Re: [SignServer-develop] Timestamp configuration

[Arnaud D. <arn...@gm...>]

If I check signserver.log, I have :

2017-03-20 14:43:14,116 ERROR [p: thread-pool-1; w: 8] [ProcessableConfig]
java.io.IOException: Error in java.io.ByteArrayInputStream@5ac52fd8,
missing -----BEGIN CERTIFICATE----- boundary

Any ideas ?

Thanks

2017-03-20 11:41 GMT+01:00 Arnaud Defos <arn...@gm...>:

> Hi,
>
> Thanks for your answer.
>
> I try to follow instructions to setup 3.7.0 timestamp signer for demo (it
> is not the same instructions for the current version) but I have several
> errors on the timestamp signer :
>
> Here is an extract of : >bin/signserver getstatus brief all
>
> Status of CryptoWorker with id 7 (CryptoTokenP12) is:
>    Worker status : Active
>    Token status  : Active
>
>    Worker properties:
>       KEYSTORETYPE=PKCS12
>
>       CLASSPATH=org.signserver.common.ProcessableConfig
>
>       DEFAULTKEY=Signer 2
>
>       KEYSTOREPATH=/opt/signserver/res/test/dss10/dss10_signer2.p12
>
>       SIGNERCERT=
>
>       NAME=CryptoTokenP12
>
>       SIGNERCERTCHAIN=MIIEhzCCAm+gAwIBAgIITQ7wWwEnF4EwDQYJKoZIh
> vcNAQELBQAwTTEXMBUGA1UEAwwORFNTIFJvb3QgQ0EgMTAxEDAOBgNVBAsMB
> 1Rlc3RpbmcxEzARBgNVBAoMClNpZ25TZXJ2ZXIxCzAJBgNVBAYTAlNFMB4XD
> TE0MTAxMDA4NDQyOVoXDTM0MTAxMDA4NDQyOVowQDEUMBIGA1UEAwwLVFMgU
> 2lnbmVyIDIxGzAZBgNVBAoMElNpZ25TZXJ2ZXIgVGVzdGluZzELMAkGA1UEB
> hMCU0UwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiQkk9WQ+
> ufdrnms7oDcGdt7Sd8lH0gNIjwCYWFgQEugp+Jq/HSgx1t0N74OTC/vzEGSBuP//
> aWEwJWayz3RHNj53R3SuDZI/zL8OzLHCuKoJ+4zuWeWC9IcJjChfz64MzvMjnfKQpWG
> oje23IU9rxGyN8U4hap/f376wlSF5biP3H2u61/qqC2PE5g9DAPKBP1whWkztl6GGpViV
> xBlGymsyDnmzZI39rvySsBbnWayggOB337Nuwi/O4aoKyk7cA3xvaby2UdOUD8Tj7c5mR
> KqCnHwVIoh9spRrzrqlHOm29xsv/CkXFiTLGpwHqjsIWdZuveBQ+
> nPwqO5jvKkybAgMBAAGjeDB2MB0GA1UdDgQWBBRKRH8HvWJ0mZHx15nOIECp
> LNbOEzAMBgNVHRMBAf8EAjAAMB8GA1UdIwQYMBaAFCB6Id7orbsCqPtxWKQJ
> YrnYWAWiMA4GA1UdDwEB/wQEAwIHgDAWBgNVHSUBAf8EDDAKBgg
> rBgEFBQcDCDANBgkqhkiG9w0BAQsFAAOCAgEAcVo//K7a0PDKQypvdYLMR5byNr+
> lvQlvf2ebnnbL7epgZor+5iKPy8NbEfdlu1PzQaJKcM9XVc68cW
> yuS1JStJHQuCeFDt8JBe2Wy+z6sC905nxkh495YYHFzjV8OpA5K7f8fcEnres+
> 7BJM9opnLlWZwCcZx1UjWy1ETOuT//0311Uhn/MXd3V3cfx3oCRrZ+EgS/
> XFg1FFqnk1Ntxa4AIpyr8dWR8boTG9uN/kd5D8gLJUINwCI+
> AMfzsnotMqYwpUGtnaayssTpVQqQ8w2vUvJ8mlqbbOZS+d1HJ+xAWhXjVwxk9t++
> LUTXW6lKp8YuYNN2w+j/Ga4o76QO1tsRAhtgVYiiTOf9nHO9fJvLj+N/qxVr2OWq+/
> C9n87moyZHuD0aDW6FoqkG/Adh0g1GNolop6M1C+iu/SRrdFF7aoBr083lQxI32OLsFrICWqZ
> X1+cWk5yZn6ARuiDLX4GSaz63VmoqEW4TPN51HIGX0p4VVOagfqNQrEg86pTlZF
> pBfQ9LlmpYV/B2x5Snbpe/raW67hQ1NvrrDV/ilxxKXdFLXXBARqn6/
> t73F0SkyFtCHhSieOm1TMli3IdHgV7up88TE5PnJ6VT6n+
> mcaQxz4bUmpFKCoFFlIaHpQSW2iQQsOXgKt/GOJEajR/MGhZNJeTpWK4Bs4uffGDwu+Tck\=
>
>
>    Authorized clients (serial number, issuer DN):
>
>
> Status of Signer with id 8 (TimeStampSigner) is:
>    Worker status : *Offline*
>    Token status  : Active
>    Signings      : 0
>
>    *Errors: *
> *      - No signer certificate available*
> *      - No key available for purpose: null*
> *      - Unsupported certificate type*
>
>    Worker properties:
>       CRYPTOTOKEN=CryptoTokenP12
>
>       CLASSPATH=org.signserver.common.ProcessableConfig
>
>       AUTHTYPE=NOAUTH
>
>       SIGNERCERT=
>
>       NAME=TimeStampSigner
>
>       WORKERLOGGER=org.signserver.module.tsa.DefaultTimeStampLogger
>
>       SIGNERCERTCHAIN=
>
>       DEFAULTTSAPOLICYOID=1.2.3
>
>
>    Authorized clients (serial number, issuer DN):
>
>    Signer certificate:
> *      Error: No Signer Certificate have been uploaded to this signer.*
>
>
> Do you have any ideas ?
>
> Thanks for your help !
>
>
> Arnaud
>
>
> 2017-03-16 3:06 GMT+01:00 Jaime Hablutzel Egoavil <hab...@gm...>:
>
>>
>> On Wed, Mar 15, 2017 at 4:24 PM, Arnaud Defos <arn...@gm...>
>> wrote:
>>
>>> Hi everyone,
>>>
>>> I would like to use TimeStamp server but I have troubles with the
>>> configuration.
>>>
>>> I have for the moment two workers :
>>>  - one for JKS configuration (it is active and online)
>>>  - one for StampSigner which is active and offline
>>> =>    Worker status : Offline
>>>    Token status  : Active
>>>    Signings      : 0
>>>
>>>    Errors:
>>>       - Missing extended key usage timeStamping
>>>       - The extended key usage extension must be present and marked as
>>> critical
>>>
>>
>> There are some requirements on the digital certificate to be used for
>> timestamping, see https://www.ietf.org/rfc/rfc3161.txt, "2.3.
>> Identification of the TSA".
>>
>> You could easily generate a certificate for that purpose and with the
>> required extension by using XCA or you could just use the demonstration
>> certificate for starting as indicated in the link below.
>>
>>
>>>
>>> I use signserver 3.7.0.
>>>
>>> I don't understand how could I configure signing certificate and
>>> certificate chain. Which properties do I have to set ? In which worker ? Is
>>> the default key configuration important ?
>>>
>>
>> First try to get the timestamping service working by following
>> instructions here https://www.signserver.org/doc/current/manual/installgu
>> ide.html#Quick_start_demo_Timestamp_signer.
>>
>>
>>>
>>>
>>
>>> Do you have any ideas ?
>>>
>>> Thanks a lot,
>>>
>>> Best regards,
>>>
>>> Arnaud
>>>
>>> ------------------------------------------------------------
>>> ------------------
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>> _______________________________________________
>>> SignServer-develop mailing list
>>> Sig...@li...
>>> https://lists.sourceforge.net/lists/listinfo/signserver-develop
>>>
>>>
>>
>>
>> --
>> Jaime Hablutzel -  RPC 994690880
>>
>
>