Menu
▾
▴
Re: [Ejbca-develop] Superadmin renewal problem
|
From: Tomas G. <to...@pr...> - 2016-01-20 16:07:20
|
https://www.ejbca.org/docs/userguide.html#Renewing%20Superadmin Regards, Tomas Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. https://www.primekey.se/technologies/products-overview/ https://www.primekey.se/service-support/support/ On 2016-01-20 16:19, Randy Yu wrote: > I don’t believe you can renew the admin CA via batch. If I’m missing > something please let me know. Has anyone run into this problem before, > or is there a way to sign new superadmin users with other CA’s even > though I am unable to access the superadmin UI currently? > > > > > > *From:*Ralf Hornik [mailto:rh...@hc...] > *Sent:* November-06-15 3:10 PM > *To:* ejb...@li... > *Subject:* Re: [Ejbca-develop] Superadmin renewal problem > > > > Cant you renew the Admin CA via batch? > > Von meinem Windows Phone gesendet > > ------------------------------------------------------------------------ > > *Von: *Randy Yu <mailto:yu...@ec...> > *Gesendet: *06.11.2015 18:00 > *An: *ejb...@li... > <mailto:ejb...@li...> > *Betreff: *Re: [Ejbca-develop] Superadmin renewal problem > > Apologize for bumping this message. Has anyone else encountered this > combination before? Thanks. > > > > *From:*Randy Yu [mailto:yu...@ec...] > *Sent:* November-02-15 9:30 AM > *To:* ejb...@li... > <mailto:ejb...@li...> > *Subject:* [Ejbca-develop] Superadmin renewal problem > > > > Looking for help on a superadmin renewal issue in EJBCA 4.0.16. > > > > The initial EJBCA CA created in our EJBCA instance is expired, and was > the CA used to sign the superadmin user. The superadmin user key is > also expired so I no longer can gain access to the administration > section of EJBCA web interface. Trying to reset the superadmin password > results in the following stack trace. Would the expired self signed CA > be the reason for this, and does re-gaining access to the administration > section require generating a new self signed CA? Thanks in advance for > any input. > > > > An error happened, setting status to FAILED. > > javax.ejb.EJBException: Signing CA CN=someCA,O=some,C=US is not active. > > at > org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:420) > > at > org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:214) > > at > org.ejbca.core.ejb.ca.sign.RSASignSessionBean.createCertificate(RSASignSessionBean.java:232) > > at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) > > at > sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:597) > > at > org.jboss.aop.joinpoint.MethodInvocation.invokeTarget(MethodInvocation.java:122) > > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:111) > > at > org.jboss.ejb3.EJBContainerInvocationWrapper.invokeNext(EJBContainerInvocationWrapper.java:69) > > at > org.jboss.ejb3.interceptors.aop.InterceptorSequencer.invoke(InterceptorSequencer.java:73) > > at > org.jboss.ejb3.interceptors.aop.InterceptorSequencer.aroundInvoke(InterceptorSequencer.java:59) > > at sun.reflect.GeneratedMethodAccessor377.invoke(Unknown Source) > > at > sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25) > > at java.lang.reflect.Method.invoke(Method.java:597) > > at > org.jboss.aop.advice.PerJoinpointAdvice.invoke(PerJoinpointAdvice.java:174) > > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > > at > org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.fillMethod(InvocationContextInterceptor.java:72) > > at > org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_fillMethod_7578460.invoke(InvocationContextInterceptor_z_fillMethod_7578460.java) > > at > org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102) > > at > org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor.setup(InvocationContextInterceptor.java:88) > > at > org.jboss.aop.advice.org.jboss.ejb3.interceptors.aop.InvocationContextInterceptor_z_setup_7578460.invoke(InvocationContex > > > > So it’s stating the self signed CA is offline. But if I try to either > activate or deactivate the self signed CA from command line, it doesn’t > work. > > > > [root@server]# ./ejbca.sh ca activateca someCA > > Enter authorization code: > > > > CA or CAToken must be offline to be activated. > > > > [root@server]# ./ejbca.sh ca deactivateca someCA > > CA or CAToken must be active to be put offline. > > > > > > ------------------------------------------------------------------------------ > Site24x7 APM Insight: Get Deep Visibility into Application Performance > APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month > Monitor end-to-end web transactions and take corrective actions now > Troubleshoot faster and improve end-user experience. Signup Now! > http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
