I don't see the debug message you name in the output you print? In the output it says "The signer certificate is valid ….".
When you say stop, does it return an error message to the client or?
It is not the client that gives the log message:
DEBUG [v3100.org.signserver.module.tsa.TimeStampSigner
is it?
The InternalResources error can be ignored, although they are annoying and should be removed…
Cheers,
Tomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The main debug message I get is "DEBUG Signtoken did not contain a certificate chain, looking in config" , but as I said I have upload a certchain to the signer.
All the log messages are from the server, I am not getting any error on client side. I am gonna paste all the sequence for you to examinate:
The debug message can safely be ignored. It is just an internal debug message saying that the chains was not stored in the signtoken but in the config. This is the normal case when using the PKCS11CryptoToken.
From the log it looks like it managed to perform a test signature. So the question is why it later hangs. Do you get similar output if you stop the client and run it again?
Regards,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I am trying to get the timestamping service to work with a Realsec HSM. I have managed to add the new worker getting the following config from it:
The current configuration of worker with id : 2 is :
SIGNERCERTCHAIN=Subject: C=xx
Issuer: E=xx@xx,CN=xx,OU=xx,O=xx,L=xx,ST=xx,C=xx
---BEGIN CERTIFICATE---
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
---END CERTIFICATE---
Subject: E=xx@xx,CN=xx CA,OU=xx,O=xx,L=xx,ST=xx,C=xx
Issuer: E=xx@xx,CN=xx CA,OU=xx,O=xx,L=xx,ST=xx,C=xx
---BEGIN CERTIFICATE---
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
---END CERTIFICATE---
DEFAULTTSAPOLICYOID=xxxxxxxxxxxxxx
SLOT=2
SIGNERCERT=
PIN=xxxxxx
NAME=RealsecTSATest
SHAREDLIBRARY=/lib/libcryptosec.so
AUTHTYPE=NOAUTH
CLASSPATH=org.signserver.common.ProcessableConfig
MODULEVERSION=3100
MODULENAME=TSA
DEFAULTKEY=test1
The current configuration use the following signer certificate :
DN : C=xx
SerialNumber : 3cb
Issuer DN : CN=xx CA,C=xx,L=xx,ST=xx,O=xx,OU=xx,E=xx@xx
Valid from :08-jun-2011
Valid to : 07-jun-2015
When I launch the java timestamping client, on the logs it looks like its doing well but at the first try it stops at the following debug message:
DEBUG Signtoken did not contain a certificate chain, looking in config.
But as you can see at the config I did upload the certchain to it. Anyway this error only happens after a reload.
Find bellow the full logs messages:
2011-06-08 17:09:50,183 DEBUG >doPost()
2011-06-08 17:09:50,183 DEBUG Found a signerId in the request: 2
2011-06-08 17:09:50,183 INFO Request Content-type: application/timestamp-query
2011-06-08 17:09:50,184 DEBUG Received a request with length: 46
2011-06-08 17:09:50,184 DEBUG Using signerId: 2
2011-06-08 17:09:50,184 INFO Recieved HTTP process request for worker 2, from ip 10.2.126.241
2011-06-08 17:09:50,184 DEBUG Received bytes of length: 46
2011-06-08 17:09:50,191 DEBUG >process: 2
2011-06-08 17:09:50,192 DEBUG Testing keys with algorithm: RSA
2011-06-08 17:09:50,192 DEBUG testSigAlg: SHA1WithRSA
2011-06-08 17:09:50,192 DEBUG provider: SunPKCS11-libcryptosec.so-slot2
2011-06-08 17:09:50,192 DEBUG privateKey: SunPKCS11-libcryptosec.so-slot2 RSA private key, 2048 bits (id 41943099, token object, sensitive, unextractable)
2011-06-08 17:09:50,195 DEBUG publicKey: Sun RSA public key, 2048 bits
modulus: 28298262934453975097466522440832789457002459605940930210942930269706170064048311282096012505825462974051049199656329688893202090266973301313200626190818520772519713551135924769501240428825747952681988026493709226921086459690112012909169130616178920624714509749092030484848027624350153436473384456535942578505489181246896574692735177076916856222763576118539168460017164521340673690092883131304486953106803804189412773633350924467429868553204966900168325816836535359728782318372667047391704612624674645003262037557608683259536465987843320689483312192129179583014524679386238241038132177975354580718515600621753150991791
public exponent: 3
2011-06-08 17:09:50,211 DEBUG Created signature of size: 256
2011-06-08 17:09:50,211 DEBUG Created signature: 27a8ddb88dccbf0a8c03777cd17c81bb59b844b2ac1c0180ffbdc90bd22fe8631587ab392683c0b06ac775cf98d99dcadbb0fa76ae8f26a9d7be4f0678157bade0cff4aa77f9940a8c47d4b02879128a20bfa25777c1e08742d8917c2c5bae3ce3c274db0c7f79c693da7cfc860a0d3fa2c491483dd408ee830731247e45e011ec270464a311088aa8919acc7e7f40a443a5ce33e034ef5cb3394828c67d0c754c83aa02d9100f842da75c0e65f5cd3e8e001eb60ccfd3c1db457f2f6aa4ec587ebee3c5515fac4a654513bd1c5f98b7d49bd360c8a510fda35ebed8865127403a908dee4f6162883dfd326c8a323789b50431a2552cda5006d3e3abd997bcf8
2011-06-08 17:09:50,214 DEBUG Testing keys with algorithm: RSA
2011-06-08 17:09:50,214 DEBUG testSigAlg: SHA1WithRSA
2011-06-08 17:09:50,214 DEBUG provider: SunPKCS11-libcryptosec.so-slot2
2011-06-08 17:09:50,214 DEBUG privateKey: SunPKCS11-libcryptosec.so-slot2 RSA private key, 2048 bits (id 41943099, token object, sensitive, unextractable)
2011-06-08 17:09:50,216 DEBUG publicKey: Sun RSA public key, 2048 bits
modulus: 28298262934453975097466522440832789457002459605940930210942930269706170064048311282096012505825462974051049199656329688893202090266973301313200626190818520772519713551135924769501240428825747952681988026493709226921086459690112012909169130616178920624714509749092030484848027624350153436473384456535942578505489181246896574692735177076916856222763576118539168460017164521340673690092883131304486953106803804189412773633350924467429868553204966900168325816836535359728782318372667047391704612624674645003262037557608683259536465987843320689483312192129179583014524679386238241038132177975354580718515600621753150991791
public exponent: 3
2011-06-08 17:09:50,232 DEBUG Created signature of size: 256
2011-06-08 17:09:50,232 DEBUG Created signature: 27a8ddb88dccbf0a8c03777cd17c81bb59b844b2ac1c0180ffbdc90bd22fe8631587ab392683c0b06ac775cf98d99dcadbb0fa76ae8f26a9d7be4f0678157bade0cff4aa77f9940a8c47d4b02879128a20bfa25777c1e08742d8917c2c5bae3ce3c274db0c7f79c693da7cfc860a0d3fa2c491483dd408ee830731247e45e011ec270464a311088aa8919acc7e7f40a443a5ce33e034ef5cb3394828c67d0c754c83aa02d9100f842da75c0e65f5cd3e8e001eb60ccfd3c1db457f2f6aa4ec587ebee3c5515fac4a654513bd1c5f98b7d49bd360c8a510fda35ebed8865127403a908dee4f6162883dfd326c8a323789b50431a2552cda5006d3e3abd997bcf8
2011-06-08 17:09:50,234 DEBUG checkcertvalidity: true
2011-06-08 17:09:50,234 DEBUG checkprivatekeyvalidity: true
2011-06-08 17:09:50,234 DEBUG minremainingcertvalidity: 0
2011-06-08 17:09:50,238 DEBUG The signer certificate is valid from 'Wed Jun 08 13:41:39 CEST 2011' until 'Sun Jun 07 13:41:39 CEST 2015'
Sorry for the large text,
Thanks,
Eric
I have found this two error at the jboss logs at the beginning of the request but then it keepd going:
2011-06-09 16:49:55,208 DEBUG Found cryptotoken classpath: org.signserver.server.cryptotokens.PKCS11CryptoToken
2011-06-09 16:49:55,246 ERROR primaryResourse == null
2011-06-09 16:49:55,246 ERROR secondaryResource == null
2011-06-09 16:49:55,257 DEBUG >init
I hope someone could help me
Thanks
Hi,
I don't see the debug message you name in the output you print? In the output it says "The signer certificate is valid ….".
When you say stop, does it return an error message to the client or?
It is not the client that gives the log message:
DEBUG [v3100.org.signserver.module.tsa.TimeStampSigner
is it?
The InternalResources error can be ignored, although they are annoying and should be removed…
Cheers,
Tomas
Hi,
The main debug message I get is "DEBUG Signtoken did not contain a certificate chain, looking in config" , but as I said I have upload a certchain to the signer.
All the log messages are from the server, I am not getting any error on client side. I am gonna paste all the sequence for you to examinate:
Call from signserver tsa client:
java -jar timeStampClient.jar "http://localhost:8080/tsa?workerId=2"
MessageDigest=0000000000000000000000000000000000000000
Logs at serverd side:
2011-06-13 10:54:42,310 DEBUG >doPost()
2011-06-13 10:54:42,310 DEBUG Found a signerId in the request: 2
2011-06-13 10:54:42,310 INFO Request Content-type: application/timestamp-query
2011-06-13 10:54:42,311 DEBUG Received a request with length: 46
2011-06-13 10:54:42,311 DEBUG Using signerId: 2
2011-06-13 10:54:42,311 INFO Recieved HTTP process request for worker 2, from ip 10.2.126.245
2011-06-13 10:54:42,311 DEBUG Received bytes of length: 46
2011-06-13 10:54:42,313 DEBUG >process: 2
2011-06-13 10:54:42,314 DEBUG Testing keys with algorithm: RSA
2011-06-13 10:54:42,314 DEBUG testSigAlg: SHA1WithRSA
2011-06-13 10:54:42,314 DEBUG provider: SunPKCS11-libcryptosec.so-slot2
2011-06-13 10:54:42,314 DEBUG privateKey: SunPKCS11-libcryptosec.so-slot2 RSA private key, 2048 bits (id 41943099, token object, sensitive, unextractable)
2011-06-13 10:54:42,315 DEBUG publicKey: Sun RSA public key, 2048 bits
modulus: 28298262934453975097466522440832789457002459605940930210942930269706170064048311282096012505825462974051049199656329688893202090266973301313200626190818520772519713551135924769501240428825747952681988026493709226921086459690112012909169130616178920624714509749092030484848027624350153436473384456535942578505489181246896574692735177076916856222763576118539168460017164521340673690092883131304486953106803804189412773633350924467429868553204966900168325816836535359728782318372667047391704612624674645003262037557608683259536465987843320689483312192129179583014524679386238241038132177975354580718515600621753150991791
public exponent: 3
2011-06-13 10:54:42,333 DEBUG Created signature of size: 256
2011-06-13 10:54:42,333 DEBUG Created signature: 27a8ddb88dccbf0a8c03777cd17c81bb59b844b2ac1c0180ffbdc90bd22fe8631587ab392683c0b06ac775cf98d99dcadbb0fa76ae8f26a9d7be4f0678157bade0cff4aa77f9940a8c47d4b02879128a20bfa25777c1e08742d8917c2c5bae3ce3c274db0c7f79c693da7cfc860a0d3fa2c491483dd408ee830731247e45e011ec270464a311088aa8919acc7e7f40a443a5ce33e034ef5cb3394828c67d0c754c83aa02d9100f842da75c0e65f5cd3e8e001eb60ccfd3c1db457f2f6aa4ec587ebee3c5515fac4a654513bd1c5f98b7d49bd360c8a510fda35ebed8865127403a908dee4f6162883dfd326c8a323789b50431a2552cda5006d3e3abd997bcf8
2011-06-13 10:54:42,335 DEBUG Testing keys with algorithm: RSA
2011-06-13 10:54:42,335 DEBUG testSigAlg: SHA1WithRSA
2011-06-13 10:54:42,335 DEBUG provider: SunPKCS11-libcryptosec.so-slot2
2011-06-13 10:54:42,335 DEBUG privateKey: SunPKCS11-libcryptosec.so-slot2 RSA private key, 2048 bits (id 41943099, token object, sensitive, unextractable)
2011-06-13 10:54:42,335 DEBUG publicKey: Sun RSA public key, 2048 bits
modulus: 28298262934453975097466522440832789457002459605940930210942930269706170064048311282096012505825462974051049199656329688893202090266973301313200626190818520772519713551135924769501240428825747952681988026493709226921086459690112012909169130616178920624714509749092030484848027624350153436473384456535942578505489181246896574692735177076916856222763576118539168460017164521340673690092883131304486953106803804189412773633350924467429868553204966900168325816836535359728782318372667047391704612624674645003262037557608683259536465987843320689483312192129179583014524679386238241038132177975354580718515600621753150991791
public exponent: 3
2011-06-13 10:54:42,351 DEBUG Created signature of size: 256
2011-06-13 10:54:42,351 DEBUG Created signature: 27a8ddb88dccbf0a8c03777cd17c81bb59b844b2ac1c0180ffbdc90bd22fe8631587ab392683c0b06ac775cf98d99dcadbb0fa76ae8f26a9d7be4f0678157bade0cff4aa77f9940a8c47d4b02879128a20bfa25777c1e08742d8917c2c5bae3ce3c274db0c7f79c693da7cfc860a0d3fa2c491483dd408ee830731247e45e011ec270464a311088aa8919acc7e7f40a443a5ce33e034ef5cb3394828c67d0c754c83aa02d9100f842da75c0e65f5cd3e8e001eb60ccfd3c1db457f2f6aa4ec587ebee3c5515fac4a654513bd1c5f98b7d49bd360c8a510fda35ebed8865127403a908dee4f6162883dfd326c8a323789b50431a2552cda5006d3e3abd997bcf8
2011-06-13 10:54:42,352 DEBUG checkcertvalidity: true
2011-06-13 10:54:42,352 DEBUG checkprivatekeyvalidity: true
2011-06-13 10:54:42,352 DEBUG minremainingcertvalidity: 0
2011-06-13 10:54:42,355 DEBUG The signer certificate is valid from 'Thu Jun 09 18:30:25 CEST 2011' until 'Mon Jun 08 18:30:25 CEST 2015'
Then nothing happens on any side :(
I hope the situation its more clear now for you,
Thanks so much for your help
Eric
Hi,
The debug message can safely be ignored. It is just an internal debug message saying that the chains was not stored in the signtoken but in the config. This is the normal case when using the PKCS11CryptoToken.
From the log it looks like it managed to perform a test signature. So the question is why it later hangs. Do you get similar output if you stop the client and run it again?
Regards,
Markus
Hi,
Yes, I am getting allways the same thing, I've tried to run and stop the client but not success…
Thanks,
Eric
If only the test signature is successful, I guess the real signature operation hangs. Should be something with the HSM config I guess.
What version of SignServer are you using btw?
Does it seem to loop? I.e. is the CPU usage high?
Sorry for the delay but I've been busy in other issues ;)
Now I am back to this. The version I am using is signserver_lgpl_v21_version_3_1_0, and the CPU, MEM usage seems to be fine.
Cant find anything wront at hsm logs
Thanks