I have just installed the signserver 3.1.1 on the same box were my ejbca 3.9.5 works fine. I did the following steps :**
# First make sure that ant, Java and JBoss is installed properly.
# Set the JAVA_HOME, JBOSS_HOME and SIGNSERVER_HOME environment variables.
# Set the SIGNSERVER_NODEID environment variable, it should be a server unique string identifying the node in a cluster. (optional for one node installations).
#Unzip the SignServer package and go to it's home directory.
#If you are going to protect the HTTP communication with SSL, you2 need a JKS SSL server key store. Rename the web server key store to tomcat.jks at put it in a 'p12' subdirectory. Also place the web server root certificate in DER encoding in the same directory, call it rootcert.cer
#Then copy the signserver_build.properties.sample file to signserver_buld.properties and edit the file. At least configure the httpsserver.password property. If you are not using https uncomment the row "j2ee.web-nohttps=true?.
#Do 'ant deploy' and then start JBoss (JBOSS_HOME\bin\run.sh) in another console.
So, the ant deploy with this error :
BUILD FAILED
/usr/local/signserver/signserver.xmli:577: The following error occurred while executing this line:
/usr/local/signserver/bin/jboss.xml:149: The following error occurred while executing this line:
/usr/local/signserver/bin/jboss.xml:36: The following error occurred while executing this line:
/usr/local/signserver/bin/jboss.xml:97: The following error occurred while executing this line:
/usr/local/signserver/bin/jboss.xml:69: Missing JKS truststorestore file in 'truststore.keystore'
**Note : I have already put the 3 requested certificates in /usr/local/signserver/p12
- tomcat.jks
- rootcert.cer
- signp12.p12 ( for time-stamp key-store : should I rename it ? not indicated in the installation steps )**
Please help ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Something wrong in my jboss. after installing the sigserver as indicated above, I lost my connection to EJBCA/adminweb ( https://localhost:8443/ejbca)
I have the superadmin certificate installed in my firefox browser !
here are the last lines in server.log of jboss :**
2010-03-26 13:25:32,602 DEBUG Saw org.jboss.system.server.started notification, starting connectors
2010-03-26 13:25:32,634 INFO Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
2010-03-26 13:25:32,701 ERROR Error starting endpoint
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:319)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:259)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:410)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:135)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:497)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:514)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at org.apache.catalina.connector.Connector.start(Connector.java:1146)
at org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:601)
at org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:638)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)
at $Proxy46.handleNotification(Unknown Source)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)
at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
at org.jboss.Main.boot(Main.java:200)
at org.jboss.Main$1.run(Main.java:508)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
… 26 more
2010-03-26 13:25:32,701 WARN Failed to startConnectors
LifecycleException: service.getName(): "jboss.web"; Protocol handler start failed: java.io.IOException: Keystore was tampered with, or password was incorrect
at org.apache.catalina.connector.Connector.start(Connector.java:1153)
at org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:601)
at org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:638)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)
at $Proxy46.handleNotification(Unknown Source)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)
at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
at org.jboss.Main.boot(Main.java:200)
at org.jboss.Main$1.run(Main.java:508)
at java.lang.Thread.run(Thread.java:619)
2010-03-26 13:25:32,723 INFO JBoss (MX MicroKernel) Started in 1m:47s:188ms
2010-03-26 13:25:32,723 DEBUG Periodic recovery - first pass <Fri, 26 Mar 2010 13:25:32>
2010-03-26 13:25:32,726 DEBUG StatusModule: first pass
please help
Kader
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The main clue in your log file is: "Keystore was tampered with, or password was incorrect" This means that jboss cannot open the file containing the SSL certificates for tomcat.
When you do 'ant deploy' in Signserver or EJBCA tomcat.jks certificate is copied to $JBOSS_HOME/server/default/conf/keystore/keystore.jks
You will need to use the same tomcat.jks for deploying both Signserver and EJBCA. Or at least have the same password for both files.
Try redeploying them with the same tomcat.jks!
Kind regards,
Tham
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
**Hi
I have just installed the signserver 3.1.1 on the same box were my ejbca 3.9.5 works fine. I did the following steps :**
# First make sure that ant, Java and JBoss is installed properly.
# Set the JAVA_HOME, JBOSS_HOME and SIGNSERVER_HOME environment variables.
# Set the SIGNSERVER_NODEID environment variable, it should be a server unique string identifying the node in a cluster. (optional for one node installations).
#Unzip the SignServer package and go to it's home directory.
#If you are going to protect the HTTP communication with SSL, you2 need a JKS SSL server key store. Rename the web server key store to tomcat.jks at put it in a 'p12' subdirectory. Also place the web server root certificate in DER encoding in the same directory, call it rootcert.cer
#Then copy the signserver_build.properties.sample file to signserver_buld.properties and edit the file. At least configure the httpsserver.password property. If you are not using https uncomment the row "j2ee.web-nohttps=true?.
#Do 'ant deploy' and then start JBoss (JBOSS_HOME\bin\run.sh) in another console.
So, the ant deploy with this error :
BUILD FAILED
/usr/local/signserver/signserver.xmli:577: The following error occurred while executing this line:
/usr/local/signserver/bin/jboss.xml:149: The following error occurred while executing this line:
/usr/local/signserver/bin/jboss.xml:36: The following error occurred while executing this line:
/usr/local/signserver/bin/jboss.xml:97: The following error occurred while executing this line:
/usr/local/signserver/bin/jboss.xml:69: Missing JKS truststorestore file in 'truststore.keystore'
**Note : I have already put the 3 requested certificates in /usr/local/signserver/p12
- tomcat.jks
- rootcert.cer
- signp12.p12 ( for time-stamp key-store : should I rename it ? not indicated in the installation steps )**
Please help ?
Set j2ee.web-nohttps=true in signserver_build.properties.
it works
thanks
**Hi
Something wrong in my jboss. after installing the sigserver as indicated above, I lost my connection to EJBCA/adminweb ( https://localhost:8443/ejbca)
I have the superadmin certificate installed in my firefox browser !
here are the last lines in server.log of jboss :**
2010-03-26 13:25:32,602 DEBUG Saw org.jboss.system.server.started notification, starting connectors
2010-03-26 13:25:32,634 INFO Starting Coyote HTTP/1.1 on http-0.0.0.0-8080
2010-03-26 13:25:32,701 ERROR Error starting endpoint
java.io.IOException: Keystore was tampered with, or password was incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
at java.security.KeyStore.load(KeyStore.java:1185)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocketFactory.java:319)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESocketFactory.java:259)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSESocketFactory.java:410)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFactory.java:378)
at org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESocketFactory.java:135)
at org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:497)
at org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:514)
at org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203)
at org.apache.catalina.connector.Connector.start(Connector.java:1146)
at org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:601)
at org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:638)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)
at $Proxy46.handleNotification(Unknown Source)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)
at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
at org.jboss.Main.boot(Main.java:200)
at org.jboss.Main$1.run(Main.java:508)
at java.lang.Thread.run(Thread.java:619)
Caused by: java.security.UnrecoverableKeyException: Password verification failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
… 26 more
2010-03-26 13:25:32,701 WARN Failed to startConnectors
LifecycleException: service.getName(): "jboss.web"; Protocol handler start failed: java.io.IOException: Keystore was tampered with, or password was incorrect
at org.apache.catalina.connector.Connector.start(Connector.java:1153)
at org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:601)
at org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.java:638)
at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at java.lang.reflect.Method.invoke(Method.java:597)
at org.jboss.mx.notification.NotificationListenerProxy.invoke(NotificationListenerProxy.java:153)
at $Proxy46.handleNotification(Unknown Source)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotification(JBossNotificationBroadcasterSupport.java:127)
at org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotification(JBossNotificationBroadcasterSupport.java:108)
at org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:916)
at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
at org.jboss.Main.boot(Main.java:200)
at org.jboss.Main$1.run(Main.java:508)
at java.lang.Thread.run(Thread.java:619)
2010-03-26 13:25:32,723 INFO JBoss (MX MicroKernel) Started in 1m:47s:188ms
2010-03-26 13:25:32,723 DEBUG Periodic recovery - first pass <Fri, 26 Mar 2010 13:25:32>
2010-03-26 13:25:32,726 DEBUG StatusModule: first pass
please help
Kader
Hello Kader,
The main clue in your log file is: "Keystore was tampered with, or password was incorrect" This means that jboss cannot open the file containing the SSL certificates for tomcat.
When you do 'ant deploy' in Signserver or EJBCA tomcat.jks certificate is copied to $JBOSS_HOME/server/default/conf/keystore/keystore.jks
You will need to use the same tomcat.jks for deploying both Signserver and EJBCA. Or at least have the same password for both files.
Try redeploying them with the same tomcat.jks!
Kind regards,
Tham
Alternatively you just missed a password when deploying Signserver