Menu
▾
▴
Re: [SignServer-develop] RES: RES: RES: Worker's questions and Error WSDL
|
From: Markus K. <ma...@pr...> - 2013-01-16 09:19:39
|
On 2013-01-15 13:20, Marcos Fontana wrote:
> Ok, done. And another, why the signserver can't read the keystore by the
> ../ejbca/p12/tomcat.jks? The EJBCA is just in the same folder as SignServer.
Hi Marcos,
I am not sure I understand exactly what you want to do. What do you mean
by that SignServer can't read it?
Normally the tomcat.jks is the keystore containing the web server
key-pair and certificate that the application server will use. When you
deploy SignServer, unless j2ee.web-nohttps is set to true, the build
script will copy the keystore from SIGNSERVER_HOME/p12/tomcat.jks to JBoss.
>
> I tried all the ways possibles.
What have you tried?
Best regards,
Markus
>
> Regards
>
> -----Mensagem original-----
> De: Markus Kilås [mailto:ma...@pr...]
> Enviada em: segunda-feira, 14 de janeiro de 2013 19:23
> Para: Marcos Fontana
> Cc: signserver-develop
> Assunto: Re: [SignServer-develop] RES: RES: Worker's questions and Error
> WSDL
>
> On 2013-01-14 20:13, Marcos Fontana wrote:
>> Hi Markus,
>>
>> By the reference of Tomas, I create a second instance of JBOSS, one to
>> Ejbca and another to SignServer. I configured the second instance
>> following some guides and all the installation of EJBCA and SignServer was
> fine.
>>
>> I put the default ports to work with 1 before the normal ports, like
>> 8080 = 18080.
>>
>> When I try to call bin/signserver.sh setproperties
>> doc/sample-configs/qs_pdfsigner_configuration.properties, the
>> signserver insist to call the 127.0.0.1:1099, thowing a Error:
>> org.signserver.common.ServiceLocator - Error Looking up signserver
>> interface.
>>
>> I'm sure that I change the ports well. Where am I wrong?
>
> You need to edit bin/jndi.properties.jboss and set the right port in
> java.naming.provider.url and then run "ant". After that bin/jndi.properties
> should contain the right port.
>
>
> Best regards,
> Markus
>
>>
>> Regards
>>
>> -----Mensagem original-----
>> De: Markus Kilås [mailto:ma...@pr...] Enviada em: quinta-feira,
>> 10 de janeiro de 2013 07:08
>> Para: sig...@li...
>> Assunto: Re: [SignServer-develop] RES: Worker's questions and Error
>> WSDL
>>
>> Marcos,
>>
>> What you could try is to first make sure you can access the WSDL file
>> using the same URL in an web browser.
>>
>> If you get an certificate warning, it did not work and you would have
>> to import your CA certificate to the browser. When you have got that
>> to work you should make sure your trust store contains that CA
> certificate.
>>
>>
>> Best regards,
>> Markus
>>
>> On 2013-01-09 21:02, Marcos Fontana wrote:
>>>
>>> ---------------------------------------------------------------------
>>> -
>>> --
>>> From: Marcos Fontana
>>> Sent: 09/01/2013 17:10
>>> To: 'Markus Kilås'
>>> Subject: RES: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> Hi Markus,
>>>
>>> Have you already got this: HTTP transport error:
>>> javax.net.ssl.SSLHandshakeException: Received fatal alert:
>> bad_certificate?
>>>
>>> I tested with tomcat.jks and truststore.jks. Both contain the right
>>> certificates that is used to use SSL validation and nothing works. =(
>>>
>>> com.sun.xml.internal.ws.client.ClientTransportException: HTTP
>>> transport
>>> error: javax.net.ssl.SSLHandshakeException: Received fatal alert:
>>> bad_certificate
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpClientTransport.get
>>> O
>>> utput(
>>> Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>>> s
>>> s(Unkn
>>> own Source)
>>> at
>>> com.sun.xml.internal.ws.transport.http.client.HttpTransportPipe.proce
>>> s
>>> sReque
>>> st(Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.transport.DeferredTransportPipe.processReques
>>> t
>>> (Unkno
>>> wn Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.__doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber._doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.doRun(Unknown Source)
>>> at com.sun.xml.internal.ws.api.pipe.Fiber.runSync(Unknown Source)
>>> at com.sun.xml.internal.ws.client.Stub.process(Unknown Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SEIStub.doProcess(Unknown
>>> Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
>> Source)
>>> at
>>> com.sun.xml.internal.ws.client.sei.SyncMethodHandler.invoke(Unknown
>> Source)
>>> at com.sun.xml.internal.ws.client.sei.SEIStub.invoke(Unknown
>> Source)
>>> at $Proxy30.process(Unknown Source)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>>> l
>>> idatio
>>> nWS.java:176)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.process(SigningAndVa
>>> l
>>> idatio
>>> nWS.java:144)
>>> at
>>> org.signserver.client.api.SigningAndValidationWS.sign(SigningAndValid
>>> a
>>> tionWS
>>> .java:208)
>>> at
>>>
>> certificate.model.ModelDocumento.assinarDocumento4(ModelDocumento.java
>> :141)
>>> at certificate.principal.Principal.main(Principal.java:70)
>>>
>>> -----Mensagem original-----
>>> De: Markus Kilås [mailto:ma...@pr...] Enviada em:
>>> quarta-feira,
>>> 9 de janeiro de 2013 05:12
>>> Para: sig...@li...
>>> Assunto: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>
>>> On 2013-01-08 18:59, Marcos Fontana wrote:
>>>> Hi Markus,
>>>>
>>>> First, thanks for the support.
>>>>
>>>> I still getting the WSDL problem.
>>>>
>>>> A question: the trustStore must contain which certificate? the
>>>> server certificate or the certificate of who will signin the document?
>>>
>>> The certificate of the issuer of the server certificate. That is the
>>> CA that signed the server certificate.
>>>
>>> The purpose of the trust store is to list all CA certificates your
>>> client application will trust when verifying the server certificate
>>> sent by the server when the connection is established.
>>>
>>>>
>>>> System.setProperty("javax.net.ssl.trustStore",
>>>> "C:/Users/Marcos/Desktop/p12/mFontana.p12");
>>>> System.setProperty("javax.net.ssl.trustStorePassword", "myPass");
>>>>
>>>> Another question: If i create a service that will sign/validate
>>>> documents of diferente peoples, which one with their own
>>>> certificate, must i create a worker for which one of them? Or can I
>>>> do it by that example “Signing and Validating an XML document”. For
>>>> this comands, in the case of a PDF, there is some way to do it like
>>>> in the web demos page, including the logo and that other
>>>> informations or just having the worker configured wll that is included?
>>>
>>> Each worker signs with one key-pair and uses one certificate so if
>>> you want to use different key-pairs/certificates for different people
>>> then you would need to have different workers for them.
>>>
>>> The "Signing and Validating an XML document" example in the
>>> integration chapter of the manual shows how an client application can
>>> request an XML document to be signed and then validated.
>>>
>>> Similarly to the code for signing an XML document you can also do
>>> this for PDF documents. Just let the byte array 'unsigned' be the
>>> content of the PDF document and replace DemoXMLSigner with the name
>>> of your PDFSigner. If you configure the PDFSigner to use a logo that
>>> will also be included just if you called it from the demo web page.
>>>
>>> Validation is currently not supported for PDF documents though.
>>>
>>> Best regards,
>>> Markus
>>>
>>>
>>>>
>>>> Regards
>>>> --------------------------------------------------------------------
>>>> -
>>>> -
>>>> --
>>>> From: Markus Kilås
>>>> Sent: 06/01/2013 11:27
>>>> To: sig...@li...
>>>> Subject: Re: [SignServer-develop] Worker's questions and Error WSDL
>>>>
>>>> On 2013-01-04 17:55, Marcos Fontana wrote:
>>>>> Hi,
>>>>>
>>>>
>>>> Hi Marcos,
>>>>
>>>>>
>>>>>
>>>>> When I’m are setting properties by the command:
>>>>>
>>>>>
>>>>>
>>>>> bin/signserver.sh setproperties
>>>>> doc/sample-configs/qs_pdfsigner_configuration.properties
>>>>>
>>>>>
>>>>>
>>>>> I got the console error: Error reading property file. Is there some
>>>>> place that I can see this log?
>>>>>
>>>>
>>>> You can get this error is the file is not existing or in any other
>>>> way not readable. Make sure that the file can be read by for
>>>> instance running "less
> doc/sample-configs/qs_pdfsigner_configuration.properties".
>>>> Unfortunately this is not logged anywhere in more detail than what
>>>> is printed on the console.
>>>>
>>>>>
>>>>>
>>>>> The configurations are right. Another question, what is the
>>>>> difference by worker and signer?
>>>>
>>>> A Worker is an entity in SignServer which has an Worker ID and a
>>>> configuration and can be called to perform some work. A signer is a
>>>> type of worker which uses a crypto token to sign something.
>>>>
>>>>>
>>>>>
>>>>>
>>>>> The ID or Worker name, in the case of PDF, is the PDFSigner,
>>>>> configured in this line: WORKERGENID1.NAME=PDFSigner?
>>>>
>>>> That property sets the worker name to "PDFSigner" for the new worker
>>>> which is about to be added. The WORKERGENID1 means that a new worker
>>>> with the next available ID will be created.
>>>>
>>>> If you instead want to define the worker ID you could replace
>>>> WORKERGENID1 with for instance WORKER47 (or any other ID). This is
>>>> recommended if you want to be able to apply (setproperties) the file
>>>> again without having a new worker to be created.
>>>>
>>>>>
>>>>>
>>>>>
>>>>> And another question, I’m getting this error when i try to
>>>>> instantiate the object os WSDL in this line
>>>>>
>>>>> : ISigningAndValidation _signserver_ =
>>>>> *new*SigningAndValidationWS("localhost", 8442, *true*);
>>>>>
>>>>>
>>>>>
>>>>> _javax.xml.ws.WebServiceException_: Failed to access the WSDL at:
>>>>> https://localhost:8442/signserver/signserverws/signserverws?wsdl.
>>>>> It failed with:
>>>>>
>>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl).
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.tryWithMex(Un
>>>>> k
>>>>> n
>>>>> own
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.parse(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.parseWSDL(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.client.WSServiceDelegate.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.spi.ProviderImpl.createServiceDelegate(Unkn
>>>>> o
>>>>> w
>>>>> n
>>>>> Source)
>>>>>
>>>>> at javax.xml.ws.Service.<init>(Unknown Source)
>>>>>
>>>>> at
>>>>> org.signserver.protocol.ws.gen.SignServerWSService.<init>(_SignServ
>>>>> e
>>>>> r
>>>>> WSService.java:42_)
>>>>>
>>>>> at
>>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>>> V
>>>>> a
>>>>> lidationWS.java:120_)
>>>>>
>>>>> at
>>>>> org.signserver.client.api.SigningAndValidationWS.<init>(_SigningAnd
>>>>> V
>>>>> a
>>>>> lidationWS.java:83_)
>>>>>
>>>>> at
>>>>> certificate.model.ModelDocumento.assinarDocumento4(_ModelDocumento.
>>>>> j
>>>>> a
>>>>> va:145_)
>>>>>
>>>>> at certificate.principal.Principal.main(_Principal.java:70_)
>>>>>
>>>>> Caused by: _java.net.SocketException_:
>>>>> _java.security.NoSuchAlgorithmException_: Error constructing
>>>>> implementation (algorithm: Default, provider: SunJSSE, class:
>>>>> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
>>>>>
>>>>> at
>>>>> javax.net.ssl.DefaultSSLSocketFactory.throwException(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> javax.net.ssl.DefaultSSLSocketFactory.createSocket(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.HttpsClient.createSocket(Unknown
>>>>> Source)
>>>>>
>>>>> at sun.net.NetworkClient.doConnect(Unknown Source)
>>>>>
>>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>>
>>>>> at sun.net.www.http.HttpClient.openServer(Unknown Source)
>>>>>
>>>>> at sun.net.www.protocol.https.HttpsClient.<init>(Unknown
>>>>> Source)
>>>>>
>>>>> at sun.net.www.protocol.https.HttpsClient.New(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNe
>>>>> w
>>>>> H
>>>>> ttpClient(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.http.HttpURLConnection.plainConnect(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.conne
>>>>> c
>>>>> t
>>>>> (Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown
>>>>> Source)
>>>>>
>>>>> at
>>>>> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Un
>>>>> k
>>>>> n
>>>>> own
>>>>> Source)
>>>>>
>>>>> at java.net.URL.openStream(Unknown Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.createReader(
>>>>> U
>>>>> n
>>>>> known
>>>>> Source)
>>>>>
>>>>> at
>>>>> com.sun.xml.internal.ws.wsdl.parser.RuntimeWSDLParser.resolveWSDL(U
>>>>> n
>>>>> k
>>>>> nown Source)
>>>>>
>>>>> ... 11 more
>>>>>
>>>>
>>>> Have you defined the javax.net.ssl.trustStore and
>>>> javax.net.ssl.trustStorePassword system properties?
>>>>
>>>> See
>>>> http://signserver.org/manual/integration.html#Signing%20and%20valida
>>>> t
>>>> i
>>>> ng%20an%20XML%20document
>>>> for an example.
>>>>
>>>>
>>>> Best regards,
>>>> Markus
>>>>
>>>>
>>>> PrimeKey Solutions offers a commercial EJBCA & SignServer support
>>>> subscription and training. Please see www.primekey.se
>>>> <http://www.primekey.se> <http://www.primekey.se> or contact
>>>> in...@pr... for more information.
>>>> http://www.primekey.se/Services/Support/
>>>> http://www.primekey.se/Services/Training/
>>>>
>>>>
>>>
>>>
>>
>>
>>
>> ----------------------------------------------------------------------
>> ------
>> --
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills
>> current with LearnDevNow - 3,200 step-by-step video tutorials by
>> Microsoft MVPs and experts. ON SALE this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122712
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>> -----
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> Versão: 2013.0.2805 / Banco de dados de vírus: 2637/6019 - Data de
>> Lançamento: 01/08/13
>>
>> -----
>> Nenhum vírus encontrado nessa mensagem.
>> Verificado por AVG - www.avgbrasil.com.br
>> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6032 - Data de
>> Lançamento: 01/14/13
>>
>>
>> ----------------------------------------------------------------------
>> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012,
>> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your
>> skills current with LearnDevNow - 3,200 step-by-step video tutorials
>> by Microsoft MVPs and experts. SALE $99.99 this month only -- learn
>> more at:
>> http://p.sf.net/sfu/learnmore_122412
>> _______________________________________________
>> SignServer-develop mailing list
>> Sig...@li...
>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>
>
>
>
> --
> Kind regards,
> Markus Kilås
> Security Consultant & Developer
>
> PrimeKey Solutions AB
>
> Anderstorpsv. 16
> 171 54 Solna
> Sweden
>
> Phone: +46 70 424 94 85
> Skype: markusatskype
> Email: mar...@pr...
>
> www.primekey.se
>
>
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6033 - Data de
> Lançamento: 01/14/13
>
> -----
> Nenhum vírus encontrado nessa mensagem.
> Verificado por AVG - www.avgbrasil.com.br
> Versão: 2013.0.2890 / Banco de dados de vírus: 2638/6033 - Data de
> Lançamento: 01/14/13
>
>
> ------------------------------------------------------------------------------
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> _______________________________________________
> SignServer-develop mailing list
> Sig...@li...
> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>
--
Kind regards,
Markus Kilås
Security Consultant & Developer
PrimeKey Solutions AB
Anderstorpsv. 16
171 54 Solna
Sweden
Phone: +46 70 424 94 85
Skype: markusatskype
Email: mar...@pr...
www.primekey.se
|
