ejbca-develop — Development discussions

[Ejbca-develop] Problem using IAIK

[Valerie B. <val...@bu...>]

HI,

I try to use EJBCA with a HSM not already tested by EJBCA (crypt2protect from Bull)
I can generate a CA using SUN PKCS11 provider
But when I try it with IAIK provider I get the following error:

Erreur : l'autorisation du token d'AC a échoué.

Failed to initialize PKCS11 provider slot '0'.
Private Exponent value is sensitive.


Of course private exponent is sensitive and cannot be extracted ! So why ejbca tries to extract it ?
Log file gives the following trace :

ERROR [org.ejbca.core.model.ca.catoken.PKCS11CAToken] (http-0.0.0.0-44328-1) Failed to initialize PKCS11 provider slot '0'.
java.lang.UnsupportedOperationException: Private Exponent value is sensitive.
        at iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11RsaPrivateKey.getPrivateExponent(IAIKPKCS11RsaPrivateKey.java:251)
        at org.ejbca.util.keystore.KeyTools.isPrivateKeyExtractable(KeyTools.java:1063)
        at org.ejbca.core.model.ca.catoken.BaseCAToken.testKey(BaseCAToken.java:97)
        at org.ejbca.core.model.ca.catoken.BaseCAToken.setKeys(BaseCAToken.java:142)
        at org.ejbca.core.model.ca.catoken.PKCS11CAToken.activate(PKCS11CAToken.java:93)
        at org.ejbca.core.model.ca.catoken.CATokenContainerImpl.activate(CATokenContainerImpl.java:302)
        at org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCA(CAAdminSessionBean.java:249)

Valérie

Re: [Ejbca-develop] ant install failure: javax.naming.NameNotFoundException: ejbca not bound

[Herman V. <hv...@gm...>]

Hi Kevin, have you checked your database connection from JBoss ??, check
drivers and connection. What database are you using?

Cheers.

On Wed, Jan 23, 2013 at 11:16 PM, 孙伟 <kev...@gm...> wrote:

> Hello,
>
> I am a tester who is new to EJBCA. Recently I was trying to install EJBCA
> on CentOS 6.2 box. The "ant bootstrap" process is OK, while I encountered
> the problem with "ant install": javax.naming.NameNotFoundException: ejbca
> not bound, and this cause the batch generation failure. Searched online
> that this may be the issue of database binding, and that is why I found my
> ejbca database with empty table.
>
> My environment:
> CentOS 6.2
> java-1.6.0-openjdk
> apache-ant-1.8.4
> jboss-5.1.0-GA-jdk6
>
> Thanks in advance!
> Kevin
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnnow-d2d
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>


-- 
Herman  Vega  Jara
hvegax[a]gmail.com

[Ejbca-develop] ant install failure: javax.naming.NameNotFoundException: ejbca not bound

[孙伟 <kev...@gm...>]

Hello,

I am a tester who is new to EJBCA. Recently I was trying to install EJBCA
on CentOS 6.2 box. The "ant bootstrap" process is OK, while I encountered
the problem with "ant install": javax.naming.NameNotFoundException: ejbca
not bound, and this cause the batch generation failure. Searched online
that this may be the issue of database binding, and that is why I found my
ejbca database with empty table.

My environment:
CentOS 6.2
java-1.6.0-openjdk
apache-ant-1.8.4
jboss-5.1.0-GA-jdk6

Thanks in advance!
Kevin

Re: [Ejbca-develop] EJBCA with Java 7 and Open Training

[Tomas G. <to...@pr...>]

You would be surprised how much work it is to get a complex application, 
as EJBCA, to run on a new architecture such as JBoss 7.

You can just see the size of https://jira.primekey.se/browse/ECA-2066.

For example it would be completely infeasible to get EJBCA 4 running on 
JBoss. Even for a very sharp developer it is several months of work, 
without extensive testing.

The good news is that we have everything up and running "in the lab". 
Still it will be a number of months before you can reap the benefits.

Cheers
Tomas

On 01/20/2013 07:35 PM, Hans Witvliet wrote:
> On Fri, 2013-01-18 at 09:01 +0100, Tomas Gustavsson wrote:
>> Hi,
>>
>> I made a test run of all current versions of EJBCA (4.0, 5.0) on Java 7.
>> It seems to work fine. The biggest issue is to find a good version of
>> JBoss running on Java 7.
>>
>> For EJBCA 4 we still recommend JBoss 5. The freely downloadable
>> JBoss-5.1.0.GA-jdk6 does not work with Java 7 unfortunately. RedHat has
>> a patch for JBoss EAP5 though, JBPAPP-8693.zip that makes everything run
>> fine with Java 7.
>>
>> 2013 will be a year with more Java 7 work, you can look forward to full
>> support for JBoss 7 and Java 7 later this year.
>
> Hi Tomas,
>
> We know that it's a difficult step to take,and you certainly need enough
> time for doing a lot of testing...
>
> However, when looking at:
> http://hwellmann.blogspot.com/2011/10/jboss-as-7-catching-up-with-java-ee-6.html
>
> It's clear that jboss-7 will be welcomed with open arms..
>
> hw
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_123012
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] EJBCA with Java 7 and Open Training

[Hans W. <hw...@a-...>]

On Fri, 2013-01-18 at 09:01 +0100, Tomas Gustavsson wrote:
> Hi,
> 
> I made a test run of all current versions of EJBCA (4.0, 5.0) on Java 7. 
> It seems to work fine. The biggest issue is to find a good version of 
> JBoss running on Java 7.
> 
> For EJBCA 4 we still recommend JBoss 5. The freely downloadable 
> JBoss-5.1.0.GA-jdk6 does not work with Java 7 unfortunately. RedHat has 
> a patch for JBoss EAP5 though, JBPAPP-8693.zip that makes everything run 
> fine with Java 7.
> 
> 2013 will be a year with more Java 7 work, you can look forward to full 
> support for JBoss 7 and Java 7 later this year.

Hi Tomas,

We know that it's a difficult step to take,and you certainly need enough
time for doing a lot of testing...

However, when looking at:
http://hwellmann.blogspot.com/2011/10/jboss-as-7-catching-up-with-java-ee-6.html

It's clear that jboss-7 will be welcomed with open arms..

hw

Re: [Ejbca-develop] CRL Certificate checl status

[Tomas G. <to...@pr...>]

On 01/17/2013 02:40 PM, Marcos Fontana wrote:
> Morning Tomas,
>
> Analyze the following case:
>
> I created this certificate chain: Root>CA>SubCA>EndEntity1Certificate. All
> of them was imported to the browser.
>
> I signed a PDF using SignServer. In the document, we can verify the
> signature and the Certificate Issuer. Here, is all OK.
>
> Now, for a test case.
>
> I revoked the certificate EndEntity1Certificate, generate the CRL by
> AdminGUI and imported to the browser. When I verify the certificate by
> "Check Certificate Status" on the Miscellaneous menu, the status of it is
> REVOKED, but when I access the "List User's Certificates" and in the same
> certificate access "Check if Certificate is Revoked", the status is "Not
> Revoked". Is it right?

You are probably entering the wrong information in the fields. Note that 
it says "IssuerDN" not "SubjectDN".

> And after I sign another document with the certificate revoked, when I check
> the document, the status is "The Signature is Valid". There is some trick to
> use CRL?
>
> Regards
>
> -----
> Nenhum virus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versao: 2013.0.2890 / Banco de dados de virus: 2639/6038 - Data de
> Lancamento: 01/16/13
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. ON SALE this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122712
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

[Ejbca-develop] EJBCA with Java 7 and Open Training

[Tomas G. <to...@pr...>]

Hi,

I made a test run of all current versions of EJBCA (4.0, 5.0) on Java 7. 
It seems to work fine. The biggest issue is to find a good version of 
JBoss running on Java 7.

For EJBCA 4 we still recommend JBoss 5. The freely downloadable 
JBoss-5.1.0.GA-jdk6 does not work with Java 7 unfortunately. RedHat has 
a patch for JBoss EAP5 though, JBPAPP-8693.zip that makes everything run 
fine with Java 7.

2013 will be a year with more Java 7 work, you can look forward to full 
support for JBoss 7 and Java 7 later this year.

Finally I'd like to mention that there is an open training at PrimeKey 
on the 10-14Feb, with a chance to look at Common Criteria certified PKI.
For more info, visit.
http://www.primekey.se/

Cheers,
Tomas
**********
PrimeKey Solutions AB
Anderstorpsvägen 16, 171 54 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********

[Ejbca-develop] CRL Certificate checl status

[Marcos F. <mar...@ho...>]

Morning Tomas,

Analyze the following case:

I created this certificate chain: Root>CA>SubCA>EndEntity1Certificate. All
of them was imported to the browser.

I signed a PDF using SignServer. In the document, we can verify the
signature and the Certificate Issuer. Here, is all OK.

Now, for a test case.

I revoked the certificate EndEntity1Certificate, generate the CRL by
AdminGUI and imported to the browser. When I verify the certificate by
"Check Certificate Status" on the Miscellaneous menu, the status of it is
REVOKED, but when I access the "List User's Certificates" and in the same
certificate access "Check if Certificate is Revoked", the status is "Not
Revoked". Is it right?

And after I sign another document with the certificate revoked, when I check
the document, the status is "The Signature is Valid". There is some trick to
use CRL?

Regards

-----
Nenhum virus encontrado nessa mensagem.
Verificado por AVG - www.avgbrasil.com.br
Versao: 2013.0.2890 / Banco de dados de virus: 2639/6038 - Data de
Lancamento: 01/16/13

Re: [Ejbca-develop] Error in the OCSP Responder

[Tomas G. <to...@pr...>]

You need to set up an OCSP responder and simply change the part where 
the OCSP signer certificate is issued. In the install docs it is issued 
by a CA in EJBCA, you need to get the OCSP signer certificate issued by 
your CA.

On 01/10/2013 07:25 AM, M.G.R wrote:
>
> Hi Juan,
>
> What ur saying is
> 1. creating CA using EJBCA GUI and publish the CA
> 2. Create the user certificate under that CA(i.e user certificate issued by
> the published CA)
>
> and doing the testing. This was working for me also.
>
> But I am asking that I have a CA which is not issued and published by ejbca
> that CA issued n no of certificates. whether it is possible to handle this
> by the OCSP Responder of ejbca (i.e Validate the issued user certtifcate
> which is published by external CA). If possible means how?
>
>
>
> Juan Caracoche-2 wrote:
>>
>> You are a lucky guy!. Yesterday I spent 2 hour reading the installation
>> Instructions and in 1 hour I got the OCSP working in the first attempt
>> (weird on systems world!)
>>
>> I wrote down all the steeps to replicate the installation in other
>> environment. Here are the steps done (assuming you have done the Jboss and
>> EJBCA installation property) :
>>
>> ON OCSP NODE 1 and 2
>> ===================
>>
>> 1- DB Creation
>>
>> mysql> create database ejbca;
>> mysql> create user ejbca;
>> mysql> grant all on ejbca.* to 'ejbca'@'%' identified by 'ejbca';
>> mysql> grant all on ejbca.* to 'ejbca'@'localhost' identified by 'ejbca';
>> mysql> flush privileges;
>>
>> 2- Edit Properties files
>>
>> $ cd
>> $ mkdir -p ejbca-custom/conf
>> $ cp ejbca/conf/ejbca.properties.sample ejbca-custom/conf/ejbca.properties
>> $ vi ejbca-custom/conf/ejbca.properties
>>
>> appserver.home=/home/jboss/jboss
>> ejbca.productionmode=ocsp
>>
>> $ cp ejbca/conf/database.properties.sample
>> ejbca-custom/conf/database.properties
>> $ vi ejbca-custom/conf/database.properties
>>
>> datasource.jndi-name=EjbcaDS
>> database.name=mysql
>> database.url=jdbc:mysql://localhost:3306/ejbca
>> database.driver=com.mysql.jdbc.Driver
>> database.username=ejbca
>> database.password=ejbca
>>
>> $ cp ejbca/conf/ocsp.properties.sample ejbca-custom/conf/ocsp.properties
>> $ vi ejbca-custom/conf/ocsp.properties
>>
>> ocsp.defaultresponder=CN=ocsp.example.com,L=Buenos Aires,C=AR
>> ocsp.restrictsignatures=true
>> ocsp.restrictsignaturesbymethod=issuer
>> ocsp.signtrustdir=/home/jboss/ejbca/cas
>> ocsp.signtrustvalidtime=1800
>> ocsp.keys.dir=/home/jboss/ejbca/keys
>> ocsp.keys.storePassword=ejbca
>> ocsp.keys.keyPassword=ejbca
>>
>> $ mkdir /home/jboss/ejbca/keys
>> $ mkdir /home/jboss/ejbca/cas
>>
>>
>> $ cp ejbca/conf/web.properties.sample ejbca-custom/conf/web.properties
>> $ vi ejbca-custom/conf/web.properties
>>
>> httpsserver.hostname=ocsp.buenosaires.gob.ar
>> httpsserver.dn=CN=${httpsserver.hostname},L=Buenos Aires,C=AR
>>
>>
>> 3- Create cert for OCSP
>> a) Create a User Profile (OCSP)
>>     - From Admin CA Web Console
>>     - Go Edit End Entity Profiles
>>     - Write OCSP in Add Profile edit box and press Add
>>     - Select the OCSP from the list and press Edit End Entity Profile
>>     - Select OCSPSIGNER  on Default Certificate Profile
>>     - In Available Certificate Profiles choose OCSPSIGNER
>>     - In Available CAs select what you want
>>     - In Default Token seleccionar P12 file (I will use soft tokens)
>>     - In Available Tokens seleccionar p12, jks y pem
>>     - Save
>> b) Create a user with this new profile
>>     - From Admin CA Web Console
>>     - Go Add End Entity
>>     - Select OCSP as End Entity
>>     - username: ocsp
>>     - password: ejbca
>>     - CN: ocsp.example.com
>>     - Certificate Profile: OCSPSIGNER
>>     - Token P12 file
>>     - Add
>> c) Generate the cert
>>     - From Public CA's web
>>     - Create Browser Certificate
>>     - login ocsp/ejbca
>>     - Select 2048bits for key lenght
>>     - P12 as token
>>     - Gen cert
>>
>> 4- Install the cert in OCSP
>>     - Copy the generated cert in  /home/jboss/ejbca/keys
>>     - Copy CA cert (PEM format) in /home/jboss/ejbca/cas
>>
>> 5- Build
>> $ cd
>> $ cd ejbca
>> $ ant bootstarp
>> # service jboss start
>> $ ant install
>> # service jboss stop
>> $ ant va-deploy
>> # service jboss start
>>
>> IN THE CA
>> =========
>>
>> 1- Config VA-PUBLISHER
>>
>> $ cp ejbca/conf/va-publisher.properties.sample
>> ejbca-custom/conf/va-publisher.properties
>> $ vi ejbca-custom/conf/va-publisher.properties
>>
>> ocsp-datasource.jndi-name=OcspDS
>> ocsp-database.url=jdbc:mysql://ocsp1.example.com:3306/ejbca
>> ocsp-database.driver=com.mysql.jdbc.Driver
>> ocsp-database.username=ejbca
>> ocsp-database.password=ejbca
>>
>>
>> 2- Deploy changes
>>
>> $ ant deploy
>>
>> (If you have more than 1 OCSP)
>>
>> $ cp $JBOSS_HOME/server/default/deploy/ocsp-ds.xml
>> $JBOSS_HOME/server/default/deploy/ocsp2-ds.xml
>> $ vi $JBOSS_HOME/server/default/deploy/ocsp2-ds.xml
>>
>> <jndi-name>Ocsp2DS</jndi-name>
>>        <connection-url>jdbc:mysql://ocsp2.example.com:3306/ejbca
>> </connection-url>
>> Agragado del DS para el OCSP-2
>>
>>
>> 3- Create Publisher
>> In the CA you should add as many publisher as OCSP responders you have
>>
>> - From Admin CA Web Console
>> - Go to Edit Publishers
>> - Enter name OCSPX (where X is the OCSP number) and press Add
>> - Select the publisher and press Edit Publisher
>> - Select Publisher Type as Validation Authority Publisher
>> - Select "No direct publishing, only use queue", "Use queue for CRLs",
>> "Use
>> queue for certificates"
>> - Save
>>
>> 4- Attach the publisher with the profiles
>> - From Admin CA Web Console
>> - Edit Certificate Profile
>> - Select your profile
>> - Press Edit
>> - In Publishers Seleccionar  Select  OCSPX (all X)
>> - Save
>>
>> 5- Create/Modify Publishing Service
>> - From Admin CA Web Console
>> - Go Edit Services
>> - Enter name Re-Publisher
>> - Press Add
>> - Select Republisher and press Edit
>> - Select Publish Queue Process Service
>> - Select all queues
>> - Period: 2 minutes
>> - Check Active
>> - Save
>>
>> DB Migration baseline
>> ================
>> On CA DB node
>> # mysqldump  -p --compress ejbca CertificateData > CertificateData.dat
>> # mysqldump  -p --compress ejbca CRLData > CRLData.dat
>>
>> # cat CertificateData.dat | mysql -h ocsp1 -u ejbca -b ejbca -p
>> # cat CRLData.dat | mysql -h ocsp1 -u ejbca -b ejbca -p
>>
>>
>>
>> TEST
>> ====
>> I tested with this command
>>
>> $ openssl ocsp -url
>> http://ocsp1.example.com:8080/ejbca/publicweb/status/ocsp -issuer
>> CA.cacert.pem -cert user.pem
>>
>>
>>
>>
>> 2013/1/9 M.G.R <mg....@ni...>
>>
>>>
>>> while requesting for validating the certificate issued by external CA
>>> using
>>> openssl OCSP client shows the following error in the OCSP server side
>>>
>>> ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
>>> Error processing OCSP request. Message: java.lang.RuntimeException:
>>> java.lang.NullPointerException.
>>>
>>> &
>>>
>>> Shows the following error in the client side
>>>
>>> Error querying OCSP responsder
>>>
>>> is there any way to trace the problem. please help me.
>>>
>>>
>>> Thanks in advance.
>>>
>>> --
>>> View this message in context:
>>> http://old.nabble.com/Error-in-the-OCSP-Responder-tp34877232p34877232.html
>>> Sent from the EjbCA - Dev mailing list archive at Nabble.com.
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
>>> and much more. Keep your Java skills current with LearnJavaNow -
>>> 200+ hours of step-by-step video tutorials by Java experts.
>>> SALE $49.99 this month only -- learn more at:
>>> http://p.sf.net/sfu/learnmore_122612
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>
>>
>>
>> --
>>
>>
>>
>> Juan Caracoche | Business Developer
>> jua...@re...
>> Mobile: +54.911.4198.8941
>> www.redb.ee
>>
>> ------------------------------------------------------------------------------
>> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
>> and much more. Keep your Java skills current with LearnJavaNow -
>> 200+ hours of step-by-step video tutorials by Java experts.
>> SALE $49.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122612
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>>
>

Re: [Ejbca-develop] Error in the OCSP Responder

[M.G.R <mg....@ni...>]

Hi Juan,

What ur saying is 
1. creating CA using EJBCA GUI and publish the CA 
2. Create the user certificate under that CA(i.e user certificate issued by
the published CA)

and doing the testing. This was working for me also.

But I am asking that I have a CA which is not issued and published by ejbca
that CA issued n no of certificates. whether it is possible to handle this
by the OCSP Responder of ejbca (i.e Validate the issued user certtifcate
which is published by external CA). If possible means how?



Juan Caracoche-2 wrote:
> 
> You are a lucky guy!. Yesterday I spent 2 hour reading the installation
> Instructions and in 1 hour I got the OCSP working in the first attempt
> (weird on systems world!)
> 
> I wrote down all the steeps to replicate the installation in other
> environment. Here are the steps done (assuming you have done the Jboss and
> EJBCA installation property) :
> 
> ON OCSP NODE 1 and 2
> ===================
> 
> 1- DB Creation
> 
> mysql> create database ejbca;
> mysql> create user ejbca;
> mysql> grant all on ejbca.* to 'ejbca'@'%' identified by 'ejbca';
> mysql> grant all on ejbca.* to 'ejbca'@'localhost' identified by 'ejbca';
> mysql> flush privileges;
> 
> 2- Edit Properties files
> 
> $ cd
> $ mkdir -p ejbca-custom/conf
> $ cp ejbca/conf/ejbca.properties.sample ejbca-custom/conf/ejbca.properties
> $ vi ejbca-custom/conf/ejbca.properties
> 
> appserver.home=/home/jboss/jboss
> ejbca.productionmode=ocsp
> 
> $ cp ejbca/conf/database.properties.sample
> ejbca-custom/conf/database.properties
> $ vi ejbca-custom/conf/database.properties
> 
> datasource.jndi-name=EjbcaDS
> database.name=mysql
> database.url=jdbc:mysql://localhost:3306/ejbca
> database.driver=com.mysql.jdbc.Driver
> database.username=ejbca
> database.password=ejbca
> 
> $ cp ejbca/conf/ocsp.properties.sample ejbca-custom/conf/ocsp.properties
> $ vi ejbca-custom/conf/ocsp.properties
> 
> ocsp.defaultresponder=CN=ocsp.example.com,L=Buenos Aires,C=AR
> ocsp.restrictsignatures=true
> ocsp.restrictsignaturesbymethod=issuer
> ocsp.signtrustdir=/home/jboss/ejbca/cas
> ocsp.signtrustvalidtime=1800
> ocsp.keys.dir=/home/jboss/ejbca/keys
> ocsp.keys.storePassword=ejbca
> ocsp.keys.keyPassword=ejbca
> 
> $ mkdir /home/jboss/ejbca/keys
> $ mkdir /home/jboss/ejbca/cas
> 
> 
> $ cp ejbca/conf/web.properties.sample ejbca-custom/conf/web.properties
> $ vi ejbca-custom/conf/web.properties
> 
> httpsserver.hostname=ocsp.buenosaires.gob.ar
> httpsserver.dn=CN=${httpsserver.hostname},L=Buenos Aires,C=AR
> 
> 
> 3- Create cert for OCSP
> a) Create a User Profile (OCSP)
>    - From Admin CA Web Console
>    - Go Edit End Entity Profiles
>    - Write OCSP in Add Profile edit box and press Add
>    - Select the OCSP from the list and press Edit End Entity Profile
>    - Select OCSPSIGNER  on Default Certificate Profile
>    - In Available Certificate Profiles choose OCSPSIGNER
>    - In Available CAs select what you want
>    - In Default Token seleccionar P12 file (I will use soft tokens)
>    - In Available Tokens seleccionar p12, jks y pem
>    - Save
> b) Create a user with this new profile
>    - From Admin CA Web Console
>    - Go Add End Entity
>    - Select OCSP as End Entity
>    - username: ocsp
>    - password: ejbca
>    - CN: ocsp.example.com
>    - Certificate Profile: OCSPSIGNER
>    - Token P12 file
>    - Add
> c) Generate the cert
>    - From Public CA's web
>    - Create Browser Certificate
>    - login ocsp/ejbca
>    - Select 2048bits for key lenght
>    - P12 as token
>    - Gen cert
> 
> 4- Install the cert in OCSP
>    - Copy the generated cert in  /home/jboss/ejbca/keys
>    - Copy CA cert (PEM format) in /home/jboss/ejbca/cas
> 
> 5- Build
> $ cd
> $ cd ejbca
> $ ant bootstarp
> # service jboss start
> $ ant install
> # service jboss stop
> $ ant va-deploy
> # service jboss start
> 
> IN THE CA
> =========
> 
> 1- Config VA-PUBLISHER
> 
> $ cp ejbca/conf/va-publisher.properties.sample
> ejbca-custom/conf/va-publisher.properties
> $ vi ejbca-custom/conf/va-publisher.properties
> 
> ocsp-datasource.jndi-name=OcspDS
> ocsp-database.url=jdbc:mysql://ocsp1.example.com:3306/ejbca
> ocsp-database.driver=com.mysql.jdbc.Driver
> ocsp-database.username=ejbca
> ocsp-database.password=ejbca
> 
> 
> 2- Deploy changes
> 
> $ ant deploy
> 
> (If you have more than 1 OCSP)
> 
> $ cp $JBOSS_HOME/server/default/deploy/ocsp-ds.xml
> $JBOSS_HOME/server/default/deploy/ocsp2-ds.xml
> $ vi $JBOSS_HOME/server/default/deploy/ocsp2-ds.xml
> 
> <jndi-name>Ocsp2DS</jndi-name>
>       <connection-url>jdbc:mysql://ocsp2.example.com:3306/ejbca
> </connection-url>
> Agragado del DS para el OCSP-2
> 
> 
> 3- Create Publisher
> In the CA you should add as many publisher as OCSP responders you have
> 
> - From Admin CA Web Console
> - Go to Edit Publishers
> - Enter name OCSPX (where X is the OCSP number) and press Add
> - Select the publisher and press Edit Publisher
> - Select Publisher Type as Validation Authority Publisher
> - Select "No direct publishing, only use queue", "Use queue for CRLs",
> "Use
> queue for certificates"
> - Save
> 
> 4- Attach the publisher with the profiles
> - From Admin CA Web Console
> - Edit Certificate Profile
> - Select your profile
> - Press Edit
> - In Publishers Seleccionar  Select  OCSPX (all X)
> - Save
> 
> 5- Create/Modify Publishing Service
> - From Admin CA Web Console
> - Go Edit Services
> - Enter name Re-Publisher
> - Press Add
> - Select Republisher and press Edit
> - Select Publish Queue Process Service
> - Select all queues
> - Period: 2 minutes
> - Check Active
> - Save
> 
> DB Migration baseline
> ================
> On CA DB node
> # mysqldump  -p --compress ejbca CertificateData > CertificateData.dat
> # mysqldump  -p --compress ejbca CRLData > CRLData.dat
> 
> # cat CertificateData.dat | mysql -h ocsp1 -u ejbca -b ejbca -p
> # cat CRLData.dat | mysql -h ocsp1 -u ejbca -b ejbca -p
> 
> 
> 
> TEST
> ====
> I tested with this command
> 
> $ openssl ocsp -url
> http://ocsp1.example.com:8080/ejbca/publicweb/status/ocsp -issuer
> CA.cacert.pem -cert user.pem
> 
> 
> 
> 
> 2013/1/9 M.G.R <mg....@ni...>
> 
>>
>> while requesting for validating the certificate issued by external CA
>> using
>> openssl OCSP client shows the following error in the OCSP server side
>>
>> ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
>> Error processing OCSP request. Message: java.lang.RuntimeException:
>> java.lang.NullPointerException.
>>
>> &
>>
>> Shows the following error in the client side
>>
>> Error querying OCSP responsder
>>
>> is there any way to trace the problem. please help me.
>>
>>
>> Thanks in advance.
>>
>> --
>> View this message in context:
>> http://old.nabble.com/Error-in-the-OCSP-Responder-tp34877232p34877232.html
>> Sent from the EjbCA - Dev mailing list archive at Nabble.com.
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
>> and much more. Keep your Java skills current with LearnJavaNow -
>> 200+ hours of step-by-step video tutorials by Java experts.
>> SALE $49.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122612
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
> 
> 
> 
> -- 
> 
> 
> 
> Juan Caracoche | Business Developer
> jua...@re...
> Mobile: +54.911.4198.8941
> www.redb.ee
> 
> ------------------------------------------------------------------------------
> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
> and much more. Keep your Java skills current with LearnJavaNow -
> 200+ hours of step-by-step video tutorials by Java experts.
> SALE $49.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122612 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 

-- 
View this message in context: http://old.nabble.com/Error-in-the-OCSP-Responder-tp34877232p34881530.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Error in the OCSP Responder

[Tomas G. <to...@pr...>]

Then I think you got a good answer by a previous poster. You are 
currently barking up the wrong tree so you must start anew.

The installation instructions for a OCSP responder you can find here:
http://www.ejbca.org/installation-ocsp.html

Regards,
Tomas


**********
PrimeKey Solutions AB
Anderstorpsvägen 16, 171 54 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********

On 01/09/2013 06:04 PM, M.G.R wrote:
>
> hi Tomas,
>
> I want to set up an OCSP responder, which should validate the certificates
> issued by an External CA ( Not issued by the EJBCA).
> If u have any steps to do this. Please share that steps...
>
> thanks in advance,
>
>
>
>
>
>
>
> Tomas Gustavsson wrote:
>>
>>
>> To mee it looks like you have imported a CA certificate with the "Import
>> CA certificate" button on the "Edit Certificate Authorities" screen. Is
>> that correct?
>>
>> An External CA, imported CA certificate, is _not_ a CA, it is just a CA
>> certificate.
>>
>> I'm afraid I do not understand you use case, what you are trying to do.
>>
>> Are you setting up a Certificate Authority to issue certificates, or are
>> you trying to set up an OCSP responder?
>>
>> Cheers,
>> Tomas
>>
>> On 01/09/2013 12:44 PM, M.G.R wrote:
>>>
>>> Server OS :  Ubuntu 12.04 (64 bit)
>>> ejbca version :  ejbca_4_0_10
>>> Jboss server version:  jboss-5.1.0.GA
>>> ExternalCA imported :  NICsub-CA_for_NIC_2011.cer
>>> Issued certificate :  spk.cer
>>>
>>> 2013-01-09 15:07:58,539 INFO  [org.ejbca.ui.web.protocol.OCSPServletBase]
>>> (http-0.0.0.0-8080-1) Received OCSP request for certificate with serNo:
>>> 6001bed296181fee341d, and issuerNameHash:
>>> 0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a. Client ip 10.163.14.49.
>>> 2013-01-09 15:07:58,574 INFO  [org.ejbca.ui.web.protocol.OCSPServletBase]
>>> (http-0.0.0.0-8080-1) Adding status information (good) for certificate
>>> with
>>> serial '6001bed296181fee341d' from issuer 'C=IN,O=National Informatics
>>> Centre,OU=Sub-CA,CN=NIC sub-CA for NIC 2011'.
>>> 2013-01-09 15:07:58,577 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> #############
>>> Inside OCSPResponseItem ###############
>>> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> 1.Admin:UNKNOWN
>>> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> 2.caid:589037259
>>> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> 3.OCSPCAServiceRequest:org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest@4bc63fc3
>>> 2013-01-09 15:07:58,581 INFO  [STDOUT] (http-0.0.0.0-8080-1) 4:Proxy to
>>> jboss.j2ee:ear=ejbca.ear,jar=ejbca-ejb.jar,name=CAAdminSessionBean,service=EJB3
>>> implementing [interface
>>> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionLocal]
>>> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> 1.caSession:UNKNOWN
>>> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> 2.caSession:589037259
>>> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> 2.caSession:org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest@4bc63fc3
>>> 2013-01-09 15:07:58,614 WARN
>>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>>> (http-0.0.0.0-8080-1)
>>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>>> ManagedObjectAdvisor,
>>> InterceptorRegistry should be used via the bean container
>>> 2013-01-09 15:07:58,615 WARN
>>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>>> (http-0.0.0.0-8080-1)
>>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>>> ManagedObjectAdvisor,
>>> InterceptorRegistry should be used via the bean container
>>> 2013-01-09 15:07:58,621 WARN
>>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>>> (http-0.0.0.0-8080-1)
>>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>>> ManagedObjectAdvisor,
>>> InterceptorRegistry should be used via the bean container
>>> 2013-01-09 15:07:58,621 WARN
>>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>>> (http-0.0.0.0-8080-1)
>>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>>> ManagedObjectAdvisor,
>>> InterceptorRegistry should be used via the bean container
>>> 2013-01-09 15:07:58,626 WARN
>>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>>> (http-0.0.0.0-8080-1)
>>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>>> ManagedObjectAdvisor,
>>> InterceptorRegistry should be used via the bean container
>>> 2013-01-09 15:07:58,626 WARN
>>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>>> (http-0.0.0.0-8080-1)
>>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>>> ManagedObjectAdvisor,
>>> InterceptorRegistry should be used via the bean container
>>> 2013-01-09 15:07:58,757 INFO  [STDOUT] (http-0.0.0.0-8080-1) CA
>>> :org.ejbca.core.model.ca.caadmin.X509CA@1436fde2
>>> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> getExtendedCAService Inside ..............1
>>> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) returnval
>>> Inside ..............null
>>> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) returnval
>>> Inside ..............null
>>> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) daata Inside
>>> ..............{extendedcaservices=[], numberofreqapprovals=1,
>>> catoken={catokentype=3, sequence=00000, signaturealgorithm=SHA1WithRSA,
>>> sequenceformat=1, classpath=org.ejbca.core.model.ca.catoken.NullCAToken,
>>> version=7.0},
>>> certificatechain=[MIIEmjCCA4KgAwIBAgIKFCkm0v8UQ5s4+TANBgkqhkiG9w0BAQsFADCByDELMAkG
>>> A1UEBhMCSU4xJDAiBgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEd
>>> MBsGA1UECxMUQ2VydGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEO
>>> MAwGA1UECBMFRGVsaGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEd
>>> MBsGA1UEMwwUQS1CbG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAy
>>> MDExMB4XDTExMDQwMTA2MDkxNVoXDTE2MDMxMDA2MDkxNVowZjELMAkGA1UEBhMC
>>> SU4xJDAiBgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEPMA0GA1UE
>>> CxMGU3ViLUNBMSAwHgYDVQQDExdOSUMgc3ViLUNBIGZvciBOSUMgMjAxMTCCASIw
>>> DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTjDqBFmifF+I8Xb9HyrmG0bk8I
>>> LaUEr4RMCNDNER1rZTAmab9I7kFHGCNjKD5SmtXLDFnDkKV1gp96Fk6hmZ8CVQ5C
>>> dRyO616qvd3TZLN8/Xm0Cl3cBwuTv8XU9nwf4hoyRDQXQK8Psq0zmS2fuRse0q3W
>>> TmrRi7Ck2C9zD9eCBjoO0QebgcQ+VXYv1c0ORO0+gD1CRb5j+0GLmb0mK98Wb+R9
>>> 3zs7LOV4qIMMEhO4K92+0zomlpHni0blLvCGRd1fAyo5teb9Gw8BaV20vfzubVC5
>>> 0NLAEeRa1dSBkkfiPVGavZpXuqLFmIHJCTVODspQvmcUP2rdDPuvkAhdshcCAwEA
>>> AaOB5jCB4zASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT6gA8c/HOkx2mQ
>>> E67vPBCtqq8ZhDATBgNVHSMEDDAKgAhOVU+us9+hZjAOBgNVHQ8BAf8EBAMCAQYw
>>> EgYDVR0gBAswCTAHBgVggmRkAjBCBggrBgEFBQcBAQQ2MDQwMgYIKwYBBQUHMAKG
>>> Jmh0dHA6Ly9uaWNjYS5uaWMuaW4vY2VydC9jZXJ0XzI3OTIuY2VyMDEGA1UdHwQq
>>> MCgwJqAkoCKGIGh0dHA6Ly9uaWNjYS5uaWMuaW4vY3JsXzI3OTIuY3JsMA0GCSqG
>>> SIb3DQEBCwUAA4IBAQC8K4nthWVPqbXsP5VeeIjiwZ5Plvy+1Cbo3wbzjPYhtCRo
>>> yOoO/qPyKZ3zNLZaWSz7wPGGBq5niiQaINTJ0+fBBD0unAlG0ZpSvEFqrenjcfKI
>>> ApKfNT6qdg6om+oFMudVrhgWyYqFCM2op2qRcIPHRH7BrX3xT2Ns2+NKc/nIt3L1
>>> NxDQm0arvRTYmMjOXEL4fUasxBlWKJR1HvtsnUb2wrXwEEl0/XJiGeg1SHXa/kN/
>>> J8eQ359O/ULeXUNcfqtjkSjRW9vGUcwTMP1knyNYRbXKoWCuLv2uvx2gOzh9YwAP
>>> DH3JdZGe5lDqC+IyA/pYhh5y5jhCKfvH5MabaR7d],
>>> useprintablestringsubjectdn=false, policies=[], defaultcrldistpoint=,
>>> version=19.0, catype=1, useCertreqHistory=true, validity=0,
>>> description=B64:Q0EgY3JlYXRlZCBieSBjZXJ0aWZpY2F0ZSBpbXBvcnQu,
>>> expiretime=Thu
>>> Mar 10 11:39:15 IST 2016, deltacrlperiod=0, useCertificateStorage=true,
>>> subjectaltname=null, useldapdnorder=true, usecrlnumber=false,
>>> finishuser=false, doEnforceUniqueSubjectDNSerialnumber=false,
>>> crlperiod=0,
>>> signedby=2, doEnforceUniqueDistinguishedName=true,
>>> authoritykeyidentifiercritical=false, revokationreason=-1,
>>> doEnforceUniquePublicKeys=true, crlnumbercritical=false,
>>> cadefinedfreshestcrl=, defaultocspservicelocator=,
>>> useauthoritykeyidentifier=false, crldistributionpointoncrlcritical=false,
>>> useUserStorage=true, cmpraauthsecret=null, approvalsettings=[],
>>> certificateprofileid=2, defaultcrlissuer=, includeinhealthcheck=false,
>>> useutf8policytext=false, crlIssueInterval=0,
>>> usecrldistributionpointoncrl=false, crlOverlapTime=36000000,
>>> crlpublishers=[]}
>>> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>>> EXTENDEDCASERVICE+type:extendedcaservice1
>>> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1) 1111:null
>>> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1) Exception
>>> Inside ..............null
>>> 2013-01-09 15:07:58,759 ERROR [STDERR] (http-0.0.0.0-8080-1)
>>> java.lang.NullPointerException
>>> 2013-01-09 15:07:58,760 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:833)
>>> 2013-01-09 15:07:58,760 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:753)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.extendedService(CAAdminSessionBean.java:2380)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> java.lang.reflect.Method.invoke(Method.java:616)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> sun.reflect.GeneratedMethodAccessor338.invoke(Unknown Source)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> java.lang.reflect.Method.invoke(Method.java:616)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1005639669.invoke(InvocationContextInterceptor_z_fillMethod_1005639669.java)
>>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1005639669.invoke(InvocationContextInterceptor_z_setup_1005639669.java)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
>>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> $Proxy499.extendedService(Unknown Source)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.ejbca.ui.web.protocol.OCSPServlet.extendedService(OCSPServlet.java:60)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:223)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:905)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:375)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
>>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>>> java.lang.Thread.run(Thread.java:679)
>>> 2013-01-09 15:07:58,785 ERROR [org.ejbca.ui.web.protocol.OCSPServletBase]
>>> (http-0.0.0.0-8080-1) Error processing OCSP request. Message:
>>> java.lang.RuntimeException: java.lang.NullPointerException.
>>> javax.ejb.EJBException: java.lang.RuntimeException:
>>> java.lang.NullPointerException
>>> 	at
>>> org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:77)
>>> 	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83)
>>> 	at
>>> org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
>>> 	at
>>> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
>>> 	at
>>> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
>>> 	at
>>> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
>>> 	at $Proxy499.extendedService(Unknown Source)
>>> 	at
>>> org.ejbca.ui.web.protocol.OCSPServlet.extendedService(OCSPServlet.java:60)
>>> 	at
>>> org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:223)
>>> 	at
>>> org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:905)
>>> 	at
>>> org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:375)
>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>>> 	at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>>> 	at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> 	at
>>> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>>> 	at
>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>>> 	at
>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>>> 	at
>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
>>> 	at
>>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>>> 	at
>>> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
>>> 	at
>>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
>>> 	at
>>> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
>>> 	at
>>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
>>> 	at
>>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
>>> 	at
>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>>> 	at
>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>>> 	at
>>> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
>>> 	at
>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>>> 	at
>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
>>> 	at
>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
>>> 	at
>>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
>>> 	at
>>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>>> 	at java.lang.Thread.run(Thread.java:679)
>>> Caused by: java.lang.RuntimeException: java.lang.NullPointerException
>>> 	at org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:856)
>>> 	at org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:753)
>>> 	at
>>> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.extendedService(CAAdminSessionBean.java:2380)
>>> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>> 	at
>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>>> 	at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> 	at java.lang.reflect.Method.invoke(Method.java:616)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
>>> 	at
>>> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
>>> 	at
>>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
>>> 	at
>>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
>>> 	at sun.reflect.GeneratedMethodAccessor338.invoke(Unknown Source)
>>> 	at
>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>>> 	at java.lang.reflect.Method.invoke(Method.java:616)
>>> 	at
>>> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
>>> 	at
>>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1005639669.invoke(InvocationContextInterceptor_z_fillMethod_1005639669.java)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
>>> 	at
>>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1005639669.invoke(InvocationContextInterceptor_z_setup_1005639669.java)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at
>>> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
>>> 	at
>>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>>> 	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
>>> 	... 48 more
>>> Caused by: java.lang.NullPointerException
>>> 	at org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:833)
>>> 	... 81 more
>>> 2013-01-09 15:07:58,789 DEBUG
>>> [org.ejbca.core.protocol.ocsp.TransactionLogger] (http-0.0.0.0-8080-1)
>>> 1eaace887f0001014af5b94b122010d9;1;0;0"10.163.14.49";"0";"0";0;"2013-01-09:09:37:58:GMT";348;1;0;0;0;0;0;0;0;"C=IN,O=National
>>> Informatics Centre,OU=Sub-CA,CN=NIC sub-CA for NIC
>>> 2011";0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a;fa800f1cfc73a4c7699013aeef3c10adaaaf1984;1.3.14.3.2.26;6001bed296181fee341d;0
>>> 1eaace887f0001014af5b94b122010d9;1;2;0"10.163.14.49";"0";"0";0;"2013-01-09:09:37:58:GMT";348;1;0;0;0;0;0;0;0;"C=IN,O=National
>>> Informatics Centre,OU=Sub-CA,CN=NIC sub-CA for NIC
>>> 2011";0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a;fa800f1cfc73a4c7699013aeef3c10adaaaf1984;1.3.14.3.2.26;6001bed296181fee341d;0
>>>
>>> This is the full error messaage throws in the server.log while running
>>> the
>>>
>>> OCSP request from the client machine using the openssl OCSP client
>>> command
>>>
>>> $ openssl ocsp -issuer NICsub-CA_for_NIC_2011.cer -cert spk.cer -url
>>> http://<ip address>/ejbca/publicweb/status/ocsp -respout resp.der
>>> -no_cert_verify
>>>
>>> Error querying OCSP responsder
>>>
>>> But while using CAs with certificates issued by ejbca is working properly
>>> responding.
>>>
>>> Please find the issue where I am doing wrong. because here Iam facing
>>> this
>>> issue for the past 3 weeks.
>>>
>>>
>>>
>>>
>>> Tomas Gustavsson wrote:
>>>>
>>>>
>>>> You have to provide more of the error. Not possible to say anything from
>>>> the short snippet you provide. Also versions are of course neede din
>>>> order to say anything
>>>>
>>>> Cheers,
>>>> Tomas
>>>> PrimeKey Solutions offers commercial EJBCA and SignServer support
>>>> subscriptions and training courses. Please see www.primekey.se or
>>>> contact in...@pr... for more information.
>>>> http://www.primekey.se/Services/Support/
>>>> http://www.primekey.se/Services/Training/
>>>>
>>>> **********
>>>> PrimeKey Solutions AB
>>>> Anderstorpsvägen 16, 171 54 Solna, Sweden
>>>> Mob: +46 (0)707421096
>>>> Internet: www.primekey.se
>>>> Twitter: twitter.com/primekeyPKI
>>>> **********
>>>>
>>>> On 01/09/2013 11:09 AM, M.G.R wrote:
>>>>>
>>>>> while requesting for validating the certificate issued by external CA
>>>>> using
>>>>> openssl OCSP client shows the following error in the OCSP server side
>>>>>
>>>>> ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
>>>>> Error processing OCSP request. Message: java.lang.RuntimeException:
>>>>> java.lang.NullPointerException.
>>>>>
>>>>> &
>>>>>
>>>>> Shows the following error in the client side
>>>>>
>>>>> Error querying OCSP responsder
>>>>>
>>>>> is there any way to trace the problem. please help me.
>>>>>
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
>>>> and much more. Keep your Java skills current with LearnJavaNow -
>>>> 200+ hours of step-by-step video tutorials by Java experts.
>>>> SALE $49.99 this month only -- learn more at:
>>>> http://p.sf.net/sfu/learnmore_122612
>>>> _______________________________________________
>>>> Ejbca-develop mailing list
>>>> Ejb...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>
>>>>
>>>
>>
>> ------------------------------------------------------------------------------
>> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
>> and much more. Keep your Java skills current with LearnJavaNow -
>> 200+ hours of step-by-step video tutorials by Java experts.
>> SALE $49.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122612
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>>
>

Re: [Ejbca-develop] Error in the OCSP Responder

[M.G.R <mg....@ni...>]

hi Tomas,

I want to set up an OCSP responder, which should validate the certificates
issued by an External CA ( Not issued by the EJBCA).
If u have any steps to do this. Please share that steps...

thanks in advance,







Tomas Gustavsson wrote:
> 
> 
> To mee it looks like you have imported a CA certificate with the "Import 
> CA certificate" button on the "Edit Certificate Authorities" screen. Is 
> that correct?
> 
> An External CA, imported CA certificate, is _not_ a CA, it is just a CA 
> certificate.
> 
> I'm afraid I do not understand you use case, what you are trying to do.
> 
> Are you setting up a Certificate Authority to issue certificates, or are 
> you trying to set up an OCSP responder?
> 
> Cheers,
> Tomas
> 
> On 01/09/2013 12:44 PM, M.G.R wrote:
>>
>> Server OS :  Ubuntu 12.04 (64 bit)
>> ejbca version :  ejbca_4_0_10
>> Jboss server version:  jboss-5.1.0.GA
>> ExternalCA imported :  NICsub-CA_for_NIC_2011.cer
>> Issued certificate :  spk.cer
>>
>> 2013-01-09 15:07:58,539 INFO  [org.ejbca.ui.web.protocol.OCSPServletBase]
>> (http-0.0.0.0-8080-1) Received OCSP request for certificate with serNo:
>> 6001bed296181fee341d, and issuerNameHash:
>> 0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a. Client ip 10.163.14.49.
>> 2013-01-09 15:07:58,574 INFO  [org.ejbca.ui.web.protocol.OCSPServletBase]
>> (http-0.0.0.0-8080-1) Adding status information (good) for certificate
>> with
>> serial '6001bed296181fee341d' from issuer 'C=IN,O=National Informatics
>> Centre,OU=Sub-CA,CN=NIC sub-CA for NIC 2011'.
>> 2013-01-09 15:07:58,577 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> #############
>> Inside OCSPResponseItem ###############
>> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> 1.Admin:UNKNOWN
>> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> 2.caid:589037259
>> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> 3.OCSPCAServiceRequest:org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest@4bc63fc3
>> 2013-01-09 15:07:58,581 INFO  [STDOUT] (http-0.0.0.0-8080-1) 4:Proxy to
>> jboss.j2ee:ear=ejbca.ear,jar=ejbca-ejb.jar,name=CAAdminSessionBean,service=EJB3
>> implementing [interface
>> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionLocal]
>> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> 1.caSession:UNKNOWN
>> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> 2.caSession:589037259
>> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> 2.caSession:org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest@4bc63fc3
>> 2013-01-09 15:07:58,614 WARN
>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>> (http-0.0.0.0-8080-1)
>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>> ManagedObjectAdvisor,
>> InterceptorRegistry should be used via the bean container
>> 2013-01-09 15:07:58,615 WARN
>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>> (http-0.0.0.0-8080-1)
>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>> ManagedObjectAdvisor,
>> InterceptorRegistry should be used via the bean container
>> 2013-01-09 15:07:58,621 WARN
>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>> (http-0.0.0.0-8080-1)
>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>> ManagedObjectAdvisor,
>> InterceptorRegistry should be used via the bean container
>> 2013-01-09 15:07:58,621 WARN
>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>> (http-0.0.0.0-8080-1)
>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>> ManagedObjectAdvisor,
>> InterceptorRegistry should be used via the bean container
>> 2013-01-09 15:07:58,626 WARN
>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>> (http-0.0.0.0-8080-1)
>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>> ManagedObjectAdvisor,
>> InterceptorRegistry should be used via the bean container
>> 2013-01-09 15:07:58,626 WARN
>> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory]
>> (http-0.0.0.0-8080-1)
>> EJBTHREE-1246: Do not use InterceptorsFactory with a
>> ManagedObjectAdvisor,
>> InterceptorRegistry should be used via the bean container
>> 2013-01-09 15:07:58,757 INFO  [STDOUT] (http-0.0.0.0-8080-1) CA
>> :org.ejbca.core.model.ca.caadmin.X509CA@1436fde2
>> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> getExtendedCAService Inside ..............1
>> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) returnval
>> Inside ..............null
>> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) returnval
>> Inside ..............null
>> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) daata Inside
>> ..............{extendedcaservices=[], numberofreqapprovals=1,
>> catoken={catokentype=3, sequence=00000, signaturealgorithm=SHA1WithRSA,
>> sequenceformat=1, classpath=org.ejbca.core.model.ca.catoken.NullCAToken,
>> version=7.0},
>> certificatechain=[MIIEmjCCA4KgAwIBAgIKFCkm0v8UQ5s4+TANBgkqhkiG9w0BAQsFADCByDELMAkG
>> A1UEBhMCSU4xJDAiBgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEd
>> MBsGA1UECxMUQ2VydGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEO
>> MAwGA1UECBMFRGVsaGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEd
>> MBsGA1UEMwwUQS1CbG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAy
>> MDExMB4XDTExMDQwMTA2MDkxNVoXDTE2MDMxMDA2MDkxNVowZjELMAkGA1UEBhMC
>> SU4xJDAiBgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEPMA0GA1UE
>> CxMGU3ViLUNBMSAwHgYDVQQDExdOSUMgc3ViLUNBIGZvciBOSUMgMjAxMTCCASIw
>> DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTjDqBFmifF+I8Xb9HyrmG0bk8I
>> LaUEr4RMCNDNER1rZTAmab9I7kFHGCNjKD5SmtXLDFnDkKV1gp96Fk6hmZ8CVQ5C
>> dRyO616qvd3TZLN8/Xm0Cl3cBwuTv8XU9nwf4hoyRDQXQK8Psq0zmS2fuRse0q3W
>> TmrRi7Ck2C9zD9eCBjoO0QebgcQ+VXYv1c0ORO0+gD1CRb5j+0GLmb0mK98Wb+R9
>> 3zs7LOV4qIMMEhO4K92+0zomlpHni0blLvCGRd1fAyo5teb9Gw8BaV20vfzubVC5
>> 0NLAEeRa1dSBkkfiPVGavZpXuqLFmIHJCTVODspQvmcUP2rdDPuvkAhdshcCAwEA
>> AaOB5jCB4zASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT6gA8c/HOkx2mQ
>> E67vPBCtqq8ZhDATBgNVHSMEDDAKgAhOVU+us9+hZjAOBgNVHQ8BAf8EBAMCAQYw
>> EgYDVR0gBAswCTAHBgVggmRkAjBCBggrBgEFBQcBAQQ2MDQwMgYIKwYBBQUHMAKG
>> Jmh0dHA6Ly9uaWNjYS5uaWMuaW4vY2VydC9jZXJ0XzI3OTIuY2VyMDEGA1UdHwQq
>> MCgwJqAkoCKGIGh0dHA6Ly9uaWNjYS5uaWMuaW4vY3JsXzI3OTIuY3JsMA0GCSqG
>> SIb3DQEBCwUAA4IBAQC8K4nthWVPqbXsP5VeeIjiwZ5Plvy+1Cbo3wbzjPYhtCRo
>> yOoO/qPyKZ3zNLZaWSz7wPGGBq5niiQaINTJ0+fBBD0unAlG0ZpSvEFqrenjcfKI
>> ApKfNT6qdg6om+oFMudVrhgWyYqFCM2op2qRcIPHRH7BrX3xT2Ns2+NKc/nIt3L1
>> NxDQm0arvRTYmMjOXEL4fUasxBlWKJR1HvtsnUb2wrXwEEl0/XJiGeg1SHXa/kN/
>> J8eQ359O/ULeXUNcfqtjkSjRW9vGUcwTMP1knyNYRbXKoWCuLv2uvx2gOzh9YwAP
>> DH3JdZGe5lDqC+IyA/pYhh5y5jhCKfvH5MabaR7d],
>> useprintablestringsubjectdn=false, policies=[], defaultcrldistpoint=,
>> version=19.0, catype=1, useCertreqHistory=true, validity=0,
>> description=B64:Q0EgY3JlYXRlZCBieSBjZXJ0aWZpY2F0ZSBpbXBvcnQu,
>> expiretime=Thu
>> Mar 10 11:39:15 IST 2016, deltacrlperiod=0, useCertificateStorage=true,
>> subjectaltname=null, useldapdnorder=true, usecrlnumber=false,
>> finishuser=false, doEnforceUniqueSubjectDNSerialnumber=false,
>> crlperiod=0,
>> signedby=2, doEnforceUniqueDistinguishedName=true,
>> authoritykeyidentifiercritical=false, revokationreason=-1,
>> doEnforceUniquePublicKeys=true, crlnumbercritical=false,
>> cadefinedfreshestcrl=, defaultocspservicelocator=,
>> useauthoritykeyidentifier=false, crldistributionpointoncrlcritical=false,
>> useUserStorage=true, cmpraauthsecret=null, approvalsettings=[],
>> certificateprofileid=2, defaultcrlissuer=, includeinhealthcheck=false,
>> useutf8policytext=false, crlIssueInterval=0,
>> usecrldistributionpointoncrl=false, crlOverlapTime=36000000,
>> crlpublishers=[]}
>> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1)
>> EXTENDEDCASERVICE+type:extendedcaservice1
>> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1) 1111:null
>> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1) Exception
>> Inside ..............null
>> 2013-01-09 15:07:58,759 ERROR [STDERR] (http-0.0.0.0-8080-1)
>> java.lang.NullPointerException
>> 2013-01-09 15:07:58,760 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:833)
>> 2013-01-09 15:07:58,760 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:753)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.extendedService(CAAdminSessionBean.java:2380)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> java.lang.reflect.Method.invoke(Method.java:616)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> sun.reflect.GeneratedMethodAccessor338.invoke(Unknown Source)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> java.lang.reflect.Method.invoke(Method.java:616)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1005639669.invoke(InvocationContextInterceptor_z_fillMethod_1005639669.java)
>> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1005639669.invoke(InvocationContextInterceptor_z_setup_1005639669.java)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
>> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> $Proxy499.extendedService(Unknown Source)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.ejbca.ui.web.protocol.OCSPServlet.extendedService(OCSPServlet.java:60)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:223)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:905)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:375)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
>> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
>> java.lang.Thread.run(Thread.java:679)
>> 2013-01-09 15:07:58,785 ERROR [org.ejbca.ui.web.protocol.OCSPServletBase]
>> (http-0.0.0.0-8080-1) Error processing OCSP request. Message:
>> java.lang.RuntimeException: java.lang.NullPointerException.
>> javax.ejb.EJBException: java.lang.RuntimeException:
>> java.lang.NullPointerException
>> 	at
>> org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:77)
>> 	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83)
>> 	at
>> org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
>> 	at
>> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
>> 	at
>> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
>> 	at
>> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
>> 	at $Proxy499.extendedService(Unknown Source)
>> 	at
>> org.ejbca.ui.web.protocol.OCSPServlet.extendedService(OCSPServlet.java:60)
>> 	at
>> org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:223)
>> 	at
>> org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:905)
>> 	at
>> org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:375)
>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
>> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
>> 	at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
>> 	at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> 	at
>> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
>> 	at
>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
>> 	at
>> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
>> 	at
>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
>> 	at
>> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
>> 	at
>> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
>> 	at
>> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
>> 	at
>> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
>> 	at
>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
>> 	at
>> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
>> 	at
>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
>> 	at
>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
>> 	at
>> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
>> 	at
>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
>> 	at
>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
>> 	at
>> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
>> 	at
>> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
>> 	at
>> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
>> 	at java.lang.Thread.run(Thread.java:679)
>> Caused by: java.lang.RuntimeException: java.lang.NullPointerException
>> 	at org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:856)
>> 	at org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:753)
>> 	at
>> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.extendedService(CAAdminSessionBean.java:2380)
>> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>> 	at
>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
>> 	at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> 	at java.lang.reflect.Method.invoke(Method.java:616)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
>> 	at
>> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
>> 	at
>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
>> 	at
>> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
>> 	at sun.reflect.GeneratedMethodAccessor338.invoke(Unknown Source)
>> 	at
>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
>> 	at java.lang.reflect.Method.invoke(Method.java:616)
>> 	at
>> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
>> 	at
>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1005639669.invoke(InvocationContextInterceptor_z_fillMethod_1005639669.java)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
>> 	at
>> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1005639669.invoke(InvocationContextInterceptor_z_setup_1005639669.java)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at
>> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
>> 	at
>> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
>> 	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
>> 	... 48 more
>> Caused by: java.lang.NullPointerException
>> 	at org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:833)
>> 	... 81 more
>> 2013-01-09 15:07:58,789 DEBUG
>> [org.ejbca.core.protocol.ocsp.TransactionLogger] (http-0.0.0.0-8080-1)
>> 1eaace887f0001014af5b94b122010d9;1;0;0"10.163.14.49";"0";"0";0;"2013-01-09:09:37:58:GMT";348;1;0;0;0;0;0;0;0;"C=IN,O=National
>> Informatics Centre,OU=Sub-CA,CN=NIC sub-CA for NIC
>> 2011";0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a;fa800f1cfc73a4c7699013aeef3c10adaaaf1984;1.3.14.3.2.26;6001bed296181fee341d;0
>> 1eaace887f0001014af5b94b122010d9;1;2;0"10.163.14.49";"0";"0";0;"2013-01-09:09:37:58:GMT";348;1;0;0;0;0;0;0;0;"C=IN,O=National
>> Informatics Centre,OU=Sub-CA,CN=NIC sub-CA for NIC
>> 2011";0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a;fa800f1cfc73a4c7699013aeef3c10adaaaf1984;1.3.14.3.2.26;6001bed296181fee341d;0
>>
>> This is the full error messaage throws in the server.log while running
>> the
>>
>> OCSP request from the client machine using the openssl OCSP client
>> command
>>
>> $ openssl ocsp -issuer NICsub-CA_for_NIC_2011.cer -cert spk.cer -url
>> http://<ip address>/ejbca/publicweb/status/ocsp -respout resp.der
>> -no_cert_verify
>>
>> Error querying OCSP responsder
>>
>> But while using CAs with certificates issued by ejbca is working properly
>> responding.
>>
>> Please find the issue where I am doing wrong. because here Iam facing
>> this
>> issue for the past 3 weeks.
>>
>>
>>
>>
>> Tomas Gustavsson wrote:
>>>
>>>
>>> You have to provide more of the error. Not possible to say anything from
>>> the short snippet you provide. Also versions are of course neede din
>>> order to say anything
>>>
>>> Cheers,
>>> Tomas
>>> PrimeKey Solutions offers commercial EJBCA and SignServer support
>>> subscriptions and training courses. Please see www.primekey.se or
>>> contact in...@pr... for more information.
>>> http://www.primekey.se/Services/Support/
>>> http://www.primekey.se/Services/Training/
>>>
>>> **********
>>> PrimeKey Solutions AB
>>> Anderstorpsvägen 16, 171 54 Solna, Sweden
>>> Mob: +46 (0)707421096
>>> Internet: www.primekey.se
>>> Twitter: twitter.com/primekeyPKI
>>> **********
>>>
>>> On 01/09/2013 11:09 AM, M.G.R wrote:
>>>>
>>>> while requesting for validating the certificate issued by external CA
>>>> using
>>>> openssl OCSP client shows the following error in the OCSP server side
>>>>
>>>> ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
>>>> Error processing OCSP request. Message: java.lang.RuntimeException:
>>>> java.lang.NullPointerException.
>>>>
>>>> &
>>>>
>>>> Shows the following error in the client side
>>>>
>>>> Error querying OCSP responsder
>>>>
>>>> is there any way to trace the problem. please help me.
>>>>
>>>>
>>>> Thanks in advance.
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
>>> and much more. Keep your Java skills current with LearnJavaNow -
>>> 200+ hours of step-by-step video tutorials by Java experts.
>>> SALE $49.99 this month only -- learn more at:
>>> http://p.sf.net/sfu/learnmore_122612
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>>
>>
> 
> ------------------------------------------------------------------------------
> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
> and much more. Keep your Java skills current with LearnJavaNow -
> 200+ hours of step-by-step video tutorials by Java experts.
> SALE $49.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122612 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 

-- 
View this message in context: http://old.nabble.com/Error-in-the-OCSP-Responder-tp34877232p34879077.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Error in the OCSP Responder

[Tomas G. <to...@pr...>]

To mee it looks like you have imported a CA certificate with the "Import 
CA certificate" button on the "Edit Certificate Authorities" screen. Is 
that correct?

An External CA, imported CA certificate, is _not_ a CA, it is just a CA 
certificate.

I'm afraid I do not understand you use case, what you are trying to do.

Are you setting up a Certificate Authority to issue certificates, or are 
you trying to set up an OCSP responder?

Cheers,
Tomas

On 01/09/2013 12:44 PM, M.G.R wrote:
>
> Server OS :  Ubuntu 12.04 (64 bit)
> ejbca version :  ejbca_4_0_10
> Jboss server version:  jboss-5.1.0.GA
> ExternalCA imported :  NICsub-CA_for_NIC_2011.cer
> Issued certificate :  spk.cer
>
> 2013-01-09 15:07:58,539 INFO  [org.ejbca.ui.web.protocol.OCSPServletBase]
> (http-0.0.0.0-8080-1) Received OCSP request for certificate with serNo:
> 6001bed296181fee341d, and issuerNameHash:
> 0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a. Client ip 10.163.14.49.
> 2013-01-09 15:07:58,574 INFO  [org.ejbca.ui.web.protocol.OCSPServletBase]
> (http-0.0.0.0-8080-1) Adding status information (good) for certificate with
> serial '6001bed296181fee341d' from issuer 'C=IN,O=National Informatics
> Centre,OU=Sub-CA,CN=NIC sub-CA for NIC 2011'.
> 2013-01-09 15:07:58,577 INFO  [STDOUT] (http-0.0.0.0-8080-1) #############
> Inside OCSPResponseItem ###############
> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1) 1.Admin:UNKNOWN
> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
> 2.caid:589037259
> 2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
> 3.OCSPCAServiceRequest:org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest@4bc63fc3
> 2013-01-09 15:07:58,581 INFO  [STDOUT] (http-0.0.0.0-8080-1) 4:Proxy to
> jboss.j2ee:ear=ejbca.ear,jar=ejbca-ejb.jar,name=CAAdminSessionBean,service=EJB3
> implementing [interface org.ejbca.core.ejb.ca.caadmin.CAAdminSessionLocal]
> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
> 1.caSession:UNKNOWN
> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
> 2.caSession:589037259
> 2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
> 2.caSession:org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest@4bc63fc3
> 2013-01-09 15:07:58,614 WARN
> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
> EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
> InterceptorRegistry should be used via the bean container
> 2013-01-09 15:07:58,615 WARN
> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
> EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
> InterceptorRegistry should be used via the bean container
> 2013-01-09 15:07:58,621 WARN
> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
> EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
> InterceptorRegistry should be used via the bean container
> 2013-01-09 15:07:58,621 WARN
> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
> EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
> InterceptorRegistry should be used via the bean container
> 2013-01-09 15:07:58,626 WARN
> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
> EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
> InterceptorRegistry should be used via the bean container
> 2013-01-09 15:07:58,626 WARN
> [org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
> EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
> InterceptorRegistry should be used via the bean container
> 2013-01-09 15:07:58,757 INFO  [STDOUT] (http-0.0.0.0-8080-1) CA
> :org.ejbca.core.model.ca.caadmin.X509CA@1436fde2
> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1)
> getExtendedCAService Inside ..............1
> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) returnval
> Inside ..............null
> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) returnval
> Inside ..............null
> 2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) daata Inside
> ..............{extendedcaservices=[], numberofreqapprovals=1,
> catoken={catokentype=3, sequence=00000, signaturealgorithm=SHA1WithRSA,
> sequenceformat=1, classpath=org.ejbca.core.model.ca.catoken.NullCAToken,
> version=7.0},
> certificatechain=[MIIEmjCCA4KgAwIBAgIKFCkm0v8UQ5s4+TANBgkqhkiG9w0BAQsFADCByDELMAkG
> A1UEBhMCSU4xJDAiBgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEd
> MBsGA1UECxMUQ2VydGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEO
> MAwGA1UECBMFRGVsaGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEd
> MBsGA1UEMwwUQS1CbG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAy
> MDExMB4XDTExMDQwMTA2MDkxNVoXDTE2MDMxMDA2MDkxNVowZjELMAkGA1UEBhMC
> SU4xJDAiBgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEPMA0GA1UE
> CxMGU3ViLUNBMSAwHgYDVQQDExdOSUMgc3ViLUNBIGZvciBOSUMgMjAxMTCCASIw
> DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTjDqBFmifF+I8Xb9HyrmG0bk8I
> LaUEr4RMCNDNER1rZTAmab9I7kFHGCNjKD5SmtXLDFnDkKV1gp96Fk6hmZ8CVQ5C
> dRyO616qvd3TZLN8/Xm0Cl3cBwuTv8XU9nwf4hoyRDQXQK8Psq0zmS2fuRse0q3W
> TmrRi7Ck2C9zD9eCBjoO0QebgcQ+VXYv1c0ORO0+gD1CRb5j+0GLmb0mK98Wb+R9
> 3zs7LOV4qIMMEhO4K92+0zomlpHni0blLvCGRd1fAyo5teb9Gw8BaV20vfzubVC5
> 0NLAEeRa1dSBkkfiPVGavZpXuqLFmIHJCTVODspQvmcUP2rdDPuvkAhdshcCAwEA
> AaOB5jCB4zASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT6gA8c/HOkx2mQ
> E67vPBCtqq8ZhDATBgNVHSMEDDAKgAhOVU+us9+hZjAOBgNVHQ8BAf8EBAMCAQYw
> EgYDVR0gBAswCTAHBgVggmRkAjBCBggrBgEFBQcBAQQ2MDQwMgYIKwYBBQUHMAKG
> Jmh0dHA6Ly9uaWNjYS5uaWMuaW4vY2VydC9jZXJ0XzI3OTIuY2VyMDEGA1UdHwQq
> MCgwJqAkoCKGIGh0dHA6Ly9uaWNjYS5uaWMuaW4vY3JsXzI3OTIuY3JsMA0GCSqG
> SIb3DQEBCwUAA4IBAQC8K4nthWVPqbXsP5VeeIjiwZ5Plvy+1Cbo3wbzjPYhtCRo
> yOoO/qPyKZ3zNLZaWSz7wPGGBq5niiQaINTJ0+fBBD0unAlG0ZpSvEFqrenjcfKI
> ApKfNT6qdg6om+oFMudVrhgWyYqFCM2op2qRcIPHRH7BrX3xT2Ns2+NKc/nIt3L1
> NxDQm0arvRTYmMjOXEL4fUasxBlWKJR1HvtsnUb2wrXwEEl0/XJiGeg1SHXa/kN/
> J8eQ359O/ULeXUNcfqtjkSjRW9vGUcwTMP1knyNYRbXKoWCuLv2uvx2gOzh9YwAP
> DH3JdZGe5lDqC+IyA/pYhh5y5jhCKfvH5MabaR7d],
> useprintablestringsubjectdn=false, policies=[], defaultcrldistpoint=,
> version=19.0, catype=1, useCertreqHistory=true, validity=0,
> description=B64:Q0EgY3JlYXRlZCBieSBjZXJ0aWZpY2F0ZSBpbXBvcnQu, expiretime=Thu
> Mar 10 11:39:15 IST 2016, deltacrlperiod=0, useCertificateStorage=true,
> subjectaltname=null, useldapdnorder=true, usecrlnumber=false,
> finishuser=false, doEnforceUniqueSubjectDNSerialnumber=false, crlperiod=0,
> signedby=2, doEnforceUniqueDistinguishedName=true,
> authoritykeyidentifiercritical=false, revokationreason=-1,
> doEnforceUniquePublicKeys=true, crlnumbercritical=false,
> cadefinedfreshestcrl=, defaultocspservicelocator=,
> useauthoritykeyidentifier=false, crldistributionpointoncrlcritical=false,
> useUserStorage=true, cmpraauthsecret=null, approvalsettings=[],
> certificateprofileid=2, defaultcrlissuer=, includeinhealthcheck=false,
> useutf8policytext=false, crlIssueInterval=0,
> usecrldistributionpointoncrl=false, crlOverlapTime=36000000,
> crlpublishers=[]}
> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1)
> EXTENDEDCASERVICE+type:extendedcaservice1
> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1) 1111:null
> 2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1) Exception
> Inside ..............null
> 2013-01-09 15:07:58,759 ERROR [STDERR] (http-0.0.0.0-8080-1)
> java.lang.NullPointerException
> 2013-01-09 15:07:58,760 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:833)
> 2013-01-09 15:07:58,760 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:753)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.extendedService(CAAdminSessionBean.java:2380)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> java.lang.reflect.Method.invoke(Method.java:616)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> sun.reflect.GeneratedMethodAccessor338.invoke(Unknown Source)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> java.lang.reflect.Method.invoke(Method.java:616)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1005639669.invoke(InvocationContextInterceptor_z_fillMethod_1005639669.java)
> 2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1005639669.invoke(InvocationContextInterceptor_z_setup_1005639669.java)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
> 2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> $Proxy499.extendedService(Unknown Source)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.ejbca.ui.web.protocol.OCSPServlet.extendedService(OCSPServlet.java:60)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:223)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:905)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:375)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
> 2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> 2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
> java.lang.Thread.run(Thread.java:679)
> 2013-01-09 15:07:58,785 ERROR [org.ejbca.ui.web.protocol.OCSPServletBase]
> (http-0.0.0.0-8080-1) Error processing OCSP request. Message:
> java.lang.RuntimeException: java.lang.NullPointerException.
> javax.ejb.EJBException: java.lang.RuntimeException:
> java.lang.NullPointerException
> 	at
> org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:77)
> 	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83)
> 	at
> org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
> 	at
> org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
> 	at
> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
> 	at
> org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
> 	at $Proxy499.extendedService(Unknown Source)
> 	at
> org.ejbca.ui.web.protocol.OCSPServlet.extendedService(OCSPServlet.java:60)
> 	at
> org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:223)
> 	at
> org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:905)
> 	at
> org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:375)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
> 	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
> 	at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
> 	at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at
> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
> 	at
> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
> 	at
> org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
> 	at
> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
> 	at
> org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
> 	at
> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
> 	at
> org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
> 	at
> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
> 	at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
> 	at
> org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
> 	at
> org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
> 	at
> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
> 	at
> org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
> 	at
> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
> 	at
> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
> 	at
> org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
> 	at
> org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
> 	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
> 	at java.lang.Thread.run(Thread.java:679)
> Caused by: java.lang.RuntimeException: java.lang.NullPointerException
> 	at org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:856)
> 	at org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:753)
> 	at
> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.extendedService(CAAdminSessionBean.java:2380)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> 	at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:616)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> 	at
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> 	at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> 	at
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> 	at sun.reflect.GeneratedMethodAccessor338.invoke(Unknown Source)
> 	at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> 	at java.lang.reflect.Method.invoke(Method.java:616)
> 	at
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> 	at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1005639669.invoke(InvocationContextInterceptor_z_fillMethod_1005639669.java)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> 	at
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1005639669.invoke(InvocationContextInterceptor_z_setup_1005639669.java)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> 	at
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> 	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
> 	... 48 more
> Caused by: java.lang.NullPointerException
> 	at org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:833)
> 	... 81 more
> 2013-01-09 15:07:58,789 DEBUG
> [org.ejbca.core.protocol.ocsp.TransactionLogger] (http-0.0.0.0-8080-1)
> 1eaace887f0001014af5b94b122010d9;1;0;0"10.163.14.49";"0";"0";0;"2013-01-09:09:37:58:GMT";348;1;0;0;0;0;0;0;0;"C=IN,O=National
> Informatics Centre,OU=Sub-CA,CN=NIC sub-CA for NIC
> 2011";0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a;fa800f1cfc73a4c7699013aeef3c10adaaaf1984;1.3.14.3.2.26;6001bed296181fee341d;0
> 1eaace887f0001014af5b94b122010d9;1;2;0"10.163.14.49";"0";"0";0;"2013-01-09:09:37:58:GMT";348;1;0;0;0;0;0;0;0;"C=IN,O=National
> Informatics Centre,OU=Sub-CA,CN=NIC sub-CA for NIC
> 2011";0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a;fa800f1cfc73a4c7699013aeef3c10adaaaf1984;1.3.14.3.2.26;6001bed296181fee341d;0
>
> This is the full error messaage throws in the server.log while running the
>
> OCSP request from the client machine using the openssl OCSP client command
>
> $ openssl ocsp -issuer NICsub-CA_for_NIC_2011.cer -cert spk.cer -url
> http://<ip address>/ejbca/publicweb/status/ocsp -respout resp.der
> -no_cert_verify
>
> Error querying OCSP responsder
>
> But while using CAs with certificates issued by ejbca is working properly
> responding.
>
> Please find the issue where I am doing wrong. because here Iam facing this
> issue for the past 3 weeks.
>
>
>
>
> Tomas Gustavsson wrote:
>>
>>
>> You have to provide more of the error. Not possible to say anything from
>> the short snippet you provide. Also versions are of course neede din
>> order to say anything
>>
>> Cheers,
>> Tomas
>> PrimeKey Solutions offers commercial EJBCA and SignServer support
>> subscriptions and training courses. Please see www.primekey.se or
>> contact in...@pr... for more information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>> **********
>> PrimeKey Solutions AB
>> Anderstorpsvägen 16, 171 54 Solna, Sweden
>> Mob: +46 (0)707421096
>> Internet: www.primekey.se
>> Twitter: twitter.com/primekeyPKI
>> **********
>>
>> On 01/09/2013 11:09 AM, M.G.R wrote:
>>>
>>> while requesting for validating the certificate issued by external CA
>>> using
>>> openssl OCSP client shows the following error in the OCSP server side
>>>
>>> ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
>>> Error processing OCSP request. Message: java.lang.RuntimeException:
>>> java.lang.NullPointerException.
>>>
>>> &
>>>
>>> Shows the following error in the client side
>>>
>>> Error querying OCSP responsder
>>>
>>> is there any way to trace the problem. please help me.
>>>
>>>
>>> Thanks in advance.
>>>
>>
>> ------------------------------------------------------------------------------
>> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
>> and much more. Keep your Java skills current with LearnJavaNow -
>> 200+ hours of step-by-step video tutorials by Java experts.
>> SALE $49.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122612
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>>
>

Re: [Ejbca-develop] Error in the OCSP Responder

[Juan C. <ju...@re...>]

You are a lucky guy!. Yesterday I spent 2 hour reading the installation
Instructions and in 1 hour I got the OCSP working in the first attempt
(weird on systems world!)

I wrote down all the steeps to replicate the installation in other
environment. Here are the steps done (assuming you have done the Jboss and
EJBCA installation property) :

ON OCSP NODE 1 and 2
===================

1- DB Creation

mysql> create database ejbca;
mysql> create user ejbca;
mysql> grant all on ejbca.* to 'ejbca'@'%' identified by 'ejbca';
mysql> grant all on ejbca.* to 'ejbca'@'localhost' identified by 'ejbca';
mysql> flush privileges;

2- Edit Properties files

$ cd
$ mkdir -p ejbca-custom/conf
$ cp ejbca/conf/ejbca.properties.sample ejbca-custom/conf/ejbca.properties
$ vi ejbca-custom/conf/ejbca.properties

appserver.home=/home/jboss/jboss
ejbca.productionmode=ocsp

$ cp ejbca/conf/database.properties.sample
ejbca-custom/conf/database.properties
$ vi ejbca-custom/conf/database.properties

datasource.jndi-name=EjbcaDS
database.name=mysql
database.url=jdbc:mysql://localhost:3306/ejbca
database.driver=com.mysql.jdbc.Driver
database.username=ejbca
database.password=ejbca

$ cp ejbca/conf/ocsp.properties.sample ejbca-custom/conf/ocsp.properties
$ vi ejbca-custom/conf/ocsp.properties

ocsp.defaultresponder=CN=ocsp.example.com,L=Buenos Aires,C=AR
ocsp.restrictsignatures=true
ocsp.restrictsignaturesbymethod=issuer
ocsp.signtrustdir=/home/jboss/ejbca/cas
ocsp.signtrustvalidtime=1800
ocsp.keys.dir=/home/jboss/ejbca/keys
ocsp.keys.storePassword=ejbca
ocsp.keys.keyPassword=ejbca

$ mkdir /home/jboss/ejbca/keys
$ mkdir /home/jboss/ejbca/cas


$ cp ejbca/conf/web.properties.sample ejbca-custom/conf/web.properties
$ vi ejbca-custom/conf/web.properties

httpsserver.hostname=ocsp.buenosaires.gob.ar
httpsserver.dn=CN=${httpsserver.hostname},L=Buenos Aires,C=AR


3- Create cert for OCSP
a) Create a User Profile (OCSP)
   - From Admin CA Web Console
   - Go Edit End Entity Profiles
   - Write OCSP in Add Profile edit box and press Add
   - Select the OCSP from the list and press Edit End Entity Profile
   - Select OCSPSIGNER  on Default Certificate Profile
   - In Available Certificate Profiles choose OCSPSIGNER
   - In Available CAs select what you want
   - In Default Token seleccionar P12 file (I will use soft tokens)
   - In Available Tokens seleccionar p12, jks y pem
   - Save
b) Create a user with this new profile
   - From Admin CA Web Console
   - Go Add End Entity
   - Select OCSP as End Entity
   - username: ocsp
   - password: ejbca
   - CN: ocsp.example.com
   - Certificate Profile: OCSPSIGNER
   - Token P12 file
   - Add
c) Generate the cert
   - From Public CA's web
   - Create Browser Certificate
   - login ocsp/ejbca
   - Select 2048bits for key lenght
   - P12 as token
   - Gen cert

4- Install the cert in OCSP
   - Copy the generated cert in  /home/jboss/ejbca/keys
   - Copy CA cert (PEM format) in /home/jboss/ejbca/cas

5- Build
$ cd
$ cd ejbca
$ ant bootstarp
# service jboss start
$ ant install
# service jboss stop
$ ant va-deploy
# service jboss start

IN THE CA
=========

1- Config VA-PUBLISHER

$ cp ejbca/conf/va-publisher.properties.sample
ejbca-custom/conf/va-publisher.properties
$ vi ejbca-custom/conf/va-publisher.properties

ocsp-datasource.jndi-name=OcspDS
ocsp-database.url=jdbc:mysql://ocsp1.example.com:3306/ejbca
ocsp-database.driver=com.mysql.jdbc.Driver
ocsp-database.username=ejbca
ocsp-database.password=ejbca


2- Deploy changes

$ ant deploy

(If you have more than 1 OCSP)

$ cp $JBOSS_HOME/server/default/deploy/ocsp-ds.xml
$JBOSS_HOME/server/default/deploy/ocsp2-ds.xml
$ vi $JBOSS_HOME/server/default/deploy/ocsp2-ds.xml

<jndi-name>Ocsp2DS</jndi-name>
      <connection-url>jdbc:mysql://ocsp2.example.com:3306/ejbca
</connection-url>
Agragado del DS para el OCSP-2


3- Create Publisher
In the CA you should add as many publisher as OCSP responders you have

- From Admin CA Web Console
- Go to Edit Publishers
- Enter name OCSPX (where X is the OCSP number) and press Add
- Select the publisher and press Edit Publisher
- Select Publisher Type as Validation Authority Publisher
- Select "No direct publishing, only use queue", "Use queue for CRLs", "Use
queue for certificates"
- Save

4- Attach the publisher with the profiles
- From Admin CA Web Console
- Edit Certificate Profile
- Select your profile
- Press Edit
- In Publishers Seleccionar  Select  OCSPX (all X)
- Save

5- Create/Modify Publishing Service
- From Admin CA Web Console
- Go Edit Services
- Enter name Re-Publisher
- Press Add
- Select Republisher and press Edit
- Select Publish Queue Process Service
- Select all queues
- Period: 2 minutes
- Check Active
- Save

DB Migration baseline
================
On CA DB node
# mysqldump  -p --compress ejbca CertificateData > CertificateData.dat
# mysqldump  -p --compress ejbca CRLData > CRLData.dat

# cat CertificateData.dat | mysql -h ocsp1 -u ejbca -b ejbca -p
# cat CRLData.dat | mysql -h ocsp1 -u ejbca -b ejbca -p



TEST
====
I tested with this command

$ openssl ocsp -url
http://ocsp1.example.com:8080/ejbca/publicweb/status/ocsp -issuer
CA.cacert.pem -cert user.pem




2013/1/9 M.G.R <mg....@ni...>

>
> while requesting for validating the certificate issued by external CA using
> openssl OCSP client shows the following error in the OCSP server side
>
> ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
> Error processing OCSP request. Message: java.lang.RuntimeException:
> java.lang.NullPointerException.
>
> &
>
> Shows the following error in the client side
>
> Error querying OCSP responsder
>
> is there any way to trace the problem. please help me.
>
>
> Thanks in advance.
>
> --
> View this message in context:
> http://old.nabble.com/Error-in-the-OCSP-Responder-tp34877232p34877232.html
> Sent from the EjbCA - Dev mailing list archive at Nabble.com.
>
>
>
> ------------------------------------------------------------------------------
> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
> and much more. Keep your Java skills current with LearnJavaNow -
> 200+ hours of step-by-step video tutorials by Java experts.
> SALE $49.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122612
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>



-- 



Juan Caracoche | Business Developer
jua...@re...
Mobile: +54.911.4198.8941
www.redb.ee

Re: [Ejbca-develop] Error in the OCSP Responder

[M.G.R <mg....@ni...>]

Server OS :  Ubuntu 12.04 (64 bit)
ejbca version :  ejbca_4_0_10
Jboss server version:  jboss-5.1.0.GA
ExternalCA imported :  NICsub-CA_for_NIC_2011.cer
Issued certificate :  spk.cer

2013-01-09 15:07:58,539 INFO  [org.ejbca.ui.web.protocol.OCSPServletBase]
(http-0.0.0.0-8080-1) Received OCSP request for certificate with serNo:
6001bed296181fee341d, and issuerNameHash:
0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a. Client ip 10.163.14.49.
2013-01-09 15:07:58,574 INFO  [org.ejbca.ui.web.protocol.OCSPServletBase]
(http-0.0.0.0-8080-1) Adding status information (good) for certificate with
serial '6001bed296181fee341d' from issuer 'C=IN,O=National Informatics
Centre,OU=Sub-CA,CN=NIC sub-CA for NIC 2011'.
2013-01-09 15:07:58,577 INFO  [STDOUT] (http-0.0.0.0-8080-1) #############
Inside OCSPResponseItem ###############
2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1) 1.Admin:UNKNOWN
2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
2.caid:589037259
2013-01-09 15:07:58,580 INFO  [STDOUT] (http-0.0.0.0-8080-1)
3.OCSPCAServiceRequest:org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest@4bc63fc3
2013-01-09 15:07:58,581 INFO  [STDOUT] (http-0.0.0.0-8080-1) 4:Proxy to
jboss.j2ee:ear=ejbca.ear,jar=ejbca-ejb.jar,name=CAAdminSessionBean,service=EJB3
implementing [interface org.ejbca.core.ejb.ca.caadmin.CAAdminSessionLocal]
2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
1.caSession:UNKNOWN
2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
2.caSession:589037259
2013-01-09 15:07:58,607 INFO  [STDOUT] (http-0.0.0.0-8080-1)
2.caSession:org.ejbca.core.model.ca.caadmin.extendedcaservices.OCSPCAServiceRequest@4bc63fc3
2013-01-09 15:07:58,614 WARN 
[org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
InterceptorRegistry should be used via the bean container
2013-01-09 15:07:58,615 WARN 
[org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
InterceptorRegistry should be used via the bean container
2013-01-09 15:07:58,621 WARN 
[org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
InterceptorRegistry should be used via the bean container
2013-01-09 15:07:58,621 WARN 
[org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
InterceptorRegistry should be used via the bean container
2013-01-09 15:07:58,626 WARN 
[org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
InterceptorRegistry should be used via the bean container
2013-01-09 15:07:58,626 WARN 
[org.jboss.ejb3.interceptors.aop.InterceptorsFactory] (http-0.0.0.0-8080-1)
EJBTHREE-1246: Do not use InterceptorsFactory with a ManagedObjectAdvisor,
InterceptorRegistry should be used via the bean container
2013-01-09 15:07:58,757 INFO  [STDOUT] (http-0.0.0.0-8080-1) CA
:org.ejbca.core.model.ca.caadmin.X509CA@1436fde2
2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1)
getExtendedCAService Inside ..............1
2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) returnval
Inside ..............null
2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) returnval
Inside ..............null
2013-01-09 15:07:58,758 INFO  [STDOUT] (http-0.0.0.0-8080-1) daata Inside
..............{extendedcaservices=[], numberofreqapprovals=1,
catoken={catokentype=3, sequence=00000, signaturealgorithm=SHA1WithRSA,
sequenceformat=1, classpath=org.ejbca.core.model.ca.catoken.NullCAToken,
version=7.0},
certificatechain=[MIIEmjCCA4KgAwIBAgIKFCkm0v8UQ5s4+TANBgkqhkiG9w0BAQsFADCByDELMAkG
A1UEBhMCSU4xJDAiBgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEd
MBsGA1UECxMUQ2VydGlmeWluZyBBdXRob3JpdHkxDzANBgNVBBETBjExMDAwMzEO
MAwGA1UECBMFRGVsaGkxHjAcBgNVBAkTFUxvZGhpIFJvYWQsIE5ldyBEZWxoaTEd
MBsGA1UEMwwUQS1CbG9jaywgQ0dPIENvbXBsZXgxFDASBgNVBAMTC05JQyBDQSAy
MDExMB4XDTExMDQwMTA2MDkxNVoXDTE2MDMxMDA2MDkxNVowZjELMAkGA1UEBhMC
SU4xJDAiBgNVBAoTG05hdGlvbmFsIEluZm9ybWF0aWNzIENlbnRyZTEPMA0GA1UE
CxMGU3ViLUNBMSAwHgYDVQQDExdOSUMgc3ViLUNBIGZvciBOSUMgMjAxMTCCASIw
DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALTjDqBFmifF+I8Xb9HyrmG0bk8I
LaUEr4RMCNDNER1rZTAmab9I7kFHGCNjKD5SmtXLDFnDkKV1gp96Fk6hmZ8CVQ5C
dRyO616qvd3TZLN8/Xm0Cl3cBwuTv8XU9nwf4hoyRDQXQK8Psq0zmS2fuRse0q3W
TmrRi7Ck2C9zD9eCBjoO0QebgcQ+VXYv1c0ORO0+gD1CRb5j+0GLmb0mK98Wb+R9
3zs7LOV4qIMMEhO4K92+0zomlpHni0blLvCGRd1fAyo5teb9Gw8BaV20vfzubVC5
0NLAEeRa1dSBkkfiPVGavZpXuqLFmIHJCTVODspQvmcUP2rdDPuvkAhdshcCAwEA
AaOB5jCB4zASBgNVHRMBAf8ECDAGAQH/AgEAMB0GA1UdDgQWBBT6gA8c/HOkx2mQ
E67vPBCtqq8ZhDATBgNVHSMEDDAKgAhOVU+us9+hZjAOBgNVHQ8BAf8EBAMCAQYw
EgYDVR0gBAswCTAHBgVggmRkAjBCBggrBgEFBQcBAQQ2MDQwMgYIKwYBBQUHMAKG
Jmh0dHA6Ly9uaWNjYS5uaWMuaW4vY2VydC9jZXJ0XzI3OTIuY2VyMDEGA1UdHwQq
MCgwJqAkoCKGIGh0dHA6Ly9uaWNjYS5uaWMuaW4vY3JsXzI3OTIuY3JsMA0GCSqG
SIb3DQEBCwUAA4IBAQC8K4nthWVPqbXsP5VeeIjiwZ5Plvy+1Cbo3wbzjPYhtCRo
yOoO/qPyKZ3zNLZaWSz7wPGGBq5niiQaINTJ0+fBBD0unAlG0ZpSvEFqrenjcfKI
ApKfNT6qdg6om+oFMudVrhgWyYqFCM2op2qRcIPHRH7BrX3xT2Ns2+NKc/nIt3L1
NxDQm0arvRTYmMjOXEL4fUasxBlWKJR1HvtsnUb2wrXwEEl0/XJiGeg1SHXa/kN/
J8eQ359O/ULeXUNcfqtjkSjRW9vGUcwTMP1knyNYRbXKoWCuLv2uvx2gOzh9YwAP
DH3JdZGe5lDqC+IyA/pYhh5y5jhCKfvH5MabaR7d],
useprintablestringsubjectdn=false, policies=[], defaultcrldistpoint=,
version=19.0, catype=1, useCertreqHistory=true, validity=0,
description=B64:Q0EgY3JlYXRlZCBieSBjZXJ0aWZpY2F0ZSBpbXBvcnQu, expiretime=Thu
Mar 10 11:39:15 IST 2016, deltacrlperiod=0, useCertificateStorage=true,
subjectaltname=null, useldapdnorder=true, usecrlnumber=false,
finishuser=false, doEnforceUniqueSubjectDNSerialnumber=false, crlperiod=0,
signedby=2, doEnforceUniqueDistinguishedName=true,
authoritykeyidentifiercritical=false, revokationreason=-1,
doEnforceUniquePublicKeys=true, crlnumbercritical=false,
cadefinedfreshestcrl=, defaultocspservicelocator=,
useauthoritykeyidentifier=false, crldistributionpointoncrlcritical=false,
useUserStorage=true, cmpraauthsecret=null, approvalsettings=[],
certificateprofileid=2, defaultcrlissuer=, includeinhealthcheck=false,
useutf8policytext=false, crlIssueInterval=0,
usecrldistributionpointoncrl=false, crlOverlapTime=36000000,
crlpublishers=[]}
2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1)
EXTENDEDCASERVICE+type:extendedcaservice1
2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1) 1111:null
2013-01-09 15:07:58,759 INFO  [STDOUT] (http-0.0.0.0-8080-1) Exception
Inside ..............null
2013-01-09 15:07:58,759 ERROR [STDERR] (http-0.0.0.0-8080-1)
java.lang.NullPointerException
2013-01-09 15:07:58,760 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:833)
2013-01-09 15:07:58,760 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:753)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.extendedService(CAAdminSessionBean.java:2380)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
java.lang.reflect.Method.invoke(Method.java:616)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
sun.reflect.GeneratedMethodAccessor338.invoke(Unknown Source)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
java.lang.reflect.Method.invoke(Method.java:616)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1005639669.invoke(InvocationContextInterceptor_z_fillMethod_1005639669.java)
2013-01-09 15:07:58,761 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1005639669.invoke(InvocationContextInterceptor_z_setup_1005639669.java)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,762 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
2013-01-09 15:07:58,763 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
$Proxy499.extendedService(Unknown Source)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.ejbca.ui.web.protocol.OCSPServlet.extendedService(OCSPServlet.java:60)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:223)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:905)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:375)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
2013-01-09 15:07:58,764 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
2013-01-09 15:07:58,765 ERROR [STDERR] (http-0.0.0.0-8080-1) 	at
java.lang.Thread.run(Thread.java:679)
2013-01-09 15:07:58,785 ERROR [org.ejbca.ui.web.protocol.OCSPServletBase]
(http-0.0.0.0-8080-1) Error processing OCSP request. Message:
java.lang.RuntimeException: java.lang.NullPointerException.
javax.ejb.EJBException: java.lang.RuntimeException:
java.lang.NullPointerException
	at
org.jboss.ejb3.tx.Ejb3TxPolicy.handleExceptionInOurTx(Ejb3TxPolicy.java:77)
	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:83)
	at
org.jboss.aspects.tx.TxInterceptor$Required.invoke(TxInterceptor.java:190)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.ENCPropagationInterceptor.invoke(ENCPropagationInterceptor.java:41)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.BlockContainerShutdownInterceptor.invoke(BlockContainerShutdownInterceptor.java:67)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.aspects.currentinvocation.CurrentInvocationInterceptor.invoke(CurrentInvocationInterceptor.java:67)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:176)
	at
org.jboss.ejb3.session.SessionSpecContainer.invoke(SessionSpecContainer.java:216)
	at
org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:207)
	at
org.jboss.ejb3.proxy.impl.handler.session.SessionProxyInvocationHandlerBase.invoke(SessionProxyInvocationHandlerBase.java:164)
	at $Proxy499.extendedService(Unknown Source)
	at
org.ejbca.ui.web.protocol.OCSPServlet.extendedService(OCSPServlet.java:60)
	at
org.ejbca.ui.web.protocol.OCSPServletBase.signOCSPResponse(OCSPServletBase.java:223)
	at
org.ejbca.ui.web.protocol.OCSPServletBase.serviceOCSP(OCSPServletBase.java:905)
	at
org.ejbca.ui.web.protocol.OCSPServletBase.doPost(OCSPServletBase.java:375)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:637)
	at javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at
org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
	at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
	at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
	at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:235)
	at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
	at
org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.java:190)
	at
org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:433)
	at
org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:92)
	at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.process(SecurityContextEstablishmentValve.java:126)
	at
org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:70)
	at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
	at
org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:102)
	at
org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158)
	at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
	at
org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:330)
	at
org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:829)
	at
org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:598)
	at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
	at java.lang.Thread.run(Thread.java:679)
Caused by: java.lang.RuntimeException: java.lang.NullPointerException
	at org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:856)
	at org.ejbca.core.model.ca.caadmin.CA.extendedService(CA.java:753)
	at
org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.extendedService(CAAdminSessionBean.java:2380)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
	at
org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
	at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
	at
org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
	at sun.reflect.GeneratedMethodAccessor338.invoke(Unknown Source)
	at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.lang.reflect.Method.invoke(Method.java:616)
	at
org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
	at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_1005639669.invoke(InvocationContextInterceptor_z_fillMethod_1005639669.java)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
	at
org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_1005639669.invoke(InvocationContextInterceptor_z_setup_1005639669.java)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at
org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
	at
org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at org.jboss.aspects.tx.TxPolicy.invokeInOurTx(TxPolicy.java:79)
	... 48 more
Caused by: java.lang.NullPointerException
	at org.ejbca.core.model.ca.caadmin.CA.getExtendedCAService(CA.java:833)
	... 81 more
2013-01-09 15:07:58,789 DEBUG
[org.ejbca.core.protocol.ocsp.TransactionLogger] (http-0.0.0.0-8080-1)
1eaace887f0001014af5b94b122010d9;1;0;0"10.163.14.49";"0";"0";0;"2013-01-09:09:37:58:GMT";348;1;0;0;0;0;0;0;0;"C=IN,O=National
Informatics Centre,OU=Sub-CA,CN=NIC sub-CA for NIC
2011";0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a;fa800f1cfc73a4c7699013aeef3c10adaaaf1984;1.3.14.3.2.26;6001bed296181fee341d;0
1eaace887f0001014af5b94b122010d9;1;2;0"10.163.14.49";"0";"0";0;"2013-01-09:09:37:58:GMT";348;1;0;0;0;0;0;0;0;"C=IN,O=National
Informatics Centre,OU=Sub-CA,CN=NIC sub-CA for NIC
2011";0c7558aee8c0ae3da9d64337ffb572a33f8b9f8a;fa800f1cfc73a4c7699013aeef3c10adaaaf1984;1.3.14.3.2.26;6001bed296181fee341d;0

This is the full error messaage throws in the server.log while running the

OCSP request from the client machine using the openssl OCSP client command

$ openssl ocsp -issuer NICsub-CA_for_NIC_2011.cer -cert spk.cer -url
http://<ip address>/ejbca/publicweb/status/ocsp -respout resp.der
-no_cert_verify

Error querying OCSP responsder

But while using CAs with certificates issued by ejbca is working properly
responding.

Please find the issue where I am doing wrong. because here Iam facing this
issue for the past 3 weeks.




Tomas Gustavsson wrote:
> 
> 
> You have to provide more of the error. Not possible to say anything from 
> the short snippet you provide. Also versions are of course neede din 
> order to say anything
> 
> Cheers,
> Tomas
> PrimeKey Solutions offers commercial EJBCA and SignServer support 
> subscriptions and training courses. Please see www.primekey.se or 
> contact in...@pr... for more information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
> 
> **********
> PrimeKey Solutions AB
> Anderstorpsvägen 16, 171 54 Solna, Sweden
> Mob: +46 (0)707421096
> Internet: www.primekey.se
> Twitter: twitter.com/primekeyPKI
> **********
> 
> On 01/09/2013 11:09 AM, M.G.R wrote:
>>
>> while requesting for validating the certificate issued by external CA
>> using
>> openssl OCSP client shows the following error in the OCSP server side
>>
>> ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
>> Error processing OCSP request. Message: java.lang.RuntimeException:
>> java.lang.NullPointerException.
>>
>> &
>>
>> Shows the following error in the client side
>>
>> Error querying OCSP responsder
>>
>> is there any way to trace the problem. please help me.
>>
>>
>> Thanks in advance.
>>
> 
> ------------------------------------------------------------------------------
> Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
> and much more. Keep your Java skills current with LearnJavaNow -
> 200+ hours of step-by-step video tutorials by Java experts.
> SALE $49.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122612 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 

-- 
View this message in context: http://old.nabble.com/Error-in-the-OCSP-Responder-tp34877232p34877566.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Error in the OCSP Responder

[Tomas G. <to...@pr...>]

You have to provide more of the error. Not possible to say anything from 
the short snippet you provide. Also versions are of course neede din 
order to say anything

Cheers,
Tomas
PrimeKey Solutions offers commercial EJBCA and SignServer support 
subscriptions and training courses. Please see www.primekey.se or 
contact in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

**********
PrimeKey Solutions AB
Anderstorpsvägen 16, 171 54 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********

On 01/09/2013 11:09 AM, M.G.R wrote:
>
> while requesting for validating the certificate issued by external CA using
> openssl OCSP client shows the following error in the OCSP server side
>
> ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
> Error processing OCSP request. Message: java.lang.RuntimeException:
> java.lang.NullPointerException.
>
> &
>
> Shows the following error in the client side
>
> Error querying OCSP responsder
>
> is there any way to trace the problem. please help me.
>
>
> Thanks in advance.
>

[Ejbca-develop] Error in the OCSP Responder

[M.G.R <mg....@ni...>]

while requesting for validating the certificate issued by external CA using
openssl OCSP client shows the following error in the OCSP server side 

ERROR [org.ejbca.ui.web.protocol.OCSPServletBase] (http-0.0.0.0-8080-1)
Error processing OCSP request. Message: java.lang.RuntimeException:
java.lang.NullPointerException.

&

Shows the following error in the client side

Error querying OCSP responsder

is there any way to trace the problem. please help me.


Thanks in advance.

-- 
View this message in context: http://old.nabble.com/Error-in-the-OCSP-Responder-tp34877232p34877232.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Hardware and database experiences

[ejbca-support <ejb...@pr...>]

On 2013-01-07 16:27, Herman Vega wrote:
> Hello guys,
> 
> We are building our CA, and we are planning to purchase hardware, so I need to know 
> about your experience using hardware (servers and HSM) with EJBCA, and what
> database to store signed records.

Herman, the documentation shows what combinations of OSes, HSMs, and DBs
EJBCA supports.


> I appreciate your comments and experience.

Don't get me wrong, but for mission-critical CA deployments, PrimeKey offer
professional services that not only deals with HSM and DB issues, but also
cover failover, JBoss/OS hardening, CPSes and QA of the entire installation.

Cheers,
Anders
tech support


> 
> Regards,
> 
> -- 
> Herman  Vega  Jara
> hvegax[a]gmail.com <http://gmail.com>
> 
> 
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 

[Ejbca-develop] How to activate the CAs ?

[M.G.R <mg....@ni...>]

How to activate the CAs which is import through Edit Certificate Authorities
of ejbca GUI ?

I have tried out with the Activate CA’s of ejbca GUI but it shows  Message:
NICsub-CA_for_NIC_2011: 	CA Activation Successful. 
in the display of ejbca GUI but its not updating the database. 
So the certificate/certificates issued by the Externally imported CA's was
not able to validate using the OCSP Responder.

can any one tell me where I am stucking ?..

Thank in advance,



-- 
View this message in context: http://old.nabble.com/How-to-activate-the-CAs---tp34876733p34876733.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Hardware and database experiences

[Tomas G. <to...@pr...>]

EJBCA works fine with most HSMs on the market.
http://www.ejbca.org/adminguide.html#Hardware%20Security%20Modules%20%28HSM%29

If you need more detailed advice for your specific project, I'm sure 
PrimeKey can help you.
http://www.ejbca.org/contact.html

Cheers,
Tomas


**********
PrimeKey Solutions AB
Anderstorpsvägen 16, 171 54 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********

On 01/07/2013 04:27 PM, Herman Vega wrote:
> Hello guys,
>
> We are building our CA, and we are planning to purchase hardware, so I
> need to know about your experience using hardware (servers and HSM) with
> EJBCA, and what database to store signed records.
>
> I appreciate your comments and experience.
>
> Regards,
>
> --
> Herman  Vega  Jara
> hvegax[a]gmail.com <http://gmail.com>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] Deployment error in OCSP Service

[Juan C. <ju...@re...>]

I faced a similar problem today. I started again from scratch and it works.

- Stop Jboss
- ant clean
- drop db
- create db
- ant bootstrap
- Start Jboss
- ant install
- Stop Jboss
- ant va-deploy (in my case)
- Start Jboss

Juan


2013/1/7 ejbca-support <ejb...@pr...>

> On 2013-01-07 14:14, M.G.R wrote:
> >
> > Hi Anders ,
> >
> > I can able to unzip the ejbca.ear file with unzip tool. But I can't able
> to
> > fix the problem. Is there any solution for this issue.
>
> I think you have to debug this a bit.  It could be an access right issue
> as well.
>
> Anders
>
> >
> >
> >
> >
> > M.G.R wrote:
> >>
> >> while deploying the OCSP service using
> >> $ ant ocsp-deploy
> >>
> >> This show the given below error in the Jboss server.log
> >>
> >> DEPLOYMENTS IN ERROR:
> >>   Deployment
> >> "vfszip:/home/otc/ejbca/downloads/
> jboss-5.1.0.GA/server/default/deploy/ejbca.ear/"
> >> is in error due to the following reason(s): java.util.zip.ZipException:
> >> error in opening zip file
> >>
> >> Please tell me how to solve this issue.
> >>
> >
>
>
>
> ------------------------------------------------------------------------------
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>



-- 



Juan Caracoche | Business Developer
jua...@re...
Mobile: +54.911.4198.8941
www.redb.ee

[Ejbca-develop] Hardware and database experiences

[Herman V. <hv...@gm...>]

Hello guys,

We are building our CA, and we are planning to purchase hardware, so I need
to know about your experience using hardware (servers and HSM) with EJBCA,
and what database to store signed records.

I appreciate your comments and experience.

Regards,

-- 
Herman  Vega  Jara
hvegax[a]gmail.com

Re: [Ejbca-develop] Deployment error in OCSP Service

[ejbca-support <ejb...@pr...>]

On 2013-01-07 14:14, M.G.R wrote:
> 
> Hi Anders ,
> 
> I can able to unzip the ejbca.ear file with unzip tool. But I can't able to
> fix the problem. Is there any solution for this issue.

I think you have to debug this a bit.  It could be an access right issue
as well.

Anders

> 
> 
> 
> 
> M.G.R wrote:
>>
>> while deploying the OCSP service using
>> $ ant ocsp-deploy
>>
>> This show the given below error in the Jboss server.log 
>>
>> DEPLOYMENTS IN ERROR:
>>   Deployment
>> "vfszip:/home/otc/ejbca/downloads/jboss-5.1.0.GA/server/default/deploy/ejbca.ear/"
>> is in error due to the following reason(s): java.util.zip.ZipException:
>> error in opening zip file
>>
>> Please tell me how to solve this issue.
>>
> 

Re: [Ejbca-develop] Subject Alternative Name extension using the otherName type

[Herman V. <hv...@gm...>]

Andres,

On Mon, Jan 7, 2013 at 10:11 AM, ejbca-support <ejb...@pr...>wrote:

> If you need dynamic SAN fields currently your only option is creating a
> custom extension decoder.  The docs show how to do that.
>
> If you want, PrimeKey could probably introduce a dynamic facility.
> Then you need to write to sa...@pr....
>
>
Thanks, we are working in your two options,

Regards,



>  Cheers,
> Anders
> tech support
>



-- 
Herman  Vega  Jara
hvegax[a]gmail.com

Re: [Ejbca-develop] Deployment error in OCSP Service

[M.G.R <mg....@ni...>]

Hi Anders ,

I can able to unzip the ejbca.ear file with unzip tool. But I can't able to
fix the problem. Is there any solution for this issue.




M.G.R wrote:
> 
> while deploying the OCSP service using
> $ ant ocsp-deploy
> 
> This show the given below error in the Jboss server.log 
> 
> DEPLOYMENTS IN ERROR:
>   Deployment
> "vfszip:/home/otc/ejbca/downloads/jboss-5.1.0.GA/server/default/deploy/ejbca.ear/"
> is in error due to the following reason(s): java.util.zip.ZipException:
> error in opening zip file
> 
> Please tell me how to solve this issue.
> 

-- 
View this message in context: http://old.nabble.com/Deployment-error-in-OCSP-Service-tp34858660p34867928.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.