.jboss.ejb.txtimer.TimerImpl$TimerTaskImpl.run(TimerImpl.java:561)
at java.util.TimerThread.mainLoop(Timer.java:534)
at java.util.TimerThread.run(Timer.java:484)
Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP (top;applicationProcess;certificationAuthority-V2) for DN (CN=testCA,o=test,c=SW). Message: Object Class Violation.
at org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
at org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor322.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_246041724.invoke(InvocationContextInterceptor_z_fillMethod_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_246041724.invoke(InvocationContextInterceptor_z_setup_246041724.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
... 233 more
On Tue, Nov 26, 2013 at 9:01 AM, Tomas Gustavsson <to...@pr... <mailto:to...@pr...> > wrote:
No, jboss server log, please configure it for debug for EJBCA. See EJBCA wiki for log configuration tips.
On Nov 26, 2013 6:59 AM, eilaf sorkatti <eil...@gm... <mailto:eil...@gm...> > wrote:
You mean ldap server log? I use #/usr/local/libexec/slapd -9 for debugging mode of my server and paste the information above in a previous message.
On Tue, Nov 26, 2013 at 8:54 AM, Tomas Gustavsson <to...@pr... <mailto:to...@pr...> > wrote:
Then you need to provide a more complete debug log. That will show what is happening.
On Nov 26, 2013 6:44 AM, eilaf sorkatti <eil...@gm... <mailto:eil...@gm...> > wrote:
No, It happens when I try to republish my CA certificate.
On Mon, Nov 25, 2013 at 3:55 PM, Tomas Gustavsson <to...@pr... <mailto:to...@pr...> > wrote:
This seems to happen when you try to create a CRL is it not?
On 11/25/2013 01:46 PM, eilaf sorkatti wrote:
> Hi,
>
> Thanks for reply, Here is my ldap server log:
>
>
> >>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
> <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
> ==>backsql_add("cn=testCA,o=test,c=SW")
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "applicationProcess"
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "certificationAuthority-V2"
> Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
> requires attribute 'cACertificate'
> backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
> aborting
> send_ldap_result: conn=5305 op=1 p=3
> send_ldap_response: msgid=1918 tag=105 err=65
> ber_flush2: 90 bytes to sd 14
> <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> 'certificationAuthority-V2' requires attribute 'cACertificate'"
> daemon: activity on 1 descriptor
> daemon: activity on: 14r
> daemon: read active on 14
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_get(14): got connid=5305
> connection_read(14): checking for input on id=5305
> ber_get_next
> ber_get_next: tag 0x30 len 6 contents:
> op tag 0x42, time 1385394025
> ber_get_next
> ber_get_next on fd 14 failed errno=0 (Success)
> connection_read(14): input error=-2 id=5305, closing.
> connection_closing: readying conn=5305 sd=14 for close
> connection_close: deferring conn=5305 sd=14
> daemon: activity on 1 descriptor
> conn=5305 op=2 do_unbind
> daemon: activity on:
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_resched: attempting closing conn=5305 sd=14
> connection_close: conn=5305 sd=14
> daemon: removing 14
>
>
> And this is my JBOSS Log:
>
>
> Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> (top;applicationProcess;certificationAuthority-V2) for DN
> (CN=testCA,o=test,c=SW). Message: Object Class Violation.
> at
> org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
> at
> org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> at
> org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> ... 230 more
>
>
> On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma... <mailto:br...@ma...>
> <mailto:br...@ma... <mailto:br...@ma...> >> wrote:
>
> Once again - you should set-up logging for OpenLDAP (preferably set it
> so that you can get information about queries sent against the server),
> and have a look at what the logs say regarding schema violations. The
> logs will explicitly list what's violating the schema.
>
> One thing that comes to my mind is that perhaps you forgot to republish
> the CA when you assigned the publisher to it (iirc, the CRL updates
> will not create the entry in LDAP). Then again, seeing that you get
> schema violations, it might be more probable it's the reason I posted
> in one of the first posts.
>
> Once again - set-up the logging for OpenLDAP. It will help you in the
> long run with any issues you have with it.
>
> Best regards
>
> On Mon, 25 Nov 2013 09:04:27 +0300
> eilaf sorkatti <eil...@gm... <mailto:eil...@gm...>
> <mailto:eil...@gm... <mailto:eil...@gm...> >> wrote:
>
> > Yes, I read about this simliar problem before, and I setup the
> publisher
> > before creating the CA. but still I get same problem.
> >
> >
> > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny
> <yoh...@gm... <mailto:yoh...@gm...> <mailto:yoh...@gm... <mailto:yoh...@gm...> >> wrote:
> >
> > > As Branko said, if possible check OpenLDAP's Log File as well
> for further
> > > details concerning the error and post it along your reply. That
> may shed
> > > some light upon LDAP related issues.
> > >
> > > I thought maube I should add this, and even though I had never
> experienced
> > > that error before, but I recall from another user who came
> along a similar
> > > problem that he got it resolved by having to set up the
> Publisher before
> > > creating the CA for EJBCA to be able to store Certificates and
> CRLs to LDAP
> > > directories. If that happens to be the case, this may hint on
> the source of
> > > the error as well, which is more probably an issue on rather
> EJBCA's side,
> > > not OpenLDAP.
> > >
> > > Yousif Hussin
> > > National Information Center
> > > NIC Sudan
> > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti"
> <eil...@gm... <mailto:eil...@gm...> <mailto:eil...@gm... <mailto:eil...@gm...> >> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >> When I trying publish CA certificate to ldap the following
> error appear
> > >> in jboss log:
> > >>
> > >> Too large comment for LogEntry was truncated. The full
> comment was:
> > >> Error when publishing to Publisher, fingerprint: CRL.,
> Exception: LDAP
> > >> ERROR: Error storing CRL (certificateRevocationList;binary) in
> LDAP
> > >> (top;applicationProcess;certificationAuthority) for DN
> > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > >>
> > >>
> > >> I can publish user certificates successfully but i have
> problems with CA
> > >> certificate publishing.
> > >>
> > >>
> > >>
>
> --
> Branko Majic
> Jabber: br...@ma... <mailto:br...@ma...> <mailto:br...@ma... <mailto:br...@ma...> >
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma... <mailto:br...@ma...> <mailto:br...@ma... <mailto:br...@ma...> >
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and
> game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign
> up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk <http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li... <mailto:Ejb...@li...>
> <mailto:Ejb...@li... <mailto:Ejb...@li...> >
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
>
>
> --
> Eilaf Hamad Elnil Mugbil
> University Of Khartoum
> School Of Mathematical science
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk <http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk>
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li... <mailto:Ejb...@li...>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk <http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk>
_______________________________________________
Ejbca-develop mailing list
Ejb...@li... <mailto:Ejb...@li...>
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
--
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk <http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk>
_______________________________________________
Ejbca-develop mailing list
Ejb...@li... <mailto:Ejb...@li...>
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
--
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science
--
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science
|
|
From: Tomas G. <to...@pr...> - 2013-11-26 05:54:08
|
Then you need to provide a more complete debug log. That will show what is happening.
On Nov 26, 2013 6:44 AM, eilaf sorkatti <eil...@gm...> wrote:
No, It happens when I try to republish my CA certificate.
On Mon, Nov 25, 2013 at 3:55 PM, Tomas Gustavsson <to...@pr... <mailto:to...@pr...> > wrote:
This seems to happen when you try to create a CRL is it not?
On 11/25/2013 01:46 PM, eilaf sorkatti wrote:
> Hi,
>
> Thanks for reply, Here is my ldap server log:
>
>
> >>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
> <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
> ==>backsql_add("cn=testCA,o=test,c=SW")
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "applicationProcess"
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "certificationAuthority-V2"
> Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
> requires attribute 'cACertificate'
> backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
> aborting
> send_ldap_result: conn=5305 op=1 p=3
> send_ldap_response: msgid=1918 tag=105 err=65
> ber_flush2: 90 bytes to sd 14
> <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> 'certificationAuthority-V2' requires attribute 'cACertificate'"
> daemon: activity on 1 descriptor
> daemon: activity on: 14r
> daemon: read active on 14
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_get(14): got connid=5305
> connection_read(14): checking for input on id=5305
> ber_get_next
> ber_get_next: tag 0x30 len 6 contents:
> op tag 0x42, time 1385394025
> ber_get_next
> ber_get_next on fd 14 failed errno=0 (Success)
> connection_read(14): input error=-2 id=5305, closing.
> connection_closing: readying conn=5305 sd=14 for close
> connection_close: deferring conn=5305 sd=14
> daemon: activity on 1 descriptor
> conn=5305 op=2 do_unbind
> daemon: activity on:
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_resched: attempting closing conn=5305 sd=14
> connection_close: conn=5305 sd=14
> daemon: removing 14
>
>
> And this is my JBOSS Log:
>
>
> Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> (top;applicationProcess;certificationAuthority-V2) for DN
> (CN=testCA,o=test,c=SW). Message: Object Class Violation.
> at
> org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
> at
> org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> at
> org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> ... 230 more
>
>
> On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma... <mailto:br...@ma...>
> <mailto:br...@ma... <mailto:br...@ma...> >> wrote:
>
> Once again - you should set-up logging for OpenLDAP (preferably set it
> so that you can get information about queries sent against the server),
> and have a look at what the logs say regarding schema violations. The
> logs will explicitly list what's violating the schema.
>
> One thing that comes to my mind is that perhaps you forgot to republish
> the CA when you assigned the publisher to it (iirc, the CRL updates
> will not create the entry in LDAP). Then again, seeing that you get
> schema violations, it might be more probable it's the reason I posted
> in one of the first posts.
>
> Once again - set-up the logging for OpenLDAP. It will help you in the
> long run with any issues you have with it.
>
> Best regards
>
> On Mon, 25 Nov 2013 09:04:27 +0300
> eilaf sorkatti <eil...@gm... <mailto:eil...@gm...>
> <mailto:eil...@gm... <mailto:eil...@gm...> >> wrote:
>
> > Yes, I read about this simliar problem before, and I setup the
> publisher
> > before creating the CA. but still I get same problem.
> >
> >
> > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny
> <yoh...@gm... <mailto:yoh...@gm...> <mailto:yoh...@gm... <mailto:yoh...@gm...> >> wrote:
> >
> > > As Branko said, if possible check OpenLDAP's Log File as well
> for further
> > > details concerning the error and post it along your reply. That
> may shed
> > > some light upon LDAP related issues.
> > >
> > > I thought maube I should add this, and even though I had never
> experienced
> > > that error before, but I recall from another user who came
> along a similar
> > > problem that he got it resolved by having to set up the
> Publisher before
> > > creating the CA for EJBCA to be able to store Certificates and
> CRLs to LDAP
> > > directories. If that happens to be the case, this may hint on
> the source of
> > > the error as well, which is more probably an issue on rather
> EJBCA's side,
> > > not OpenLDAP.
> > >
> > > Yousif Hussin
> > > National Information Center
> > > NIC Sudan
> > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti"
> <eil...@gm... <mailto:eil...@gm...> <mailto:eil...@gm... <mailto:eil...@gm...> >> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >> When I trying publish CA certificate to ldap the following
> error appear
> > >> in jboss log:
> > >>
> > >> Too large comment for LogEntry was truncated. The full
> comment was:
> > >> Error when publishing to Publisher, fingerprint: CRL.,
> Exception: LDAP
> > >> ERROR: Error storing CRL (certificateRevocationList;binary) in
> LDAP
> > >> (top;applicationProcess;certificationAuthority) for DN
> > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > >>
> > >>
> > >> I can publish user certificates successfully but i have
> problems with CA
> > >> certificate publishing.
> > >>
> > >>
> > >>
>
> --
> Branko Majic
> Jabber: br...@ma... <mailto:br...@ma...> <mailto:br...@ma... <mailto:br...@ma...> >
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma... <mailto:br...@ma...> <mailto:br...@ma... <mailto:br...@ma...> >
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and
> game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign
> up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk <http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li... <mailto:Ejb...@li...>
> <mailto:Ejb...@li... <mailto:Ejb...@li...> >
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
>
>
> --
> Eilaf Hamad Elnil Mugbil
> University Of Khartoum
> School Of Mathematical science
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk <http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk>
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li... <mailto:Ejb...@li...>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk <http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk>
_______________________________________________
Ejbca-develop mailing list
Ejb...@li... <mailto:Ejb...@li...>
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
--
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science
------------------------------------------------------------------------------
Shape the Mobile Experience: Free Subscription
Software experts and developers: Be at the forefront of tech innovation.
Intel(R) Software Adrenaline delivers strategic insight and game-changing
conversations that shape the rapidly evolving mobile landscape. Sign up now.
http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
|
|
From: eilaf s. <eil...@gm...> - 2013-11-26 05:41:53
|
No, It happens when I try to republish my CA certificate.
On Mon, Nov 25, 2013 at 3:55 PM, Tomas Gustavsson <to...@pr...> wrote:
>
> This seems to happen when you try to create a CRL is it not?
>
>
> On 11/25/2013 01:46 PM, eilaf sorkatti wrote:
> > Hi,
> >
> > Thanks for reply, Here is my ldap server log:
> >
> >
> > >>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
> > <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
> > ==>backsql_add("cn=testCA,o=test,c=SW")
> > oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> > "applicationProcess"
> > oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> > "certificationAuthority-V2"
> > Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
> > requires attribute 'cACertificate'
> > backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
> > aborting
> > send_ldap_result: conn=5305 op=1 p=3
> > send_ldap_response: msgid=1918 tag=105 err=65
> > ber_flush2: 90 bytes to sd 14
> > <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> > 'certificationAuthority-V2' requires attribute 'cACertificate'"
> > daemon: activity on 1 descriptor
> > daemon: activity on: 14r
> > daemon: read active on 14
> > daemon: epoll: listen=7 active_threads=0 tvp=NULL
> > daemon: epoll: listen=8 active_threads=0 tvp=NULL
> > connection_get(14): got connid=5305
> > connection_read(14): checking for input on id=5305
> > ber_get_next
> > ber_get_next: tag 0x30 len 6 contents:
> > op tag 0x42, time 1385394025
> > ber_get_next
> > ber_get_next on fd 14 failed errno=0 (Success)
> > connection_read(14): input error=-2 id=5305, closing.
> > connection_closing: readying conn=5305 sd=14 for close
> > connection_close: deferring conn=5305 sd=14
> > daemon: activity on 1 descriptor
> > conn=5305 op=2 do_unbind
> > daemon: activity on:
> > daemon: epoll: listen=7 active_threads=0 tvp=NULL
> > daemon: epoll: listen=8 active_threads=0 tvp=NULL
> > connection_resched: attempting closing conn=5305 sd=14
> > connection_close: conn=5305 sd=14
> > daemon: removing 14
> >
> >
> > And this is my JBOSS Log:
> >
> >
> > Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
> > ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> > (top;applicationProcess;certificationAuthority-V2) for DN
> > (CN=testCA,o=test,c=SW). Message: Object Class Violation.
> > at
> >
> org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
> > at
> >
> org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> > at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:616)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> > at
> >
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> > at
> >
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> > at
> >
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> > at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
> > at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> > at java.lang.reflect.Method.invoke(Method.java:616)
> > at
> >
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> > at
> >
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> > at
> >
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at
> >
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> > at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> > at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> > at
> >
> org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> > ... 230 more
> >
> >
> > On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...
> > <mailto:br...@ma...>> wrote:
> >
> > Once again - you should set-up logging for OpenLDAP (preferably set
> it
> > so that you can get information about queries sent against the
> server),
> > and have a look at what the logs say regarding schema violations. The
> > logs will explicitly list what's violating the schema.
> >
> > One thing that comes to my mind is that perhaps you forgot to
> republish
> > the CA when you assigned the publisher to it (iirc, the CRL updates
> > will not create the entry in LDAP). Then again, seeing that you get
> > schema violations, it might be more probable it's the reason I posted
> > in one of the first posts.
> >
> > Once again - set-up the logging for OpenLDAP. It will help you in the
> > long run with any issues you have with it.
> >
> > Best regards
> >
> > On Mon, 25 Nov 2013 09:04:27 +0300
> > eilaf sorkatti <eil...@gm...
> > <mailto:eil...@gm...>> wrote:
> >
> > > Yes, I read about this simliar problem before, and I setup the
> > publisher
> > > before creating the CA. but still I get same problem.
> > >
> > >
> > > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny
> > <yoh...@gm... <mailto:yoh...@gm...>> wrote:
> > >
> > > > As Branko said, if possible check OpenLDAP's Log File as well
> > for further
> > > > details concerning the error and post it along your reply. That
> > may shed
> > > > some light upon LDAP related issues.
> > > >
> > > > I thought maube I should add this, and even though I had never
> > experienced
> > > > that error before, but I recall from another user who came
> > along a similar
> > > > problem that he got it resolved by having to set up the
> > Publisher before
> > > > creating the CA for EJBCA to be able to store Certificates and
> > CRLs to LDAP
> > > > directories. If that happens to be the case, this may hint on
> > the source of
> > > > the error as well, which is more probably an issue on rather
> > EJBCA's side,
> > > > not OpenLDAP.
> > > >
> > > > Yousif Hussin
> > > > National Information Center
> > > > NIC Sudan
> > > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti"
> > <eil...@gm... <mailto:eil...@gm...>> wrote:
> > > >
> > > >> Hi,
> > > >>
> > > >>
> > > >> When I trying publish CA certificate to ldap the following
> > error appear
> > > >> in jboss log:
> > > >>
> > > >> Too large comment for LogEntry was truncated. The full
> > comment was:
> > > >> Error when publishing to Publisher, fingerprint: CRL.,
> > Exception: LDAP
> > > >> ERROR: Error storing CRL (certificateRevocationList;binary) in
> > LDAP
> > > >> (top;applicationProcess;certificationAuthority) for DN
> > > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > > >>
> > > >>
> > > >> I can publish user certificates successfully but i have
> > problems with CA
> > > >> certificate publishing.
> > > >>
> > > >>
> > > >>
> >
> > --
> > Branko Majic
> > Jabber: br...@ma... <mailto:br...@ma...>
> > Please use only Free formats when sending attachments to me.
> >
> > Бранко Мајић
> > Џабер: br...@ma... <mailto:br...@ma...>
> > Молим вас да додатке шаљете искључиво у слободним форматима.
> >
> >
> ------------------------------------------------------------------------------
> > Shape the Mobile Experience: Free Subscription
> > Software experts and developers: Be at the forefront of tech
> innovation.
> > Intel(R) Software Adrenaline delivers strategic insight and
> > game-changing
> > conversations that shape the rapidly evolving mobile landscape. Sign
> > up now.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > <mailto:Ejb...@li...>
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
> >
> >
> >
> > --
> > Eilaf Hamad Elnil Mugbil
> > University Of Khartoum
> > School Of Mathematical science
> >
> >
> >
> ------------------------------------------------------------------------------
> > Shape the Mobile Experience: Free Subscription
> > Software experts and developers: Be at the forefront of tech innovation.
> > Intel(R) Software Adrenaline delivers strategic insight and game-changing
> > conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> >
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
--
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science
|
|
From: Branko M. <br...@ma...> - 2013-11-25 13:58:55
|
On Mon, 25 Nov 2013 15:46:44 +0300
eilaf sorkatti <eil...@gm...> wrote:
> <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> 'certificationAuthority-V2' requires attribute 'cACertificate'"
Try manually republishing the CA information _before_ generating the
CRL (from the edit CA page). That should create the LDAP entry with
correct object classes, and fill-in the cACertificate attribute.
Best regards
--
Branko Majic
Jabber: br...@ma...
Please use only Free formats when sending attachments to me.
Бранко Мајић
Џабер: br...@ma...
Молим вас да додатке шаљете искључиво у слободним форматима.
|
|
From: Tomas G. <to...@pr...> - 2013-11-25 12:55:32
|
This seems to happen when you try to create a CRL is it not?
On 11/25/2013 01:46 PM, eilaf sorkatti wrote:
> Hi,
>
> Thanks for reply, Here is my ldap server log:
>
>
> >>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
> <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
> ==>backsql_add("cn=testCA,o=test,c=SW")
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "applicationProcess"
> oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> "certificationAuthority-V2"
> Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
> requires attribute 'cACertificate'
> backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
> aborting
> send_ldap_result: conn=5305 op=1 p=3
> send_ldap_response: msgid=1918 tag=105 err=65
> ber_flush2: 90 bytes to sd 14
> <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> 'certificationAuthority-V2' requires attribute 'cACertificate'"
> daemon: activity on 1 descriptor
> daemon: activity on: 14r
> daemon: read active on 14
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_get(14): got connid=5305
> connection_read(14): checking for input on id=5305
> ber_get_next
> ber_get_next: tag 0x30 len 6 contents:
> op tag 0x42, time 1385394025
> ber_get_next
> ber_get_next on fd 14 failed errno=0 (Success)
> connection_read(14): input error=-2 id=5305, closing.
> connection_closing: readying conn=5305 sd=14 for close
> connection_close: deferring conn=5305 sd=14
> daemon: activity on 1 descriptor
> conn=5305 op=2 do_unbind
> daemon: activity on:
> daemon: epoll: listen=7 active_threads=0 tvp=NULL
> daemon: epoll: listen=8 active_threads=0 tvp=NULL
> connection_resched: attempting closing conn=5305 sd=14
> connection_close: conn=5305 sd=14
> daemon: removing 14
>
>
> And this is my JBOSS Log:
>
>
> Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> (top;applicationProcess;certificationAuthority-V2) for DN
> (CN=testCA,o=test,c=SW). Message: Object Class Violation.
> at
> org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
> at
> org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> at java.lang.reflect.Method.invoke(Method.java:616)
> at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> at
> org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> ... 230 more
>
>
> On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...
> <mailto:br...@ma...>> wrote:
>
> Once again - you should set-up logging for OpenLDAP (preferably set it
> so that you can get information about queries sent against the server),
> and have a look at what the logs say regarding schema violations. The
> logs will explicitly list what's violating the schema.
>
> One thing that comes to my mind is that perhaps you forgot to republish
> the CA when you assigned the publisher to it (iirc, the CRL updates
> will not create the entry in LDAP). Then again, seeing that you get
> schema violations, it might be more probable it's the reason I posted
> in one of the first posts.
>
> Once again - set-up the logging for OpenLDAP. It will help you in the
> long run with any issues you have with it.
>
> Best regards
>
> On Mon, 25 Nov 2013 09:04:27 +0300
> eilaf sorkatti <eil...@gm...
> <mailto:eil...@gm...>> wrote:
>
> > Yes, I read about this simliar problem before, and I setup the
> publisher
> > before creating the CA. but still I get same problem.
> >
> >
> > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny
> <yoh...@gm... <mailto:yoh...@gm...>> wrote:
> >
> > > As Branko said, if possible check OpenLDAP's Log File as well
> for further
> > > details concerning the error and post it along your reply. That
> may shed
> > > some light upon LDAP related issues.
> > >
> > > I thought maube I should add this, and even though I had never
> experienced
> > > that error before, but I recall from another user who came
> along a similar
> > > problem that he got it resolved by having to set up the
> Publisher before
> > > creating the CA for EJBCA to be able to store Certificates and
> CRLs to LDAP
> > > directories. If that happens to be the case, this may hint on
> the source of
> > > the error as well, which is more probably an issue on rather
> EJBCA's side,
> > > not OpenLDAP.
> > >
> > > Yousif Hussin
> > > National Information Center
> > > NIC Sudan
> > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti"
> <eil...@gm... <mailto:eil...@gm...>> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >> When I trying publish CA certificate to ldap the following
> error appear
> > >> in jboss log:
> > >>
> > >> Too large comment for LogEntry was truncated. The full
> comment was:
> > >> Error when publishing to Publisher, fingerprint: CRL.,
> Exception: LDAP
> > >> ERROR: Error storing CRL (certificateRevocationList;binary) in
> LDAP
> > >> (top;applicationProcess;certificationAuthority) for DN
> > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > >>
> > >>
> > >> I can publish user certificates successfully but i have
> problems with CA
> > >> certificate publishing.
> > >>
> > >>
> > >>
>
> --
> Branko Majic
> Jabber: br...@ma... <mailto:br...@ma...>
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma... <mailto:br...@ma...>
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and
> game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign
> up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> <mailto:Ejb...@li...>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
>
>
> --
> Eilaf Hamad Elnil Mugbil
> University Of Khartoum
> School Of Mathematical science
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
|
|
From: eilaf s. <eil...@gm...> - 2013-11-25 12:46:52
|
Hi,
Thanks for reply, Here is my ldap server log:
>>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
<<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
==>backsql_add("cn=testCA,o=test,c=SW")
oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
"applicationProcess"
oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
"certificationAuthority-V2"
Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
requires attribute 'cACertificate'
backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
aborting
send_ldap_result: conn=5305 op=1 p=3
send_ldap_response: msgid=1918 tag=105 err=65
ber_flush2: 90 bytes to sd 14
<==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
'certificationAuthority-V2' requires attribute 'cACertificate'"
daemon: activity on 1 descriptor
daemon: activity on: 14r
daemon: read active on 14
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_get(14): got connid=5305
connection_read(14): checking for input on id=5305
ber_get_next
ber_get_next: tag 0x30 len 6 contents:
op tag 0x42, time 1385394025
ber_get_next
ber_get_next on fd 14 failed errno=0 (Success)
connection_read(14): input error=-2 id=5305, closing.
connection_closing: readying conn=5305 sd=14 for close
connection_close: deferring conn=5305 sd=14
daemon: activity on 1 descriptor
conn=5305 op=2 do_unbind
daemon: activity on:
daemon: epoll: listen=7 active_threads=0 tvp=NULL
daemon: epoll: listen=8 active_threads=0 tvp=NULL
connection_resched: attempting closing conn=5305 sd=14
connection_close: conn=5305 sd=14
daemon: removing 14
And this is my JBOSS Log:
Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
(top;applicationProcess;certificationAuthority-V2) for DN
(CN=testCA,o=test,c=SW). Message: Object Class Violation.
at
org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
at
org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at
org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:616)
at
org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
at
org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
... 230 more
On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...> wrote:
> Once again - you should set-up logging for OpenLDAP (preferably set it
> so that you can get information about queries sent against the server),
> and have a look at what the logs say regarding schema violations. The
> logs will explicitly list what's violating the schema.
>
> One thing that comes to my mind is that perhaps you forgot to republish
> the CA when you assigned the publisher to it (iirc, the CRL updates
> will not create the entry in LDAP). Then again, seeing that you get
> schema violations, it might be more probable it's the reason I posted
> in one of the first posts.
>
> Once again - set-up the logging for OpenLDAP. It will help you in the
> long run with any issues you have with it.
>
> Best regards
>
> On Mon, 25 Nov 2013 09:04:27 +0300
> eilaf sorkatti <eil...@gm...> wrote:
>
> > Yes, I read about this simliar problem before, and I setup the publisher
> > before creating the CA. but still I get same problem.
> >
> >
> > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny <yoh...@gm...>
> wrote:
> >
> > > As Branko said, if possible check OpenLDAP's Log File as well for
> further
> > > details concerning the error and post it along your reply. That may
> shed
> > > some light upon LDAP related issues.
> > >
> > > I thought maube I should add this, and even though I had never
> experienced
> > > that error before, but I recall from another user who came along a
> similar
> > > problem that he got it resolved by having to set up the Publisher
> before
> > > creating the CA for EJBCA to be able to store Certificates and CRLs to
> LDAP
> > > directories. If that happens to be the case, this may hint on the
> source of
> > > the error as well, which is more probably an issue on rather EJBCA's
> side,
> > > not OpenLDAP.
> > >
> > > Yousif Hussin
> > > National Information Center
> > > NIC Sudan
> > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...>
> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >> When I trying publish CA certificate to ldap the following error
> appear
> > >> in jboss log:
> > >>
> > >> Too large comment for LogEntry was truncated. The full comment was:
> > >> Error when publishing to Publisher, fingerprint: CRL., Exception: LDAP
> > >> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> > >> (top;applicationProcess;certificationAuthority) for DN
> > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> > >>
> > >>
> > >> I can publish user certificates successfully but i have problems with
> CA
> > >> certificate publishing.
> > >>
> > >>
> > >>
>
> --
> Branko Majic
> Jabber: br...@ma...
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma...
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
--
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science
|
|
From: Branko M. <br...@ma...> - 2013-11-25 09:07:27
|
Once again - you should set-up logging for OpenLDAP (preferably set it so that you can get information about queries sent against the server), and have a look at what the logs say regarding schema violations. The logs will explicitly list what's violating the schema. One thing that comes to my mind is that perhaps you forgot to republish the CA when you assigned the publisher to it (iirc, the CRL updates will not create the entry in LDAP). Then again, seeing that you get schema violations, it might be more probable it's the reason I posted in one of the first posts. Once again - set-up the logging for OpenLDAP. It will help you in the long run with any issues you have with it. Best regards On Mon, 25 Nov 2013 09:04:27 +0300 eilaf sorkatti <eil...@gm...> wrote: > Yes, I read about this simliar problem before, and I setup the publisher > before creating the CA. but still I get same problem. > > > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny <yoh...@gm...> wrote: > > > As Branko said, if possible check OpenLDAP's Log File as well for further > > details concerning the error and post it along your reply. That may shed > > some light upon LDAP related issues. > > > > I thought maube I should add this, and even though I had never experienced > > that error before, but I recall from another user who came along a similar > > problem that he got it resolved by having to set up the Publisher before > > creating the CA for EJBCA to be able to store Certificates and CRLs to LDAP > > directories. If that happens to be the case, this may hint on the source of > > the error as well, which is more probably an issue on rather EJBCA's side, > > not OpenLDAP. > > > > Yousif Hussin > > National Information Center > > NIC Sudan > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...> wrote: > > > >> Hi, > >> > >> > >> When I trying publish CA certificate to ldap the following error appear > >> in jboss log: > >> > >> Too large comment for LogEntry was truncated. The full comment was: > >> Error when publishing to Publisher, fingerprint: CRL., Exception: LDAP > >> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP > >> (top;applicationProcess;certificationAuthority) for DN > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. > >> > >> > >> I can publish user certificates successfully but i have problems with CA > >> certificate publishing. > >> > >> > >> -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
|
From: eilaf s. <eil...@gm...> - 2013-11-25 06:04:34
|
Yes, I read about this simliar problem before, and I setup the publisher before creating the CA. but still I get same problem. On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny <yoh...@gm...> wrote: > As Branko said, if possible check OpenLDAP's Log File as well for further > details concerning the error and post it along your reply. That may shed > some light upon LDAP related issues. > > I thought maube I should add this, and even though I had never experienced > that error before, but I recall from another user who came along a similar > problem that he got it resolved by having to set up the Publisher before > creating the CA for EJBCA to be able to store Certificates and CRLs to LDAP > directories. If that happens to be the case, this may hint on the source of > the error as well, which is more probably an issue on rather EJBCA's side, > not OpenLDAP. > > Yousif Hussin > National Information Center > NIC Sudan > On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...> wrote: > >> Hi, >> >> >> When I trying publish CA certificate to ldap the following error appear >> in jboss log: >> >> Too large comment for LogEntry was truncated. The full comment was: >> Error when publishing to Publisher, fingerprint: CRL., Exception: LDAP >> ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP >> (top;applicationProcess;certificationAuthority) for DN >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. >> >> >> I can publish user certificates successfully but i have problems with CA >> certificate publishing. >> >> >> >> -- >> Eilaf Hamad Elnil Mugbil >> University Of Khartoum >> School Of Mathematical science >> >> >> ------------------------------------------------------------------------------ >> Shape the Mobile Experience: Free Subscription >> Software experts and developers: Be at the forefront of tech innovation. >> Intel(R) Software Adrenaline delivers strategic insight and game-changing >> conversations that shape the rapidly evolving mobile landscape. Sign up >> now. >> >> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up > now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
|
From: Michael S. <mi...@st...> - 2013-11-24 15:46:33
|
eilaf sorkatti wrote: > *i am not good in schema design so I want to use any schmea that allow me > to publish CA certificates CRL and user certificates via EJBCA. * > > *I am using mysql DB as backend. and I use the sample schema inside > openldap-2.4.26/servers/slapd/back-sql/rdbms_depend/mysql* This is rather an OpenLDAP question and therefore it's rather off-topic here. Before asking on openldap-technical mailing list you should examine your active subschema by fetching it from the running server: http://www.openldap.org/faq/data/cache/1366.html Ciao, Michael. |
|
From: Yousif J. <yoh...@gm...> - 2013-11-24 08:14:50
|
As Branko said, if possible check OpenLDAP's Log File as well for further details concerning the error and post it along your reply. That may shed some light upon LDAP related issues. I thought maube I should add this, and even though I had never experienced that error before, but I recall from another user who came along a similar problem that he got it resolved by having to set up the Publisher before creating the CA for EJBCA to be able to store Certificates and CRLs to LDAP directories. If that happens to be the case, this may hint on the source of the error as well, which is more probably an issue on rather EJBCA's side, not OpenLDAP. Yousif Hussin National Information Center NIC Sudan On Nov 20, 2013 2:10 PM, "eilaf sorkatti" <eil...@gm...> wrote: > Hi, > > > When I trying publish CA certificate to ldap the following error appear in > jboss log: > > Too large comment for LogEntry was truncated. The full comment was: Error > when publishing to Publisher, fingerprint: CRL., Exception: LDAP ERROR: > Error storing CRL (certificateRevocationList;binary) in LDAP > (top;applicationProcess;certificationAuthority) for DN > (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. > > > I can publish user certificates successfully but i have problems with CA > certificate publishing. > > > > -- > Eilaf Hamad Elnil Mugbil > University Of Khartoum > School Of Mathematical science > > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up > now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > |
|
From: eilaf s. <eil...@gm...> - 2013-11-24 07:11:49
|
*i am not good in schema design so I want to use any schmea that allow me to publish CA certificates CRL and user certificates via EJBCA. * *I am using mysql DB as backend. and I use the sample schema inside openldap-2.4.26/servers/slapd/back-sql/rdbms_depend/mysql* *Can any one figure out what is my problem?* On Wed, Nov 20, 2013 at 9:29 PM, Michael Ströder <mi...@st...>wrote: > eilaf sorkatti wrote: > > I forget to mension that, i am using openldap and the default schema. > > Whatever "default schema" means for you. > > Likely you forgot to install a schema needed. > > Ciao, Michael. > > > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up > now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
|
From: Fatih D. <fat...@gm...> - 2013-11-23 13:54:03
|
Thanks Tomas Regards fatih 2013/11/23 Tomas Gustavsson <to...@pr...> > > Listing the contents of a keystore is not the same as listing keys. > the keystore -list will only display certificates and not private keys. > > Normally the certificates are not considered sensitive and thus not > confidentialty protected. What is important in a PKI is to keep the > private key secure, and this it is. > > You can try yourself to use any command that would use the private key, > it does not work without the password. > > Cheers, > Tomas > ----- > PrimeKey Solutions offers commercial EJBCA and SignServer support > subscriptions and training courses. Please see www.primekey.se or > contact in...@pr... for more information. > http://www.primekey.se/Services/Support/ > http://www.primekey.se/Services/Training/ > > > On 11/28/2013 05:36 PM, Fatih Deniz wrote: > > Hi, > > > > i have a question about keytool -list command. We generated and > downloaded a keystore from ejbca public webpage. in order to verify the > keys and aliases in the keystore we used keytool -list command. During this > process we observed that even without the keystore password we can read the > keys inside. The only difference between entering password or giving empty > password is there is a warning message stating that the integrity of the > keystore is being protected with password. > > > > We thought we will not be able to see the keys inside keystore without > password and password provides confidentialty as well as integrity, but we > can see the keys. > > > > İs this because of a konfiguration we need to change, or is this the > expected behavior? Our file format is jks. May it be different for p12 > files? > > > > Thanks, > > Fatih > > > ------------------------------------------------------------------------------ > > Shape the Mobile Experience: Free Subscription > > Software experts and developers: Be at the forefront of tech innovation. > > Intel(R) Software Adrenaline delivers strategic insight and game-changing > > conversations that shape the rapidly evolving mobile landscape. Sign up > now. > > > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up > now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Tomas G. <to...@pr...> - 2013-11-23 10:03:19
|
Listing the contents of a keystore is not the same as listing keys. the keystore -list will only display certificates and not private keys. Normally the certificates are not considered sensitive and thus not confidentialty protected. What is important in a PKI is to keep the private key secure, and this it is. You can try yourself to use any command that would use the private key, it does not work without the password. Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 11/28/2013 05:36 PM, Fatih Deniz wrote: > Hi, > > i have a question about keytool -list command. We generated and downloaded a keystore from ejbca public webpage. in order to verify the keys and aliases in the keystore we used keytool -list command. During this process we observed that even without the keystore password we can read the keys inside. The only difference between entering password or giving empty password is there is a warning message stating that the integrity of the keystore is being protected with password. > > We thought we will not be able to see the keys inside keystore without password and password provides confidentialty as well as integrity, but we can see the keys. > > İs this because of a konfiguration we need to change, or is this the expected behavior? Our file format is jks. May it be different for p12 files? > > Thanks, > Fatih > ------------------------------------------------------------------------------ > Shape the Mobile Experience: Free Subscription > Software experts and developers: Be at the forefront of tech innovation. > Intel(R) Software Adrenaline delivers strategic insight and game-changing > conversations that shape the rapidly evolving mobile landscape. Sign up now. > http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Fatih D. <fat...@gm...> - 2013-11-22 16:36:49
|
Hi, i have a question about keytool -list command. We generated and downloaded a keystore from ejbca public webpage. in order to verify the keys and aliases in the keystore we used keytool -list command. During this process we observed that even without the keystore password we can read the keys inside. The only difference between entering password or giving empty password is there is a warning message stating that the integrity of the keystore is being protected with password. We thought we will not be able to see the keys inside keystore without password and password provides confidentialty as well as integrity, but we can see the keys. İs this because of a konfiguration we need to change, or is this the expected behavior? Our file format is jks. May it be different for p12 files? Thanks, Fatih |
|
From: Branko M. <br...@ma...> - 2013-11-21 09:39:44
|
On Wed, 20 Nov 2013 14:10:31 +0300 eilaf sorkatti <eil...@gm...> wrote: > Hi, > > > When I trying publish CA certificate to ldap the following error appear in > jboss log: > > Too large comment for LogEntry was truncated. The full comment was: Error > when publishing to Publisher, fingerprint: CRL., Exception: LDAP ERROR: > Error storing CRL (certificateRevocationList;binary) in LDAP > (top;applicationProcess;certificationAuthority) for DN > (CN=testCA1,O=TR,C=SW). Message: Object Class Violation. > > > I can publish user certificates successfully but i have problems with CA > certificate publishing. > In cases like this usually the LDAP servers log can help you the most to figure out the underlying reason. In your particular case, it could be that EJBCA is trying to store the organisation information, and neither applicationProcess nor certificationAuthority object classes support it (the 'O' attribute). Once again, though check your LDAP servers logs first. Best regards -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
106 messages has been excluded from this view by a project administrator.
