Re: [Ejbca-develop] Port and certificate

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

This worked perfectly. Thank you for your help!

-jeremy

> On Tuesday, Aug 09, 2022 at 5:57 AM, Tomas Gustavsson <Tom...@ke... (mailto:Tom...@ke...)> wrote:
> Hi,
>
> The alias is configured as part of the TLS configuration commands. It ends up in standalone.xml, which you can edit by hand. The keystore configuration in there points to an actual entry in the TLS keystores. So you just have to update standalone.xml to use the alias of the keystore you deployed.
>
> I hope that helped, let us know if you need more details.
>
> Cheers,
> Tomas
>
> From: Jeremy Hansen via Ejbca-develop <ejb...@li...>
> Sent: Tuesday, August 9, 2022 4:27 AM
> To: Gregory Edigarov via Ejbca-develop <ejb...@li...>
> Cc: Jeremy Hansen <je...@sk...>
> Subject: Re: [Ejbca-develop] Port and certificate
>
>
> CAUTION: External Sender - Be cautious when clicking links or opening attachments. Please email In...@ke... with any questions.
>
> Here’s some logs:
>
> 2022-08-08 19:22:23,773 INFO [org.jboss.as.patching] (MSC service thread 1-7) WFLYPAT0050: WildFly Full cumulative patch ID is: base, one-off patches include: none
> 2022-08-08 19:22:23,798 WARN [org.jboss.as.domain.management.security] (MSC service thread 1-2) WFLYDM0111: Keystore /usr/share/wildfly/standalone/configuration/application.keystore not found, it will be auto generated on first use with a self signed certificate for host localhost
> 2022-08-08 19:22:23,808 ERROR [org.jboss.msc.service.fail] (MSC service thread 1-1) MSC000001: Failed to start service org.wildfly.core.management.security.realm.SSLRealm.key-manager: org.jboss.msc.service.StartException in service org.wildfly.core.management.security.realm.SSLRealm.key-manager: Failed to start service
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1731)
> at org.jboss.msc.service.ServiceControllerImpl$ControllerTask.run(ServiceControllerImpl.java:1559)
> at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
> at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
> at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1363)
> at java.lang.Thread.run(Thread.java:750)
> Caused by: java.lang.IllegalStateException: org.jboss.msc.service.StartException in anonymous service: WFLYDM0085: The alias specified 'localhost' does not exist in the KeyStore, valid aliases are {ca.la1.blah.com}
> at org.jboss.as.domain.management.security.FileKeyManagerService.loadKeyStore(FileKeyManagerService.java:179)
> at org.jboss.as.domain.management.security.AbstractKeyManagerService.createKeyManagers(AbstractKeyManagerService.java:128)
> at org.jboss.as.domain.management.security.AbstractKeyManagerService.start(AbstractKeyManagerService.java:93)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.startService(ServiceControllerImpl.java:1739)
> at org.jboss.msc.service.ServiceControllerImpl$StartTask.execute(ServiceControllerImpl.java:1701)
> ... 6 more
> Caused by: org.jboss.msc.service.StartException in anonymous service: WFLYDM0085: The alias specified 'localhost' does not exist in the KeyStore, valid aliases are {ca.la1.blah.com}
> at org.jboss.as.domain.management.security.FileKeystore.load(FileKeystore.java:140)
> at org.jboss.as.domain.management.security.FileKeyManagerService.loadKeyStore(FileKeyManagerService.java:175)
> ... 10 more
>
>
> I’m following the docs here:
>
> https://doc.primekey.com/ejbca790/ejbca-operations/ejbca-operations-guide/ca-operations-guide/end-entities/ssl-certificate-expiration (https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdoc.primekey.com%2Fejbca790%2Fejbca-operations%2Fejbca-operations-guide%2Fca-operations-guide%2Fend-entities%2Fssl-certificate-expiration&data=05%7C01%7Ctomas.gustavsson%40keyfactor.com%7Cad17bcc7889a4be80b8e08da79aecc90%7Cc9ed4b459f70418aaa58f04c80848ca9%7C0%7C0%7C637956089539233054%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000%7C%7C%7C&sdata=2WOi5dRkD3xw4k1Pa6yI7uXdLUPIHzoJEIS%2F%2FVQLhhs%3D&reserved=0)
>
> I’m actually trying to change it from localhost to ca.la1.blah.com.
>
> I’ve updated web.properties. DId the renew-keystore and deploy-keystore, but reguardless, it comes up with this error as if localhost is still defined somewhere.
>
> Thanks
> -jeremy
>
>
>
>
> > On Monday, Aug 08, 2022 at 5:27 PM, Jeremy Hansen <je...@sk... (mailto:je...@sk...)> wrote:
> > What’s the graceful way to update the port and the certificate for the EjbCA interface? Right now I’m using Wildfly 10.1.0 and Ejbca CE 7.5.0-Snapshot Community. I’d like to put it in on standard 443 instead of 8443.
> >
> > Thanks
> > -jeremy
> >
> >
> >