Menu
▾
▴
Re: [Ejbca-develop] CA token is off-line, Please activate the token before continuing when using PKCS#11
|
From: Tomas G. <to...@pr...> - 2013-10-21 15:05:29
|
What CA token parameters do you have? Usually there will be more logging, enable debug, that will show you what is going on.
Luc Pallavidino <luc...@gm...> wrote:
>Hello,
>
>I want to use an HSM to create a CA. When I create it with the
>admin-GUI i
>have this error :
>
>"CA token is off-line, Please activate the token before continuing"
>
>But, when I use the CLI to generate a new key, It works fine :
>
>./ejbcaClientToolBox.sh PKCS11HSMKeyTool generate
>/usr/local/lib/libhsm.so
>2048 defaultkey 0
>
>I don't understand why I can't create a new CA with the HSM. Can you
>help
>me please ?
>
>This is my log :
>
>[#|2013-10-19T19:31:52.905+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.905
>[httpSSLWorkerThread-8443-1] DEBUG org.ejbca.util.keystore.KeyTools -
>{SLOT_ID=0, PKCS11_NATIVE_MODULE=/usr/local/lib/libcryptosec.so}
>|#]
>
>[#|2013-10-19T19:31:52.905+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.905
>[httpSSLWorkerThread-8443-1] INFO org.ejbca.util.keystore.KeyTools -
>Using
>SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11
>|#]
>
>[#|2013-10-19T19:31:52.906+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.906
>[httpSSLWorkerThread-8443-1] ERROR org.ejbca.util.keystore.KeyTools -
>Error
>constructing pkcs11 provider: null
>|#]
>
>[#|2013-10-19T19:31:52.908+0200|INFO|sun-appserver2.1|javax.enterprise.system.stream.out|_ThreadID=38;_ThreadName=httpSSLWorkerThread-8443-1;|19:31:52.908
>[httpSSLWorkerThread-8443-1] ERROR o.e.c.m.c.c.CATokenContainerImpl -
>Error
>contructing CA Token (setting to null):
>org.ejbca.core.model.ca.catoken.CATokenOfflineException: Erreur pendant
>la
>cr?ation d'un token d'AC.
>at org.ejbca.util.keystore.P11Slot.getInstance(P11Slot.java:192)
>~[ejbca-util.jar:na]
>at org.ejbca.util.keystore.P11Slot.getInstance(P11Slot.java:146)
>~[ejbca-util.jar:na]
>at
>org.ejbca.core.model.ca.catoken.PKCS11CAToken.init(PKCS11CAToken.java:132)
>~[ejbca-util.jar:na]
>at
>org.ejbca.core.model.ca.catoken.CATokenContainerImpl.getCAToken(CATokenContainerImpl.java:987)
>[ejbca-util.jar:na]
>at
>org.ejbca.core.model.ca.catoken.CATokenContainerImpl.activate(CATokenContainerImpl.java:300)
>[ejbca-util.jar:na]
>at
>org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCA(CAAdminSessionBean.java:249)
>[ejbca-ejb_jar/:na]
>at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>~[na:1.6.0_26]
>at
>sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>~[na:1.6.0_26]
>at
>sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>~[na:1.6.0_26]
>at java.lang.reflect.Method.invoke(Method.java:597) ~[na:1.6.0_26]
>at
>com.sun.enterprise.security.application.EJBSecurityManager.runMethod(EJBSecurityManager.java:1011)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.security.SecurityUtil.invoke(SecurityUtil.java:175)
>[appserv-rt.jar:9.1]
>at
>com.sun.ejb.containers.BaseContainer.invokeTargetBeanMethod(BaseContainer.java:2929)
>[appserv-rt.jar:9.1]
>at
>com.sun.ejb.containers.BaseContainer.intercept(BaseContainer.java:4020)
>[appserv-rt.jar:9.1]
>at
>com.sun.ejb.containers.EJBLocalObjectInvocationHandler.invoke(EJBLocalObjectInvocationHandler.java:197)
>[appserv-rt.jar:9.1]
>at
>com.sun.ejb.containers.EJBLocalObjectInvocationHandlerDelegate.invoke(EJBLocalObjectInvocationHandlerDelegate.java:83)
>[appserv-rt.jar:9.1]
>at $Proxy63.createCA(Unknown Source) [na:na]
>at
>org.ejbca.ui.web.admin.cainterface.CADataHandler.createCA(CADataHandler.java:119)
>[classes/:na]
>at org.apache.jsp.ca.editcas.editcas_jsp._jspService(editcas_jsp.java
>from
>:871) [na:na]
>at org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:109)
>[appserv-rt.jar:9.1]
>at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
>[javaee.jar:9.1]
>at
>org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:389)
>[appserv-rt.jar:9.1]
>at
>org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:486)
>[appserv-rt.jar:9.1]
>at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:380)
>[appserv-rt.jar:9.1]
>at javax.servlet.http.HttpServlet.service(HttpServlet.java:847)
>[javaee.jar:9.1]
>at
>org.apache.catalina.core.ApplicationFilterChain.servletService(ApplicationFilterChain.java:427)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:333)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
>[appserv-rt.jar:9.1]
>at
>org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:103)
>[classes/:na]
>at
>org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:246)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:214)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:313)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardContextValve.invokeInternal(StandardContextValve.java:287)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:218)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
>[appserv-rt.jar:9.1]
>at com.sun.enterprise.web.WebPipeline.invoke(WebPipeline.java:94)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.PESessionLockingStandardPipeline.invoke(PESessionLockingStandardPipeline.java:98)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:222)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:166)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:648)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardPipeline.doInvoke(StandardPipeline.java:593)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.StandardPipeline.invoke(StandardPipeline.java:587)
>[appserv-rt.jar:9.1]
>at
>org.apache.catalina.core.ContainerBase.invoke(ContainerBase.java:1093)
>[appserv-rt.jar:9.1]
>at
>org.apache.coyote.tomcat5.CoyoteAdapter.service(CoyoteAdapter.java:291)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.invokeAdapter(DefaultProcessorTask.java:666)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.doProcess(DefaultProcessorTask.java:597)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.connector.grizzly.DefaultProcessorTask.process(DefaultProcessorTask.java:872)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.connector.grizzly.DefaultReadTask.executeProcessorTask(DefaultReadTask.java:341)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.process(SSLReadTask.java:444)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.connector.grizzly.ssl.SSLReadTask.doTask(SSLReadTask.java:230)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.connector.grizzly.TaskBase.run(TaskBase.java:264)
>[appserv-rt.jar:9.1]
>at
>com.sun.enterprise.web.connector.grizzly.ssl.SSLWorkerThread.run(SSLWorkerThread.java:106)
>[appserv-rt.jar:9.1]
>|#]
>
>
>--
>
>Pallavidino Luc Tél. : +33-6-8070-3133
> Mail :
>luc...@gm... <pal...@ho...>
>Ingénieur en monétique et sécurité des systèmes
>
>
>------------------------------------------------------------------------
>
>------------------------------------------------------------------------------
>October Webinars: Code for Performance
>Free Intel webinars can help you accelerate application performance.
>Explore tips for MPI, OpenMP, advanced profiling, and more. Get the
>most from
>the latest Intel processors and coprocessors. See abstracts and
>register >
>http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
>
>------------------------------------------------------------------------
>
>_______________________________________________
>Ejbca-develop mailing list
>Ejb...@li...
>https://lists.sourceforge.net/lists/listinfo/ejbca-develop
--
PrimeKey Solutions AB
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
Mob: +46 (0)707421096 |
