Menu
▾
▴
Re: [Ejbca-develop] Problem migrating EJBCA
|
From: Tomas G. <to...@pr...> - 2013-04-16 23:40:43
|
An impressive demonstration of java skills! You were probably using the default keystore password. So the other, even simpler option, would have been to look in the file conf/ejbca.properties, where is is configured :-) If you require non-configured passwords in the future you can use CA passwords that are not configured in any file, so you have to activate your CAs manually with a password if you restart JBoss. I hope you will consider contributing to EJBCA in the future, people with debugging skills are always needed :-) Cheers, Tomas On 04/17/2013 12:46 AM, Duarte Silva wrote: > I was able to recover the CA keystore password > > I downloaded the source code for EJBCA version 3.8.0 and after grep'ing around > I found the function loadKeystore(..., String keystorepass) in the class > SoftCAToken. > > Then I decided to import the code into Eclipse, start JBoss in debug mode with > the Eclipse debugger attached, a breakpoint in that function and bam, instant > password recovery!! > > In the end the password itself would be easly cracked by a brute-force attack, > but the way I did it as so much more style eheheh :P > > Best regards, > Duarte Silva > > > On Tuesday 16 April 2013 08:41:00 Tomas Gustavsson wrote: >> There are always alternatives... >> >> I think you have many options depending on how much you know about >> databases, or java programming etc. And how much time/money you want to >> spend. >> >> If you want to migrate to another database: >> >> You can write a program to export database contents and import into >> another database. You can find HSQLDB tools (don't know if there is >> any?) to SQL dump the database contents to import into another database. >> Or you can export the CAs and individual certificates to file (of not >> too many) and import it all in a new installation using the EJBCA CLI. >> >> PrimeKey has some tools for the common criteria certified version of >> EJBCA, EJBCA 5, that can be used to migrate between databases. >> >> Cheers, >> Tomas >> >> On 04/15/2013 09:28 PM, Duarte Silva wrote: >>> Hi David, >>> >>> the answer I was afraid of, specially because the older version >>> installation is using a HSQLDB. There aren't any passwords defined in the >>> config files and it's been a long time, I don't even remember what I have >>> hate yesterday :| >>> >>> Is there an alternative way of exporting every CA and bulk export the >>> entities to then re-import them in the new installation? >>> >>> >>> Best regards, >>> Duarte Silva >>> >>> On Monday 15 April 2013 14:51:00 David CARELLA wrote: >>>> Hi Duarte, >>>> >>>> You can see the documentation in EJBCA_HOME/doc/RELEASE_NOTES and >>>> UPGRADE for information about upgrading from an earlier version of EJBCA. >>>> >>>> To upgrade from 3.8.0, you will need to upgrade from 3.8.0 to 3.11.x, >>>> then from 3.11.x to 4.0.14. >>>> >>>> Cheers, >>>> David Carella >>>> >>>> On 04/15/2013 01:48 PM, Duarte Silva wrote: >>>>> Hi all, >>>>> >>>>> I have been using EJBCA since 2008, it is a old version (3.8.0) and at >>>>> the >>>>> time the way the installation was done, wasn't the smartest. Now I'm >>>>> trying to migrate the old system to the new version of EJBCA. >>>>> >>>>> I have installed the new version in a proper manner (with an actual >>>>> database and so on) in a different machine and I'm now trying to migrate >>>>> the CA's and Entities to the newly created system. >>>>> >>>>> Whats the best approach to do this migration? >>>>> >>>>> Thanks in advance, >>>>> Duarte Silva >>>>> >>>>> ------------------------------------------------------------------------ >>>>> -- >>>>> ---- Precog is a next-generation analytics platform capable of advanced >>>>> analytics on semi-structured data. The platform includes APIs for >>>>> building apps and a phenomenal toolset for data science. Developers can >>>>> use our toolset for easy data analysis & visualization. Get a free >>>>> account! http://www2.precog.com/precogplatform/slashdotnewsletter >>>>> _______________________________________________ >>>>> Ejbca-develop mailing list >>>>> Ejb...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >>> -------------------------------------------------------------------------- >>> ---- Precog is a next-generation analytics platform capable of advanced >>> analytics on semi-structured data. The platform includes APIs for >>> building apps and a phenomenal toolset for data science. Developers can >>> use our toolset for easy data analysis & visualization. Get a free >>> account! http://www2.precog.com/precogplatform/slashdotnewsletter >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> ---------------------------------------------------------------------------- >> -- Precog is a next-generation analytics platform capable of advanced >> analytics on semi-structured data. The platform includes APIs for building >> apps and a phenomenal toolset for data science. Developers can use our >> toolset for easy data analysis & visualization. Get a free account! >> http://www2.precog.com/precogplatform/slashdotnewsletter >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
