Re: [SignServer-develop] key usage limit exceeded or not initialized

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

fre 2013-10-18 klockan 09:31 +0200 skrev Antoine Louiset:

>   CHECKCERTPRIVATEKEYVALIDITY=false
> 
>   SIGNERCERTCHAIN=
> 
>   KEYSTOREPATH=/etc/certificates/ysKeystore.jks
> 
>   DEFAULTKEY=6

How does the key aliases in the keystore look like, if you use:
keytool -list -keystore /etc/certificates/ysKeystore.jks

You could also try to take a look at the content of the KeyUsageCounter
table in the database, to see if there is a row corresponding to the
figerprint of the key in the keystore.

Another thing that you could try to do set DISABLEKEYUSAGECOUNTER=true
and (temporarily) remove the KEYUSAGELIMIT property (they can not both
be defined simultaniously) to rule of that there could be something
missing in the keystore, perhaps.

Regards,
Marcus Lundblad
> 
>   KEYUSAGELIMIT=-1
> 
>   REQUIRE_REQUEST_PROPERTIES=ALIAS,AUTHPARAM,DEMAND
> 
>   AUTHTYPE=org.signserver.server.YousignAuthorizer
> 
>   NAME=YousignPDFSigner
> 
>   SIGNERCERT=
> 
>   KEYSTOREPASSWORD=xxxx
> 
>   CLASSPATH=org.signserver.common.ProcessableConfig
> 
>   KEYSTORETYPE=JKS
> 
>   CHECKCERTVALIDITY=false
> 
>   LOCATION=France
> 
> 
> 
> Active Authorized Clients are are (Cert DN, IssuerDN):
> INFO  IMPLICITLYCA_Q not set, using default.
> INFO  IMPLICITLYCA_A not set, using default.
> INFO  IMPLICITLYCA_B not set, using default.
> INFO  IMPLICITLYCA_G not set, using default.
> INFO  IMPLICITLYCA_N not set, using default.
> The current configuration use the following signer certificate : 
> 
>              Subject DN:     -----------
>              Serial number:  -----------
>              Issuer DN:      -----------
>              Valid from:     2013-10-11 12:55:46 CEST
>              Valid until:    2015-10-11 12:55:46 CEST
> 
> 
> 
> 
> 
> Thanks a lot !
> 
> 
> Antoine
> 
> On Fri, 18 Oct 2013 09:18:35 +0200, Marcus Lundblad
> <mar...@pr...> wrote:
> > tor 2013-10-17 klockan 18:41 +0200 skrev Antoine Louiset:
> >> Hi everyone,
> >>
> >> I have an error for a pdf worker. The cryptotoken is offline, the
> >> error is : key usage limit exceeded or not initialized
> >>
> >> In my configuration of the worker, the value of KEYUSAGELIMIT is -1.
> >>
> >> Any ideas ?
> >>
> > 
> > Hi Antoine!
> > 
> > Could you try running:
> > bin/signserver getstatus brief all
> > 
> > And see what the output is regarding your pdf worker.
> > 
> > Regards,
> > Marcus Lundblad
> > 
> >> Thanks a lot !
> >>
> >> --
> >> Antoine Louiset
> >>
> >>
> >> ------------------------------------------------------------------------------
> >> October Webinars: Code for Performance
> >> Free Intel webinars can help you accelerate application performance.
> >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> >> the latest Intel processors and coprocessors. See abstracts and register >
> >> http://pubads.g.doubleclick.net/gampad/clk?id=60135031&iu=/4140/ostg.clktrk
> >> _______________________________________________
> >> SignServer-develop mailing list
> >> Sig...@li...
> >> https://lists.sourceforge.net/lists/listinfo/signserver-develop
> 