Hello, after installation I can't seem to get the AdminWeb to work.
It gives me ERR_CONNECTION_REFUSED
I have set my personal certificate along with the CA inside the truststore but the browser shows me that it's not valid, once I check the chain everything is validated.
If I try to access from inside the vm that the signserver is installed, using localhost I can acces but it says I have to Use TLS client certificate - Client certificate authentication required.
It has a localhost cert.
Can someone help me figure this out? I follow this guide to install it https://github.com/blink38/signserver the only difference I did is that I put /interface=httpspub:add(inet-address="0.0.0.0") insted of 127.0.0.1
Thanks!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
2020-03-27 11:41:27,168 ERROR [io.undertow.servlet.request] (default task-40) UT015012: Failed to generate error page /signserver/adminweb/error-404.xhtml for original exception: null. Generating error page resulted in a 500.: java.lang.RuntimeException: javax.servlet.ServletException: Client certificate authentication required~~~
at io.undertow.servlet.spec.HttpServletResponseImpl.doErrorDispatch(HttpServletResponseImpl.java:198)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.servlet.ServletException: Client certificate authentication required
at javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:725)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.signserver.web.common.filters.NoCacheFilter.doFilter(NoCacheFilter.java:41)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.signserver.web.common.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:184)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.signserver.web.common.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:251)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:186)
at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:501)
at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:419)
at io.undertow.servlet.spec.HttpServletResponseImpl.doErrorDispatch(HttpServletResponseImpl.java:196)
... 22 more
Caused by: org.signserver.admin.web.ejb.NotLoggedInException: Client certificate authentication required
at org.signserver.admin.web.AuthenticationBean.getAdminCertificate(AuthenticationBean.java:52)
at org.signserver.admin.web.AuthenticationBean.getUserDisplayName(AuthenticationBean.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.el.BeanELResolver.getValue(BeanELResolver.java:186)
at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:156)
at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:184)
at com.sun.el.parser.AstValue.getValue(AstValue.java:115)
at com.sun.el.parser.AstValue.getValue(AstValue.java:179)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:202)
at org.jboss.weld.module.web.el.WeldValueExpression.getValue(WeldValueExpression.java:50)
at org.jboss.weld.module.web.el.WeldValueExpression.getValue(WeldValueExpression.java:50)
at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:73)
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:170)
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:157)
at javax.faces.component.UIOutput.getValue(UIOutput.java:140)
at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:181)
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:328)
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:143)
at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:595)
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:286)
at com.sun.faces.renderkit.html_basic.GridRenderer.renderRow(GridRenderer.java:162)
at com.sun.faces.renderkit.html_basic.GridRenderer.encodeChildren(GridRenderer.java:105)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:566)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1647)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650)
at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:468)
at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:170)
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:132)
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:132)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:102)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:199)
at javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:708)
... 47 more
~~~
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Based on your problem, it looks like that you have not installed your Client Certificate (along with the Private Key) that is trusted by the Application Server in your Browser and the request is rejected by the Server as the Server fails to identify the identity of the Client (your Browser). The Server rejects the connection of those clients which is not present in its Truststore
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Thanks for the answer. I've checked and that doesn't seem to be the problem because I have imported my CA into the truststore and the wildfly keystore. in the truststore I have also added the personal certificates. I've imported both the ca and the personal cert in my browser and I it still not working. Thanks
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
i have the same problem: 2020-04-29 02:47:57,953 ERROR [io.undertow.request] (default I/O-3) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: null cert chain
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:802)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:757)
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:648)
at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1084)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:479)
Caused by: javax.net.ssl.SSLHandshakeException: null cert chain
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:306)
at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1939)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:232)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
This is a general suggestion for troubleshooting HTTP connector issues:
1. First make sure you can access SignServer without HTTPS, i.e. on http://example.com:8080/signserver
2. Then when 1. is working, continue to try to access SignServer with HTTPS on the port that only uses server authentication, i.e. on https://example.com:8442/signserver. If you get a problem here it is related to the server certificate or that you do not have its issuer in your web browser as trusted. Also note that the domain name should be correct. For example it is generally not possible to access a remote server if it only has "localhost" as the domain name in the certificate.
3. Only procceed to this step after you got 1 and 2 working. Now try to access with mutual TLS, i.e. on https://example.com:8443/signserver. Now you need to have your private key and certificate available in the web browser. Normally the web browser should ask you for which certificate to use. If it does not ask you, the HTTP connector may be misconfigured or you do not have a certificzate installed that is issued by a CA that is available in the server's truststore.
Hope this helps to get some steps forward.
Cheers,
Markus
PrimeKey
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello, after installation I can't seem to get the AdminWeb to work.
It gives me ERR_CONNECTION_REFUSED
I have set my personal certificate along with the CA inside the truststore but the browser shows me that it's not valid, once I check the chain everything is validated.
If I try to access from inside the vm that the signserver is installed, using localhost I can acces but it says I have to Use TLS client certificate - Client certificate authentication required.
It has a localhost cert.
Can someone help me figure this out? I follow this guide to install it https://github.com/blink38/signserver the only difference I did is that I put /interface=httpspub:add(inet-address="0.0.0.0") insted of 127.0.0.1
Thanks!
2020-03-27 11:41:27,168 ERROR [io.undertow.servlet.request] (default task-40) UT015012: Failed to generate error page /signserver/adminweb/error-404.xhtml for original exception: null. Generating error page resulted in a 500.: java.lang.RuntimeException: javax.servlet.ServletException: Client certificate authentication required~~~
at io.undertow.servlet.spec.HttpServletResponseImpl.doErrorDispatch(HttpServletResponseImpl.java:198)
at io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
at io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
at io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
at org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1504)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at io.undertow.server.Connectors.executeRootHandler(Connectors.java:376)
at io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:830)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.servlet.ServletException: Client certificate authentication required
at javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:725)
at javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
at io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at org.signserver.web.common.filters.NoCacheFilter.doFilter(NoCacheFilter.java:41)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.signserver.web.common.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:184)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at org.signserver.web.common.owasp.filters.ClickjackFilter.doFilter(ClickjackFilter.java:36)
at io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
at io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
at io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
at io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
at io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:251)
at io.undertow.servlet.handlers.ServletInitialHandler.dispatchToPath(ServletInitialHandler.java:186)
at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:501)
at io.undertow.servlet.spec.RequestDispatcherImpl.error(RequestDispatcherImpl.java:419)
at io.undertow.servlet.spec.HttpServletResponseImpl.doErrorDispatch(HttpServletResponseImpl.java:196)
... 22 more
Caused by: org.signserver.admin.web.ejb.NotLoggedInException: Client certificate authentication required
at org.signserver.admin.web.AuthenticationBean.getAdminCertificate(AuthenticationBean.java:52)
at org.signserver.admin.web.AuthenticationBean.getUserDisplayName(AuthenticationBean.java:60)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at javax.el.BeanELResolver.getValue(BeanELResolver.java:186)
at com.sun.faces.el.DemuxCompositeELResolver._getValue(DemuxCompositeELResolver.java:156)
at com.sun.faces.el.DemuxCompositeELResolver.getValue(DemuxCompositeELResolver.java:184)
at com.sun.el.parser.AstValue.getValue(AstValue.java:115)
at com.sun.el.parser.AstValue.getValue(AstValue.java:179)
at com.sun.el.ValueExpressionImpl.getValue(ValueExpressionImpl.java:202)
at org.jboss.weld.module.web.el.WeldValueExpression.getValue(WeldValueExpression.java:50)
at org.jboss.weld.module.web.el.WeldValueExpression.getValue(WeldValueExpression.java:50)
at com.sun.faces.facelets.el.TagValueExpression.getValue(TagValueExpression.java:73)
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:170)
at javax.faces.component.ComponentStateHelper.eval(ComponentStateHelper.java:157)
at javax.faces.component.UIOutput.getValue(UIOutput.java:140)
at com.sun.faces.renderkit.html_basic.HtmlBasicInputRenderer.getValue(HtmlBasicInputRenderer.java:181)
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.getCurrentValue(HtmlBasicRenderer.java:328)
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeEnd(HtmlBasicRenderer.java:143)
at javax.faces.component.UIComponentBase.encodeEnd(UIComponentBase.java:595)
at com.sun.faces.renderkit.html_basic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:286)
at com.sun.faces.renderkit.html_basic.GridRenderer.renderRow(GridRenderer.java:162)
at com.sun.faces.renderkit.html_basic.GridRenderer.encodeChildren(GridRenderer.java:105)
at javax.faces.component.UIComponentBase.encodeChildren(UIComponentBase.java:566)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1647)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650)
at javax.faces.component.UIComponent.encodeAll(UIComponent.java:1650)
at com.sun.faces.application.view.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.java:468)
at com.sun.faces.application.view.MultiViewHandler.renderView(MultiViewHandler.java:170)
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:132)
at javax.faces.application.ViewHandlerWrapper.renderView(ViewHandlerWrapper.java:132)
at com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:102)
at com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
at com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:199)
at javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:708)
... 47 more
~~~
When you are trying to open the AdminWeb Interface, the request gets serviced using the 2 Way SSL. (Refer here for more details - https://stackoverflow.com/questions/10725572/two-way-ssl-clarification)
Based on your problem, it looks like that you have not installed your Client Certificate (along with the Private Key) that is trusted by the Application Server in your Browser and the request is rejected by the Server as the Server fails to identify the identity of the Client (your Browser). The Server rejects the connection of those clients which is not present in its Truststore
Thanks for the answer. I've checked and that doesn't seem to be the problem because I have imported my CA into the truststore and the wildfly keystore. in the truststore I have also added the personal certificates. I've imported both the ca and the personal cert in my browser and I it still not working. Thanks
i have the same problem: 2020-04-29 02:47:57,953 ERROR [io.undertow.request] (default I/O-3) Closing SSLConduit after exception on handshake: javax.net.ssl.SSLHandshakeException: null cert chain
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1521)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:528)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:802)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:757)
at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:648)
at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)
at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1084)
at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612)
at org.xnio.nio.WorkerThread.run(WorkerThread.java:479)
Caused by: javax.net.ssl.SSLHandshakeException: null cert chain
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:318)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:306)
at sun.security.ssl.ServerHandshaker.clientCertificate(ServerHandshaker.java:1939)
at sun.security.ssl.ServerHandshaker.processMessage(ServerHandshaker.java:232)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1037)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:970)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:967)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1459)
at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)
at org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1982)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at java.lang.Thread.run(Thread.java:748)
Hi Sabrina,
This is a general suggestion for troubleshooting HTTP connector issues:
1. First make sure you can access SignServer without HTTPS, i.e. on http://example.com:8080/signserver
2. Then when 1. is working, continue to try to access SignServer with HTTPS on the port that only uses server authentication, i.e. on https://example.com:8442/signserver. If you get a problem here it is related to the server certificate or that you do not have its issuer in your web browser as trusted. Also note that the domain name should be correct. For example it is generally not possible to access a remote server if it only has "localhost" as the domain name in the certificate.
3. Only procceed to this step after you got 1 and 2 working. Now try to access with mutual TLS, i.e. on https://example.com:8443/signserver. Now you need to have your private key and certificate available in the web browser. Normally the web browser should ask you for which certificate to use. If it does not ask you, the HTTP connector may be misconfigured or you do not have a certificzate installed that is issued by a CA that is available in the server's truststore.
Hope this helps to get some steps forward.
Cheers,
Markus
PrimeKey