[Ejbca-develop] EJBCA 6.1.1 connectivity from client java application

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello, dears

I have successfuly installed EJBCA 6.1.1, JBoss 7.1.1.Final, openjdk 6,
Oracle 9.2.0.5, ojdbc6.jar, on Ubuntu Linux ("13.04, Raring Ringtail"). No
any deployment and
installation mistakes for this software combination. I have successfully
created all profiles , add entuty and I have issued my first
SSL-certificate and write one to USB HSM with eToken Client. So, I have
full-functional EJBCA 6.1.1 at present.
I have a custom java-application which uses eToken authentication and this
java-application worked fine with previous version of EJBCA and I need to
organize connectivity between this java-application and EJBCA. There is a
parameter for EJBCA URL in java-application config file and I pointed out
this parameter to "https://10.62.2.88:8443/ejbca".
Java-application uses jdk cacerts and I imported issued certificate with CA
certificate of EJBCA to cacerts but no connection yet.
Checking connectivity to EJBCA by curl utility also gives negative result:

CA-certificate in PEM-format:

[oracle@duo ~]$ curl -v "https://10.62.2.88:8443/ejbca" -E
/home/oracle/CSR_EJBCA_duo2/certs_x509/duo.cer --key
/home/oracle/CSR_EJBCA_duo2/duo/duo.teka.kz.key --pass

welcome123 --cacert /home/oracle/BTAIpotekaCA.cacert.pem
* About to connect() to 10.62.2.88 port 8443
*   Trying 10.62.2.88... * connected
* Connected to 10.62.2.88 (10.62.2.88) port 8443
* successfully set certificate verify locations:
*   CAfile: /home/oracle/BTAIpotekaCA.cacert.pem
  CApath: none
* SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed

CA-certificate in BASE-64 format:

[oracle@duo ~]$  curl -v "https://10.62.2.88:8443/ejbca" -E
/home/oracle/CSR_EJBCA_duo2/certs_x509/duo.cer --key
/home/oracle/CSR_EJBCA_duo2/duo/duo.teka.kz.key --pass

welcome123 --cacert /home/oracle/BTAIpotekaCA.cacert-base64.cer --sslv3
--trace-ascii /tmp/curl.log
curl: (60) SSL certificate problem, verify that the CA cert is OK. Details:
error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify
failed
More details here: http://curl.haxx.se/docs/sslcerts.html

EJBCA console log contains no records to understand why no connectivity to
EJBCA.
Could you please to help to find out which URL must be used to connect to
EJBCA for authentication ?  If "https://10.62.2.88:8443/ejbca" is correct
what's the reason
of trouble with EJBCA connection ?

thank you, Timur.