Menu
▾
▴
Re: [Ejbca-develop] Error request certificats on smartcards
|
From: ejbca-support <ejb...@pr...> - 2006-11-28 14:58:27
|
The problem was actually a Mozilla problem. Instead of using Mozilla I have added functionality that uses the NetID j= avascript API. This functionality will only be available if the NetID plugin is installe= d and working in the browser. You can still generate soft keys in Mozilla as before. This new functionality is available in EJBCA 3.4. See http://jira.primekey.se/browse/ECA-377 Cheers, Lars Ejbca support wrote: > No actually not. I will try as soon as I have the pkcs11 available. I=20 > know it's been used before though. >=20 > /Tomas >=20 >=20 > yannick quenechdu skrev: >> Tomas, >> >> I did not have time to examine for the moment. I have for the moment u= sed >> a sniffer on bus USB to analyze the dialogue with the smart card. It i= s to >> be noticed that the messages of initialization are erroneous. >> >> I try to understand well why the PKCS11 well is in error with this >> smartcard and/or reader. >> >> Did you try to make a request for certificate with a smartcard while u= sing >> only with the request page by default provided by EJBCA for Firefox ? >> >> Yannick >>> Interesting, so we must then figure out why Firefox does not work wit= h >>> the pkcs11... >>> >>> >>> /Tomas >>> >>> >>> yannick quenechdu skrev: >>>> Hi Thomas, >>>> >>>> >>>> >>>>> Hi Yannick, I can't seem to reproduce your error. I just tried with >>>>> Firefox 2.0. >>>>> Do you get the same problem when you are not using a smartcard? >>>>> (because >>>>> the enrollment message should be identical). >>>> The problem doesn't exist without smartcart. The enrollment process = is >>>> OK >>>> without smartcard. >>>> >>>>> Do you get any interesting error/debug logs in JBoss server.log whe= n >>>>> the >>>>> error occurs? >>>> No error in JBOSS. I analysed the process during this week-end. The >>>> problem do not provide from EJBCA. There is no request transmitted = to >>>> EJBCA >>>> >>>> It seems that the problem appears during process =93KEYGEN=94 in Fir= efox. I >>>> tested with the PKCS11 of Lars (netmaker) and with OpenSC under Linu= x, >>>> the >>>> problem is exactly the same. I use the Omineky reader and the smartc= ards >>>> provided by Primekey (I think is siemens product). yet, that functio= ns >>>> works very well with the CSP (Net ID) in IE. >>>> >>>> Best Regards >>>> Yannick >>>>> Regards, >>>>> Tomas >>>>> >>>>> >>>>> yannick quenec'hdu skrev: >>>>>> I thomas, >>>>>> >>>>>> I tested with 1.5.x and 2.0. >>>>>> >>>>>> Regards >>>>>> Yannick >>>>>>> Which version of firefox? 1.5.x? >>>>>>> >>>>>>> /Tomas >>>>>>> >>>>>>> >>>>>>> yannick quenechdu skrev: >>>>>>>> Hello, >>>>>>>> >>>>>>>> I try to make certificate request from Firefox with a smartcard,= but >>>>>>>> i >>>>>>>> obtain a error message : >>>>>>>> >>>>>>>> - EJBCA 3.3.1 >>>>>>>> - card (from primekey :) >>>>>>>> - firfox (Linux and windows) >>>>>>>> >>>>>>>> username: quenec >>>>>>>> parameter name and values: >>>>>>>> user: >>>>>>>> admin >>>>>>>> password: >>>>>>>> test >>>>>>>> keygen: >>>>>>>> 2048 (Haut grade) >>>>>>>> Exception: >>>>>>>> java.io.EOFException: EOF encountered in middle of object >>>>>>>> at org.bouncycastle.asn1.ASN1InputStream.readFully(Unknown Sourc= e) >>>>>>>> at org.bouncycastle.asn1.ASN1InputStream.readObject(Unknown Sour= ce) >>>>>>>> at >>>>>>>> org.ejbca.ui.web.RequestHelper.nsCertRequest(RequestHelper.java:= 113) >>>>>>>> at >>>>>>>> org.ejbca.ui.web.pub.CertReqServlet.doPost(CertReqServlet.java:2= 35) >>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:717) >>>>>>>> at javax.servlet.http.HttpServlet.service(HttpServlet.java:810) >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter= (ApplicationFilterChain.java:252) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(Applica= tionFilterChain.java:173) >>>>>>>> >>>>>>>> at >>>>>>>> org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHea= derFilter.java:96) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.internalDoFilter= (ApplicationFilterChain.java:202) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.core.ApplicationFilterChain.doFilter(Applica= tionFilterChain.java:173) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardWrapperValve.invoke(StandardWra= pperValve.java:213) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardContextValve.invoke(StandardCon= textValve.java:178) >>>>>>>> >>>>>>>> at >>>>>>>> org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(Se= curityAssociationValve.java:175) >>>>>>>> >>>>>>>> at >>>>>>>> org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContex= tValve.java:74) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardHostValve.invoke(StandardHostVa= lve.java:126) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportVa= lve.java:105) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.core.StandardEngineValve.invoke(StandardEngi= neValve.java:107) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapte= r.java:148) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.coyote.http11.Http11Processor.process(Http11Processor= .java:869) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.coyote.http11.Http11BaseProtocol$Http11ConnectionHand= ler.processConnection(Http11BaseProtocol.java:664) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.tomcat.util.net.PoolTcpEndpoint.processSocket(PoolTcp= Endpoint.java:527) >>>>>>>> >>>>>>>> at >>>>>>>> org.apache.tomcat.util.net.MasterSlaveWorkerThread.run(MasterSla= veWorkerThread.java:112) >>>>>>>> >>>>>>>> at java.lang.Thread.run(Thread.java:595) >>>>>>>> >>>>>>>> >>>>>>>> The same request is correct with Internet Explorer and i receiv= e >>>>>>>> the >>>>>>>> certificate on my smartcard. >>>>>>>> >>>>>>>> Security flaw : >>>>>>>> When I looking the exchange during request process on the level = of >>>>>>>> port >>>>>>>> USB with the card reader (omnikey). I noticed that the PIN code = was >>>>>>>> transmitted in clear (no protection). >>>>>>>> >>>>>>>> Best Regards >>>>>> ------------------------------------------------------------------= ------- >>>>>> Using Tomcat but need to do more? Need to support web services, >>>>>> security? >>>>>> Get stuff done quickly with pre-integrated technology to make your= job >>>>>> easier >>>>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache >>>>>> Geronimo >>>>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D26305= 7&dat=3D121642 >>>>>> _______________________________________________ >>>>>> Ejbca-develop mailing list >>>>>> Ejb...@li... >>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>>> -------------------------------------------------------------------= ------ >>>>> Using Tomcat but need to do more? Need to support web services, >>>>> security? >>>>> Get stuff done quickly with pre-integrated technology to make your = job >>>>> easier >>>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache >>>>> Geronimo >>>>> http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057= &dat=3D121642 >>>>> _______________________________________________ >>>>> Ejbca-develop mailing list >>>>> Ejb...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>>> >> >=20 > -----------------------------------------------------------------------= -- > Using Tomcat but need to do more? Need to support web services, securit= y? > Get stuff done quickly with pre-integrated technology to make your job = easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geron= imo > http://sel.as-us.falkag.net/sel?cmd=3Dlnk&kid=3D120709&bid=3D263057&dat= =3D121642 > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |