Menu
▾
▴
[Ejbca-develop] CA token is off-line, Please activate the token before continuing when using PKCS#11
|
From: Luc P. <luc...@gm...> - 2013-10-19 18:00:08
|
Hello,
I want to use an HSM to create a CA. When I create it with the admin-GUI i
have this error :
"CA token is off-line, Please activate the token before continuing"
But, when I use the CLI to generate a new key, It works fine :
./ejbcaClientToolBox.sh PKCS11HSMKeyTool generate /usr/local/lib/libhsm.so
2048 defaultkey 0
I don't understand why I can't create a new CA with the HSM. Can you help
me please ?
This is my log :
[#|2013-10-19T19:31:52.905+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.905
[httpSSLWorkerThread-8443-1] DEBUG org.ejbca.util.keystore.KeyTools -
{SLOT_ID=0, PKCS11_NATIVE_MODULE=/usr/local/lib/libcryptosec.so}
|#]
[#|2013-10-19T19:31:52.905+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.905
[httpSSLWorkerThread-8443-1] INFO org.ejbca.util.keystore.KeyTools - Using
SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11
|#]
[#|2013-10-19T19:31:52.906+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.906
[httpSSLWorkerThread-8443-1] ERROR org.ejbca.util.keystore.KeyTools - Error
constructing pkcs11 provider: null
|#]
[#|2013-10-19T19:31:52.908+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.908
[httpSSLWorkerThread-8443-1] ERROR o.e.c.m.c.c.CATokenContainerImpl - Error
contructing CA Token (setting to null):
org.ejbca.core.model.ca.catoken.CATokenOfflineException: Erreur pendant la
cr?ation d'un token d'AC.
at org.ejbca.util.keystore.P11Slot.getInstance(P11Slot.java:192)
~[ejbca-util.jar:na]
at org.ejbca.util.keystore.P11Slot.getInstance(P11Slot.java:146)
~[ejbca-util.jar:na]
at
org.ejbca.core.model.ca.catoken.PKCS11CAToken.init(PKCS11CAToken.java:132)
~[ejbca-util.jar:na]
at
org.ejbca.core.model.ca.catoken.CATokenContainerImpl.getCAToken(CATokenContainerImpl.java:987)
[ejbca-util.jar:na]
at
org.ejbca.core.model.ca.catoken.CATokenContainerImpl.activate(CATokenContainerImpl.java:300)
[ejbca-util.jar:na]
at
org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCA(CAAdminSessionBean.java:249)
[ejbca-ejb_jar/:na]
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
~[na:1.6.0_26]
at
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
~[na:1.6.0_26]
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
~[na:1.6.0_26]
at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_26]
at
com.sun.enterprise.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1011)
[appserv-rt.jar:9.1]
at com.sun.enterprise.security.SecurityUtil.invoke(SecurityUtil.java:175)
[appserv-rt.jar:9.1]
at
com.sun.ejb.containers.BaseContainer.invokeTargetBeanMethod(BaseContainer.java:2929)
[appserv-rt.jar:9.1]
at com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4020)
[appserv-rt.jar:9.1]
at
com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:197)
[appserv-rt.jar:9.1]
at
com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:83)
[appserv-rt.jar:9.1]
at $Proxy63.createCA(Unknown Source) [na:na]
at
org.ejbca.ui.web.admin.cainterface.CADataHandler.createCA(CADataHandler.java:119)
[classes/:na]
at org.apache.jsp.ca.editcas.editcas_jsp._jspService(editcas_jsp.java from
:871) [na:na]
at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
[appserv-rt.jar:9.1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
[javaee.jar:9.1]
at
org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)
[appserv-rt.jar:9.1]
at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
[appserv-rt.jar:9.1]
at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
[appserv-rt.jar:9.1]
at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
[javaee.jar:9.1]
at
org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:333)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
[appserv-rt.jar:9.1]
at
org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:103)
[classes/:na]
at
org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:313)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
[appserv-rt.jar:9.1]
at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
[appserv-rt.jar:9.1]
at
com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
[appserv-rt.jar:9.1]
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
[appserv-rt.jar:9.1]
at
org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
[appserv-rt.jar:9.1]
at org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
[appserv-rt.jar:9.1]
at org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:291)
[appserv-rt.jar:9.1]
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:666)
[appserv-rt.jar:9.1]
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:597)
[appserv-rt.jar:9.1]
at
com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:872)
[appserv-rt.jar:9.1]
at
com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
[appserv-rt.jar:9.1]
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:444)
[appserv-rt.jar:9.1]
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:230)
[appserv-rt.jar:9.1]
at com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:264)
[appserv-rt.jar:9.1]
at
com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
[appserv-rt.jar:9.1]
|#]
--
Pallavidino Luc Tél. : +33-6-8070-3133
Mail :
luc...@gm... <pal...@ho...>
Ingénieur en monétique et sécurité des systèmes
|
