Menu
▾
▴
Re: [Ejbca-develop] EJBCA stacktraces when trying to import large CRL
|
From: Tomas G. <to...@pr...> - 2019-06-28 13:40:40
|
bin/ejbca.sh ca importcrl --help Cheers, Tomas On 2019-06-28 15:37, ohaya--- via Ejbca-develop wrote: > I think I found the command: > > [root@ejbca bin]# ./ejbca.sh ca getcrl --help > > GETCRL EJBCA CLI Commands Manual GETCRL > > NAME > getcrl - Retrieves a CRL from a CA. Either the latest CRL or a CRL with > a specified CRL number. > > SYNOPSIS > getcrl <CA_NAME> <FILE_NAME> [OPTIONAL PARAMETERS] > getcrl --caname <CA_NAME> -f <FILE_NAME> [OPTIONAL PARAMETERS] > > DESCRIPTION > Retrieves a CRL from a CA. Either the latest CRL or a CRL with a > specified CRL number. > > PARAMETERS > Mandatory parameters: > --caname <CA_NAME> (Switch is not required) > The CA to get the CRL for. > -f <FILE_NAME> (Switch is not required) > The file to export to. > > Optional parameters: > --clipassword <CLI_PASSWORD> > Set the password explicitely in the command line with > --clipassword=<password> > --verbose > Set this value for verbose output of parameter values. > -crlnumber <CRL_NUMBER> > Get CRL with the specified CRL number, instead of the latest. Used to read > historical CRLs. > -delta > Fetch the latest delta CRL. Default is regular CRL. > -p <User will be prompted, input will not be shown> > Set this flag to be prompted for the username password > -pem > Use PEM encoding. Default is DER encoding. > -u <CLI_USERNAME> > Username for the CLI user, if required. > > > I am going to try it now... > > Jim > > > On Friday, June 28, 2019, 9:01:03 AM EDT, <oh...@ya...> wrote: > > > You will DEFINITELY be missed! > > If you have time before you go, can you point me to how to use the CLI > to import the CRL? > > Thanks, > Jim > > > On Friday, June 28, 2019, 8:30:17 AM EDT, Tomas Gustavsson > <to...@pr...> wrote: > > > > I don't. Looks like the security filter (OWASP CSRFGuard) has a built in > size limit for uploads. As you are using the Web UI for this, you may > try the CLI instead as that does not go via the web interface. > > Cheers, > Tomas > > PS: I will be away on vacation after today and will not be active in > this list for a couple of weeks now. > > On 2019-06-28 14:24, ohaya--- via Ejbca-develop wrote: >> Does anyone have any solution to this problem? >> >> Thanks, >> Jim >> >> >> On Thursday, June 27, 2019, 3:12:35 PM EDT, <oh...@ya... > <mailto:oh...@ya...>> wrote: >> >> >> Hi, >> >> I tried changing the <http-listener> in the standalone.xml to: >> >> <https-listener name="httpspub" socket-binding="httpspub" >> max-post-size="100000000" max-parameters="2048" ssl-context="httpspub"/> >> <https-listener name="httpspriv" socket-binding="httpspriv" >> max-post-size="100000000" max-parameters="2048" ssl-context="httpspriv"/> >> >> and now when I try to import the CRL, I get: >> >> 14:53:10,355 ERROR [io.undertow.request] (default task-1) UT005023: >> Exception handling request to /ejbca/adminweb/ca/cafunctions.jsp: >> java.lang.IllegalArgumentException: byte limit exceeded: -58 >> at >> > org.owasp.csrfguard.MultipartFormData.decrementLimit(MultipartFormData.java:1339) >> at >> > org.owasp.csrfguard.MultipartFormData.readData(MultipartFormData.java:1305) >> at >> > org.owasp.csrfguard.MultipartFormData.readPart(MultipartFormData.java:1145) >> >> >> On Thursday, June 27, 2019, 2:25:39 PM EDT, <oh...@ya... > <mailto:oh...@ya...>> wrote: >> >> >> Hi, >> >> I am trying to import a somewhat large (> 70MB) CRL into EJBCA, and when >> I try that it is throwing an exception and outputting the following >> stacktrace: >> >> 14:17:41,407 ERROR [stderr] (default task-1) >> io.undertow.server.RequestTooBigException: UT000020: Connection >> terminated as request was larger than 10485760 >> 14:17:41,408 ERROR [stderr] (default task-1) at >> > io.undertow.conduits.FixedLengthStreamSourceConduit.checkMaxSize(FixedLengthStreamSourceConduit.java:168) >> 14:17:41,408 ERROR >> >> How can I import this CRL into EJBCA? >> >> Thanks, >> Jim > >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... > <mailto:Ejb...@li...> >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
