Re: [Ejbca-develop] Error when publishing to Publisher, fingerprint: CRL.

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

No, It happens when I try to republish my CA certificate.

On Mon, Nov 25, 2013 at 3:55 PM, Tomas Gustavsson <to...@pr...> wrote:

>
> This seems to happen when you try to create a CRL is it not?
>
>
> On 11/25/2013 01:46 PM, eilaf sorkatti wrote:
> > Hi,
> >
> > Thanks for reply, Here is my ldap server log:
> >
> >
> >  >>> dnPrettyNormal: <CN=testCA,o=test,c=SW>
> > <<< dnPrettyNormal: <cn=testCA,o=test,c=SW>, <cn=testca,o=test,c=sw>
> > ==>backsql_add("cn=testCA,o=test,c=SW")
> > oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> > "applicationProcess"
> > oc_check_required entry (cn=testCA,o=test,c=SW), objectClass
> > "certificationAuthority-V2"
> > Entry (cn=testCA,o=test,c=SW): object class 'certificationAuthority-V2'
> > requires attribute 'cACertificate'
> >     backsql_add("cn=testCA,o=test,c=SW"): entry failed schema check --
> > aborting
> > send_ldap_result: conn=5305 op=1 p=3
> > send_ldap_response: msgid=1918 tag=105 err=65
> > ber_flush2: 90 bytes to sd 14
> > <==backsql_add("cn=testCA,o=test,c=SW"): 65 "object class
> > 'certificationAuthority-V2' requires attribute 'cACertificate'"
> > daemon: activity on 1 descriptor
> > daemon: activity on: 14r
> > daemon: read active on 14
> > daemon: epoll: listen=7 active_threads=0 tvp=NULL
> > daemon: epoll: listen=8 active_threads=0 tvp=NULL
> > connection_get(14): got connid=5305
> > connection_read(14): checking for input on id=5305
> > ber_get_next
> > ber_get_next: tag 0x30 len 6 contents:
> > op tag 0x42, time 1385394025
> > ber_get_next
> > ber_get_next on fd 14 failed errno=0 (Success)
> > connection_read(14): input error=-2 id=5305, closing.
> > connection_closing: readying conn=5305 sd=14 for close
> > connection_close: deferring conn=5305 sd=14
> > daemon: activity on 1 descriptor
> > conn=5305 op=2 do_unbind
> > daemon: activity on:
> > daemon: epoll: listen=7 active_threads=0 tvp=NULL
> > daemon: epoll: listen=8 active_threads=0 tvp=NULL
> > connection_resched: attempting closing conn=5305 sd=14
> > connection_close: conn=5305 sd=14
> > daemon: removing 14
> >
> >
> > And this is my JBOSS Log:
> >
> >
> > Caused by: org.ejbca.core.model.ca.publisher.PublisherException: LDAP
> > ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP
> > (top;applicationProcess;certificationAuthority-V2) for DN
> > (CN=testCA,o=test,c=SW). Message: Object Class Violation.
> >      at
> >
> org.ejbca.core.model.ca.publisher.LdapPublisher.storeCRL(LdapPublisher.java:546)
> >      at
> >
> org.ejbca.core.ejb.ca.publisher.PublisherQueueSessionBean.storeCRLNonTransactional(PublisherQueueSessionBean.java:376)
> >      at sun.reflect.GeneratedMethodAccessor353.invoke(Unknown Source)
> >      at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >      at java.lang.reflect.Method.invoke(Method.java:616)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
> >      at
> >
> org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
> >      at
> >
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
> >      at
> >
> org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
> >      at sun.reflect.GeneratedMethodAccessor302.invoke(Unknown Source)
> >      at
> >
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >      at java.lang.reflect.Method.invoke(Method.java:616)
> >      at
> >
> org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> >      at
> >
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
> >      at
> >
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_646506557.invoke(InvocationContextInterceptor_z_fillMethod_646506557.java)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> >      at
> >
> org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
> >      at
> >
> org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_646506557.invoke(InvocationContextInterceptor_z_setup_646506557.java)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> >      at
> >
> org.jboss.ejb3.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionInterceptor.java:62)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> >      at
> >
> org.jboss.ejb3.entity.TransactionScopedEntityManagerInterceptor.invoke(TransactionScopedEntityManagerInterceptor.java:56)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> >      at
> >
> org.jboss.ejb3.AllowedOperationsInterceptor.invoke(AllowedOperationsInterceptor.java:47)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> >      at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> >      at
> >
> org.jboss.ejb3.stateless.StatelessInstanceInterceptor.invoke(StatelessInstanceInterceptor.java:68)
> >      at
> >
> org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
> >      at org.jboss.aspects.tx.TxPolicy.invokeInNoTx(TxPolicy.java:66)
> >      at
> >
> org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:92)
> >      ... 230 more
> >
> >
> > On Mon, Nov 25, 2013 at 12:07 PM, Branko Majic <br...@ma...
> > <mailto:br...@ma...>> wrote:
> >
> >     Once again - you should set-up logging for OpenLDAP (preferably set
> it
> >     so that you can get information about queries sent against the
> server),
> >     and have a look at what the logs say regarding schema violations. The
> >     logs will explicitly list what's violating the schema.
> >
> >     One thing that comes to my mind is that perhaps you forgot to
> republish
> >     the CA when you assigned the publisher to it (iirc, the CRL updates
> >     will not create the entry in LDAP). Then again, seeing that you get
> >     schema violations, it might be more probable it's the reason I posted
> >     in one of the first posts.
> >
> >     Once again - set-up the logging for OpenLDAP. It will help you in the
> >     long run with any issues you have with it.
> >
> >     Best regards
> >
> >     On Mon, 25 Nov 2013 09:04:27 +0300
> >     eilaf sorkatti <eil...@gm...
> >     <mailto:eil...@gm...>> wrote:
> >
> >      > Yes, I read about this simliar problem before, and I setup the
> >     publisher
> >      > before creating the CA. but still I get same problem.
> >      >
> >      >
> >      > On Sun, Nov 24, 2013 at 11:14 AM, Yousif Johny
> >     <yoh...@gm... <mailto:yoh...@gm...>> wrote:
> >      >
> >      > > As Branko said, if possible check OpenLDAP's Log File as well
> >     for further
> >      > > details concerning the error and post it along your reply. That
> >     may shed
> >      > > some light upon LDAP related issues.
> >      > >
> >      > > I thought maube I should add this, and even though I had never
> >     experienced
> >      > > that error before, but I recall from another user who came
> >     along a similar
> >      > > problem that he got it resolved by having to set up the
> >     Publisher before
> >      > > creating the CA for EJBCA to be able to store Certificates and
> >     CRLs to LDAP
> >      > > directories. If that happens to be the case, this may hint on
> >     the source of
> >      > > the error as well, which is more probably an issue on rather
> >     EJBCA's side,
> >      > > not OpenLDAP.
> >      > >
> >      > > Yousif Hussin
> >      > > National Information Center
> >      > > NIC Sudan
> >      > > On Nov 20, 2013 2:10 PM, "eilaf sorkatti"
> >     <eil...@gm... <mailto:eil...@gm...>> wrote:
> >      > >
> >      > >> Hi,
> >      > >>
> >      > >>
> >      > >> When I trying publish CA certificate to ldap the following
> >     error appear
> >      > >> in jboss log:
> >      > >>
> >      > >>  Too large comment for LogEntry was truncated. The full
> >     comment was:
> >      > >> Error when publishing to Publisher, fingerprint: CRL.,
> >     Exception: LDAP
> >      > >> ERROR: Error storing CRL (certificateRevocationList;binary) in
> >     LDAP
> >      > >> (top;applicationProcess;certificationAuthority) for DN
> >      > >> (CN=testCA1,O=TR,C=SW). Message: Object Class Violation.
> >      > >>
> >      > >>
> >      > >> I can publish user certificates successfully but i have
> >     problems with CA
> >      > >> certificate publishing.
> >      > >>
> >      > >>
> >      > >>
> >
> >     --
> >     Branko Majic
> >     Jabber: br...@ma... <mailto:br...@ma...>
> >     Please use only Free formats when sending attachments to me.
> >
> >     Бранко Мајић
> >     Џабер: br...@ma... <mailto:br...@ma...>
> >     Молим вас да додатке шаљете искључиво у слободним форматима.
> >
> >
> ------------------------------------------------------------------------------
> >     Shape the Mobile Experience: Free Subscription
> >     Software experts and developers: Be at the forefront of tech
> innovation.
> >     Intel(R) Software Adrenaline delivers strategic insight and
> >     game-changing
> >     conversations that shape the rapidly evolving mobile landscape. Sign
> >     up now.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> >     _______________________________________________
> >     Ejbca-develop mailing list
> >     Ejb...@li...
> >     <mailto:Ejb...@li...>
> >     https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
> >
> >
> >
> > --
> > Eilaf Hamad Elnil Mugbil
> > University Of Khartoum
> > School Of Mathematical science
> >
> >
> >
> ------------------------------------------------------------------------------
> > Shape the Mobile Experience: Free Subscription
> > Software experts and developers: Be at the forefront of tech innovation.
> > Intel(R) Software Adrenaline delivers strategic insight and game-changing
> > conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> >
> >
> >
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejb...@li...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
> ------------------------------------------------------------------------------
> Shape the Mobile Experience: Free Subscription
> Software experts and developers: Be at the forefront of tech innovation.
> Intel(R) Software Adrenaline delivers strategic insight and game-changing
> conversations that shape the rapidly evolving mobile landscape. Sign up
> now.
> http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

-- 
Eilaf Hamad Elnil Mugbil
University Of Khartoum
School Of Mathematical science