SignServer Missing field 'data' in request

Help
2014-04-16
2014-04-17
  • Mietek Szumilak

    Mietek Szumilak - 2014-04-16

    Hello,
    I'm new with this stuff so I would ask for your understanding. My problem looks as following. I have configured SignServer-3.2.2 on JBoss-5.1.0.GA with EJBCA_4_0_11. I only need to use TSA module, after my configuration i should be able to enter this URL:
    "http://local-host:8080/signserver/process?workerName=TimeStampSigner"
    but when i try i get:
    "HTTP Status 400 - Request Error
    The request sent by the client could not be processed correctly:
    Missing field 'data' in request"
    When I'm checking the server log i get only:
    "2014-04-16 10:43:59,941 INFO [org.signserver.web.GenericProcessServlet] (http-0.0.0.0-8080-3) Bad request: Missing field 'data' in request"
    No errors.
    I can enter "http://local-host:8080/signserver" so the signserver works.

    I configured it as follows:
    Ceated:

    export APPSRV_HOME=/opt/jboss
    export ANT_HOME=/usr/share/ant
    export ANT_OPTS="-Xmx512m -XX:MaxPermSize=128m"
    export SIGNSERVER_HOME=/opt/signserver
    export SIGNSERVER_NODEID=node1

    Configured file 'signserver_build.properties':
    appserver.type=jboss
    appserver.home=/opt/jboss/
    jboss.config=default
    jboss.deploy=deploy
    j2ee.web-nohttps=true
    database.name=mysql
    database.url=jdbc:mysql://127.0.0.1:3306/signserver?characterEncoding=UTF-8
    database.driver=com.mysql.jdbc.Driver
    database.username=signserver
    database.password={{signserver_mysql_password}}
    signserverws.enabled=true
    genericws.enabled=true
    validationws.enabled=true
    adminws.enabled=false
    module.tsa.enabled=true
    module.tsa.include=true

    Next:
    ant clean deploy
    and get a Successful build

    Then i configured file 'qs_timestamp_configuration-pkcs11.properties':
    GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.PKCS11CryptoToken
    WORKERGENID1.NAME=TimeStampSigner
    WORKERGENID1.AUTHTYPE=NOAUTH

    WORKERGENID1.DEFAULTKEY=TSAKey

    WORKERGENID1.SHAREDLIBRARY=/usr/lib/opensc-pkcs11.so

    WORKERGENID1.SLOT=1

    Now I'm creating new worker and setting his properties:
    bin/signserver.sh setproperties doc/sample-configs/qs_timestamp_configuration-pkcs11.properties
    bin/signserver.sh reload {{worker id}}

    Then i generate pair of keys for my TSA...

    Testing my key:
    bin/signserver.sh activatecryptotoken {{worker id}}
    bin/signserver.sh testkey {{worker id}}
    and geting a SUCCESS

    After that I'm generating a CSR form my EJBCA to generate a certificate...
    And doing a chain of certificates:
    cat signserver.pem CA.pem > /tmp/signserver-chain.pem
    bin/signserver.sh uploadsignercertificatechain {{worker id}} GLOB /tmp/signserver-chain.pem

    Then reloading my worker and restarting server, and after activating my worker i should be able to enter the URL I mentioned above...
    I cheked is my token active, and the "bin/signserver.sh getstatus complete all" looks good for me.

    Is there a mistake in my configuration?

    Looking forward for replies.

    Thanks

     
  • Markus Kilås

    Markus Kilås - 2014-04-17

    Hi Mietek,

    The TimeStampSigner can not be invoked from the web page. It uses the time-stamping protocol as specified in RFC#3161 and thus requires the use of a time-stamp client.

    SignServer includes a client that can be used for testing purposes like this:
    $ bin/signclient timestamp http://localhost:8080/signserver/process?workerName=TimeStampSigner

    Cheers,
    Markus

    PrimeKey Solutions offers a commercial EJBCA & SignServer support subscription and training. Please see www.primekey.se or contact info@primekey.se for more information.
    [url]http://www.primekey.se/Services/Support/[/url]
    [url]http://www.primekey.se/Services/Training/[/url]

     
  • Mietek Szumilak

    Mietek Szumilak - 2014-04-17

    Hi Markus,

    Thanks for your response.
    I see I need to complement my knowledge in this area.
    One more time thanks a lot for your forbearance and reply.

    Regards,

    Mietek

     
    Last edit: Mietek Szumilak 2014-04-17

Log in to post a comment.