Menu
▾
▴
Re: [Ejbca-develop] Superadmin renewal problem
|
From: Randy Yu <yu...@ec...> - 2016-01-20 15:53:55
|
I don’t believe you can renew the admin CA via batch. If I’m missing something please let me know. Has anyone run into this problem before, or is there a way to sign new superadmin users with other CA’s even though I am unable to access the superadmin UI currently?
From: Ralf Hornik [mailto:rh...@hc...]
Sent: November-06-15 3:10 PM
To: ejb...@li...
Subject: Re: [Ejbca-develop] Superadmin renewal problem
Cant you renew the Admin CA via batch?
Von meinem Windows Phone gesendet
________________________________
Von: Randy Yu<mailto:yu...@ec...>
Gesendet: 06.11.2015 18:00
An: ejb...@li...<mailto:ejb...@li...>
Betreff: Re: [Ejbca-develop] Superadmin renewal problem
Apologize for bumping this message. Has anyone else encountered this combination before? Thanks.
From: Randy Yu [mailto:yu...@ec...]
Sent: November-02-15 9:30 AM
To: ejb...@li...<mailto:ejb...@li...>
Subject: [Ejbca-develop] Superadmin renewal problem
Looking for help on a superadmin renewal issue in EJBCA 4.0.16.
The initial EJBCA CA created in our EJBCA instance is expired, and was the CA used to sign the superadmin user. The superadmin user key is also expired so I no longer can gain access to the administration section of EJBCA web interface. Trying to reset the superadmin password results in the following stack trace. Would the expired self signed CA be the reason for this, and does re-gaining access to the administration section require generating a new self signed CA? Thanks in advance for any input.
An error happened, setting status to FAILED.
javax.ejb.EJBException: Signing CA CN=someCA,O=some,C=US is not active.
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:420)
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:214)
at org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:232)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111)
at org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73)
at org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59)
at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_7578460.invoke(InvocationContextInterceptor_z_fillMethod_7578460.java)
at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
at org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88)
at org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_7578460.invoke(InvocationContex
So it’s stating the self signed CA is offline. But if I try to either activate or deactivate the self signed CA from command line, it doesn’t work.
[root@server]# ./ejbca.sh ca activateca someCA
Enter authorization code:
CA or CAToken must be offline to be activated.
[root@server]# ./ejbca.sh ca deactivateca someCA
CA or CAToken must be active to be put offline.
|
