EjbCA
 » 
EjbCA - Dev

Help on generating IS cert and key

View: New views
7 Messages — Rating Filter:   Alert me  

Help on generating IS cert and key

by khsheh :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

I am trying to create the IS cert and key. The CVCA documentation say that I need to create an end entity for the IS and then use it to create the IS cert / key. But I get the following errors when doing so. Is it related to my ejbca Web Services being not properly setup or is it related to some authentication issue like that in ejbcawsracli.properties? I cannot understand the documentaton of how to setup the ejbcawsracli.properties. Would you please help how to solve the probelms? My purpose is just to get the IS cert and key. Thank you.

1) Creating an end entity

C:\EJBCA_~1\dist\EJBCAW~1>ejbcawsracli edituser isrsa1 foo123 false "CN=ISRSA1,C=CN" NULL NULL DV-RSA-1 1 USERGENERATED NEW IS IS
Trying to add user:
Username: isrsa1
Subject DN: CN=ISRSA1,C=CN
Subject Altname: null
Email: null
CA Name: DV-RSA-1
Type: 1
Token: USERGENERATED
Status: 10
End entity profile: IS
Certificate profile: IS
Hard Token Issuer Alias: NONE
Start time: NONE
End time: NONE
javax.xml.ws.WebServiceException: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
org.ejbca.ui.cli.ErrorAdminCommandException: javax.xml.ws.WebServiceException: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:166)
        at org.ejbca.core.protocol.ws.client.ejbcawsracli.main(ejbcawsracli.java:34)
Caused by: javax.xml.ws.WebServiceException: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:162)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(RuntimeWSDLParser.java:188)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:66)
        at com.sun.xml.ws.wsdl.WSDLContext.<init>(WSDLContext.java:57)
        at com.sun.xml.ws.client.ServiceContextBuilder.build(ServiceContextBuilder.java:60)
        at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:103)
        at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:50)
        at javax.xml.ws.Service.<init>(Service.java:57)
        at org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
        at org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:205)
        at org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:187)
        at org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:154)
        ... 1 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
        at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:186)
        at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:362)
        at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
        at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:272)
        at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:793)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at java.net.URL.openStream(URL.java:1009)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:159)
        ... 12 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at java.security.Provider$Service.newInstance(Provider.java:1245)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
        at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
        at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
        at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
        at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:325)
        at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:283)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:65)
        at sun.net.www.protocol.https.Handler.openConnection(Handler.java:42)
        at sun.net.www.protocol.https.Handler.openConnection(Handler.java:37)
        at java.net.URL.openConnection(URL.java:945)
        ... 14 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:355)
        at java.lang.Class.newInstance(Class.java:308)
        at java.security.Provider$Service.newInstance(Provider.java:1221)
        ... 25 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
        ... 36 more

2)  Due to the above problem, I have created the end entity using the admin web page of Add Entity. But I have the problem of creating the IS cert and key as follows:

C:\EJBCA_~1\dist\EJBCAW~1>cvcwscli cvcrequest isrsa foo123 "C=CN,CN=HKIS" 00005 SHA1WithRSA 1024 true HKIS

Enrolling user:
Username: isrsa
Subject name: C=CN,CN=HKIS
Sequence: 00005
Signature algorithm: SHA1WithRSA
Key spec: 1024
Generating a new request with base filename: HKIS
Wrote binary request to: HKIS.cvreq
Wrote private key in PKCS#8 format to to: HKIS.pkcs8
Submitting CVC request for user 'isrsa'.

javax.xml.ws.WebServiceException: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
org.ejbca.ui.cli.ErrorAdminCommandException: javax.xml.ws.WebServiceException: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211)
        at org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30)
Caused by: javax.xml.ws.WebServiceException: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:162)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(RuntimeWSDLParser.java:188)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:66)
        at com.sun.xml.ws.wsdl.WSDLContext.<init>(WSDLContext.java:57)
        at com.sun.xml.ws.client.ServiceContextBuilder.build(ServiceContextBuilder.java:60)
        at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:103)
        at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:50)
        at javax.xml.ws.Service.<init>(Service.java:57)
        at org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
        at org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:205)
        at org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:187)
        at org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:188)
        ... 1 more
Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
        at javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:186)
        at sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:362)
        at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
        at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
        at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:272)
        at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
        at sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:793)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at java.net.URL.openStream(URL.java:1009)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:159)
        ... 12 more
Caused by: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
        at java.security.Provider$Service.newInstance(Provider.java:1245)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
        at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
        at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
        at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
        at javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:325)
        at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:283)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:65)
        at sun.net.www.protocol.https.Handler.openConnection(Handler.java:42)
        at sun.net.www.protocol.https.Handler.openConnection(Handler.java:37)
        at java.net.URL.openConnection(URL.java:945)
        ... 14 more
Caused by: java.io.IOException: Keystore was tampered with, or password was incorrect
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
        at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
        at java.security.KeyStore.load(KeyStore.java:1185)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
        at com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
        at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
        at java.lang.Class.newInstance0(Class.java:355)
        at java.lang.Class.newInstance(Class.java:308)
        at java.security.Provider$Service.newInstance(Provider.java:1221)
        ... 25 more
Caused by: java.security.UnrecoverableKeyException: Password verification failed
        at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
        ... 36 more

Thanks a lot!



Re: Help on generating IS cert and key

by Tomas Gustavsson :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


You have configured the wrong keystore or password in
ejbcawsracli.properties.

the error is clear .-)

Caused by: java.io.IOException: Keystore was tampered with, or password
was incorrect

Cheers,
Tomas


khsheh wrote:

> I am trying to create the IS cert and key. The CVCA documentation say that I
> need to create an end entity for the IS and then use it to create the IS
> cert / key. But I get the following errors when doing so. Is it related to
> my ejbca Web Services being not properly setup or is it related to some
> authentication issue like that in ejbcawsracli.properties? I cannot
> understand the documentaton of how to setup the ejbcawsracli.properties.
> Would you please help how to solve the probelms? My purpose is just to get
> the IS cert and key. Thank you.
>
> 1) Creating an end entity
>
> C:\EJBCA_~1\dist\EJBCAW~1>ejbcawsracli edituser isrsa1 foo123 false
> "CN=ISRSA1,C=CN" NULL NULL DV-RSA-1 1 USERGENERATED NEW IS IS
> Trying to add user:
> Username: isrsa1
> Subject DN: CN=ISRSA1,C=CN
> Subject Altname: null
> Email: null
> CA Name: DV-RSA-1
> Type: 1
> Token: USERGENERATED
> Status: 10
> End entity profile: IS
> Certificate profile: IS
> Hard Token Issuer Alias: NONE
> Start time: NONE
> End time: NONE
> javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> org.ejbca.ui.cli.ErrorAdminCommandException:
> javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:166)
> at
> org.ejbca.core.protocol.ws.client.ejbcawsracli.main(ejbcawsracli.java:34)
> Caused by: javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:162)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(RuntimeWSDLParser.java:188)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:66)
> at com.sun.xml.ws.wsdl.WSDLContext.<init>(WSDLContext.java:57)
> at
> com.sun.xml.ws.client.ServiceContextBuilder.build(ServiceContextBuilder.java:60)
> at
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:103)
> at
> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:50)
> at javax.xml.ws.Service.<init>(Service.java:57)
> at
> org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:205)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:187)
> at
> org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:154)
> ... 1 more
> Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException:
> Error constructing implementation (algorithm: Default, provider: SunJSSE,
> class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
> at
> javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:186)
> at
> sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:362)
> at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
> at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:272)
> at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
> at
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:793)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at java.net.URL.openStream(URL.java:1009)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:159)
> ... 12 more
> Caused by: java.security.NoSuchAlgorithmException: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at java.security.Provider$Service.newInstance(Provider.java:1245)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
> at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
> at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
> at
> javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:325)
> at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:283)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:65)
> at sun.net.www.protocol.https.Handler.openConnection(Handler.java:42)
> at sun.net.www.protocol.https.Handler.openConnection(Handler.java:37)
> at java.net.URL.openConnection(URL.java:945)
> ... 14 more
> Caused by: java.io.IOException: Keystore was tampered with, or password was
> incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
> at
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
> at
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at java.lang.Class.newInstance0(Class.java:355)
> at java.lang.Class.newInstance(Class.java:308)
> at java.security.Provider$Service.newInstance(Provider.java:1221)
> ... 25 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
> ... 36 more
>
> 2)  Due to the above problem, I have created the end entity using the admin
> web page of Add Entity. But I have the problem of creating the IS cert and
> key as follows:
>
> C:\EJBCA_~1\dist\EJBCAW~1>cvcwscli cvcrequest isrsa foo123 "C=CN,CN=HKIS"
> 00005 SHA1WithRSA 1024 true HKIS
>
> Enrolling user:
> Username: isrsa
> Subject name: C=CN,CN=HKIS
> Sequence: 00005
> Signature algorithm: SHA1WithRSA
> Key spec: 1024
> Generating a new request with base filename: HKIS
> Wrote binary request to: HKIS.cvreq
> Wrote private key in PKCS#8 format to to: HKIS.pkcs8
> Submitting CVC request for user 'isrsa'.
>
> javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> org.ejbca.ui.cli.ErrorAdminCommandException:
> javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211)
> at org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30)
> Caused by: javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:162)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(RuntimeWSDLParser.java:188)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:66)
> at com.sun.xml.ws.wsdl.WSDLContext.<init>(WSDLContext.java:57)
> at
> com.sun.xml.ws.client.ServiceContextBuilder.build(ServiceContextBuilder.java:60)
> at
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:103)
> at
> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:50)
> at javax.xml.ws.Service.<init>(Service.java:57)
> at
> org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:205)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:187)
> at
> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:188)
> ... 1 more
> Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException:
> Error constructing implementation (algorithm: Default, provider: SunJSSE,
> class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
> at
> javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:186)
> at
> sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:362)
> at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
> at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:272)
> at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
> at
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:793)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at java.net.URL.openStream(URL.java:1009)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:159)
> ... 12 more
> Caused by: java.security.NoSuchAlgorithmException: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at java.security.Provider$Service.newInstance(Provider.java:1245)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
> at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
> at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
> at
> javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:325)
> at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:283)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:65)
> at sun.net.www.protocol.https.Handler.openConnection(Handler.java:42)
> at sun.net.www.protocol.https.Handler.openConnection(Handler.java:37)
> at java.net.URL.openConnection(URL.java:945)
> ... 14 more
> Caused by: java.io.IOException: Keystore was tampered with, or password was
> incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
> at
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
> at
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at java.lang.Class.newInstance0(Class.java:355)
> at java.lang.Class.newInstance(Class.java:308)
> at java.security.Provider$Service.newInstance(Provider.java:1221)
> ... 25 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
> ... 36 more
>
> Thanks a lot!
>
>
>

------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: Help on generating IS cert and key

by Johan Eklund :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi khsheh,

Last cause-by in your stacktraces are:

"Caused by: java.security.UnrecoverableKeyException: Password verification
failed"

Please verify the password use for the client-side SSL keystore.

Best Regards,
Johan


khsheh skrev:

> I am trying to create the IS cert and key. The CVCA documentation say that I
> need to create an end entity for the IS and then use it to create the IS
> cert / key. But I get the following errors when doing so. Is it related to
> my ejbca Web Services being not properly setup or is it related to some
> authentication issue like that in ejbcawsracli.properties? I cannot
> understand the documentaton of how to setup the ejbcawsracli.properties.
> Would you please help how to solve the probelms? My purpose is just to get
> the IS cert and key. Thank you.
>
> 1) Creating an end entity
>
> C:\EJBCA_~1\dist\EJBCAW~1>ejbcawsracli edituser isrsa1 foo123 false
> "CN=ISRSA1,C=CN" NULL NULL DV-RSA-1 1 USERGENERATED NEW IS IS
> Trying to add user:
> Username: isrsa1
> Subject DN: CN=ISRSA1,C=CN
> Subject Altname: null
> Email: null
> CA Name: DV-RSA-1
> Type: 1
> Token: USERGENERATED
> Status: 10
> End entity profile: IS
> Certificate profile: IS
> Hard Token Issuer Alias: NONE
> Start time: NONE
> End time: NONE
> javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> org.ejbca.ui.cli.ErrorAdminCommandException:
> javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:166)
> at
> org.ejbca.core.protocol.ws.client.ejbcawsracli.main(ejbcawsracli.java:34)
> Caused by: javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:162)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(RuntimeWSDLParser.java:188)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:66)
> at com.sun.xml.ws.wsdl.WSDLContext.<init>(WSDLContext.java:57)
> at
> com.sun.xml.ws.client.ServiceContextBuilder.build(ServiceContextBuilder.java:60)
> at
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:103)
> at
> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:50)
> at javax.xml.ws.Service.<init>(Service.java:57)
> at
> org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:205)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:187)
> at
> org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:154)
> ... 1 more
> Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException:
> Error constructing implementation (algorithm: Default, provider: SunJSSE,
> class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
> at
> javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:186)
> at
> sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:362)
> at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
> at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:272)
> at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
> at
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:793)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at java.net.URL.openStream(URL.java:1009)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:159)
> ... 12 more
> Caused by: java.security.NoSuchAlgorithmException: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at java.security.Provider$Service.newInstance(Provider.java:1245)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
> at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
> at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
> at
> javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:325)
> at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:283)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:65)
> at sun.net.www.protocol.https.Handler.openConnection(Handler.java:42)
> at sun.net.www.protocol.https.Handler.openConnection(Handler.java:37)
> at java.net.URL.openConnection(URL.java:945)
> ... 14 more
> Caused by: java.io.IOException: Keystore was tampered with, or password was
> incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
> at
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
> at
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at java.lang.Class.newInstance0(Class.java:355)
> at java.lang.Class.newInstance(Class.java:308)
> at java.security.Provider$Service.newInstance(Provider.java:1221)
> ... 25 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
> ... 36 more
>
> 2)  Due to the above problem, I have created the end entity using the admin
> web page of Add Entity. But I have the problem of creating the IS cert and
> key as follows:
>
> C:\EJBCA_~1\dist\EJBCAW~1>cvcwscli cvcrequest isrsa foo123 "C=CN,CN=HKIS"
> 00005 SHA1WithRSA 1024 true HKIS
>
> Enrolling user:
> Username: isrsa
> Subject name: C=CN,CN=HKIS
> Sequence: 00005
> Signature algorithm: SHA1WithRSA
> Key spec: 1024
> Generating a new request with base filename: HKIS
> Wrote binary request to: HKIS.cvreq
> Wrote private key in PKCS#8 format to to: HKIS.pkcs8
> Submitting CVC request for user 'isrsa'.
>
> javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> org.ejbca.ui.cli.ErrorAdminCommandException:
> javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211)
> at org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30)
> Caused by: javax.xml.ws.WebServiceException: java.net.SocketException:
> java.security.NoSuchAlgorithmException: Error constructing implementation
> (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:162)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(RuntimeWSDLParser.java:188)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:66)
> at com.sun.xml.ws.wsdl.WSDLContext.<init>(WSDLContext.java:57)
> at
> com.sun.xml.ws.client.ServiceContextBuilder.build(ServiceContextBuilder.java:60)
> at
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:103)
> at
> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:50)
> at javax.xml.ws.Service.<init>(Service.java:57)
> at
> org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:205)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:187)
> at
> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:188)
> ... 1 more
> Caused by: java.net.SocketException: java.security.NoSuchAlgorithmException:
> Error constructing implementation (algorithm: Default, provider: SunJSSE,
> class: com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at
> javax.net.ssl.DefaultSSLSocketFactory.throwException(SSLSocketFactory.java:179)
> at
> javax.net.ssl.DefaultSSLSocketFactory.createSocket(SSLSocketFactory.java:186)
> at
> sun.net.www.protocol.https.HttpsClient.createSocket(HttpsClient.java:362)
> at sun.net.NetworkClient.doConnect(NetworkClient.java:145)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:394)
> at sun.net.www.http.HttpClient.openServer(HttpClient.java:529)
> at sun.net.www.protocol.https.HttpsClient.<init>(HttpsClient.java:272)
> at sun.net.www.protocol.https.HttpsClient.New(HttpsClient.java:329)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.getNewHttpClient(AbstractDelegateHttpsURLConnection.java:172)
> at
> sun.net.www.protocol.http.HttpURLConnection.plainConnect(HttpURLConnection.java:793)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:158)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at java.net.URL.openStream(URL.java:1009)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:159)
> ... 12 more
> Caused by: java.security.NoSuchAlgorithmException: Error constructing
> implementation (algorithm: Default, provider: SunJSSE, class:
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl)
> at java.security.Provider$Service.newInstance(Provider.java:1245)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:220)
> at sun.security.jca.GetInstance.getInstance(GetInstance.java:147)
> at javax.net.ssl.SSLContext.getInstance(SSLContext.java:125)
> at javax.net.ssl.SSLContext.getDefault(SSLContext.java:68)
> at javax.net.ssl.SSLSocketFactory.getDefault(SSLSocketFactory.java:102)
> at
> javax.net.ssl.HttpsURLConnection.getDefaultSSLSocketFactory(HttpsURLConnection.java:325)
> at javax.net.ssl.HttpsURLConnection.<init>(HttpsURLConnection.java:283)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.<init>(HttpsURLConnectionImpl.java:65)
> at sun.net.www.protocol.https.Handler.openConnection(Handler.java:42)
> at sun.net.www.protocol.https.Handler.openConnection(Handler.java:37)
> at java.net.URL.openConnection(URL.java:945)
> ... 14 more
> Caused by: java.io.IOException: Keystore was tampered with, or password was
> incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:771)
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:38)
> at java.security.KeyStore.load(KeyStore.java:1185)
> at
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.getDefaultKeyManager(DefaultSSLContextImpl.java:150)
> at
> com.sun.net.ssl.internal.ssl.DefaultSSLContextImpl.<init>(DefaultSSLContextImpl.java:40)
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
> at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at java.lang.Class.newInstance0(Class.java:355)
> at java.lang.Class.newInstance(Class.java:308)
> at java.security.Provider$Service.newInstance(Provider.java:1221)
> ... 25 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:769)
> ... 36 more
>
> Thanks a lot!
>
>
>
>  

--
PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf




------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

smime.p7s (3K) Download Attachment

Re: Help on generating IS cert and key

by khsheh :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Thanks. I now set the correct password in ejbcawsracli.properties for superadmin.jks, i.e.:

ejbcawsracli.keystore.path = superadmin.jks
ejbcawsracli.keystore.password = password

But when I run the following command (the ejbca is in the same Windows workstation as I type the command):
ejbcawsracli edituser isrsa1 foo123 false "CN=ISRSA1,C=CN" NULL NULL DV-RSA-1 1 USERGENERATED NEW IS IS

I get the following error on localhost issue Do you have any suggestions. Sorry that I am new to the keystore and JBOSS areas.

Thanks.

Trying to add user:
Username: isrsa
Subject DN: CN=ISRSA1,C=CN
Subject Altname: null
Email: null
CA Name: DV-RSA-1
Type: 1
Token: USERGENERATED
Status: 10
End entity profile: IS
Certificate profile: IS
Hard Token Issuer Alias: NONE
Start time: NONE
End time: NONE
javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
org.ejbca.ui.cli.ErrorAdminCommandException: javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
        at org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:166)
        at org.ejbca.core.protocol.ws.client.ejbcawsracli.main(ejbcawsracli.java:34)
Caused by: javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:162)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(RuntimeWSDLParser.java:188)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:66)
        at com.sun.xml.ws.wsdl.WSDLContext.<init>(WSDLContext.java:57)
        at com.sun.xml.ws.client.ServiceContextBuilder.build(ServiceContextBuilder.java:60)
        at com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:103)
        at com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:50)
        at javax.xml.ws.Service.<init>(Service.java:57)
        at org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
        at org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:205)
        at org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:187)
        at org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:154)
        ... 1 more
Caused by: javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: No name matching localhost found
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
        at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
        at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
        at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
        at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
        at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
        at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
        at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
        at java.net.URL.openStream(URL.java:1009)
        at com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:159)
        ... 12 more
Caused by: java.security.cert.CertificateException: No name matching localhost found
        at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:210)
        at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
        at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
        at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
        ... 25 more



You have configured the wrong keystore or password in
ejbcawsracli.properties.

the error is clear .-)

Caused by: java.io.IOException: Keystore was tampered with, or password
was incorrect

Cheers,
Tomas


Re: Help on generating IS cert and key

by Johan Eklund :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Hi khsheh,

When you installed EJBCA you specified a server name that is used in the
server side SSL certificate ( EJBCA_HOME/conf/web.properties:
httpsserver.hostname=... ).

You must connect to this hostname or the SSL connection will fail, since
the serverside is issued for a different host than 'localhost'.

Best Regards,
Johan

khsheh skrev:

> Thanks. I now set the correct password in ejbcawsracli.properties for
> superadmin.jks, i.e.:
>
> ejbcawsracli.keystore.path = superadmin.jks
> ejbcawsracli.keystore.password = password
>
> But when I run the following command (the ejbca is in the same Windows
> workstation as I type the command):
> ejbcawsracli edituser isrsa1 foo123 false "CN=ISRSA1,C=CN" NULL NULL
> DV-RSA-1 1 USERGENERATED NEW IS IS
>
> I get the following error on localhost issue Do you have any suggestions.
> Sorry that I am new to the keystore and JBOSS areas.
>
> Thanks.
>
> Trying to add user:
> Username: isrsa
> Subject DN: CN=ISRSA1,C=CN
> Subject Altname: null
> Email: null
> CA Name: DV-RSA-1
> Type: 1
> Token: USERGENERATED
> Status: 10
> End entity profile: IS
> Certificate profile: IS
> Hard Token Issuer Alias: NONE
> Start time: NONE
> End time: NONE
> javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No name matching localhost found
> org.ejbca.ui.cli.ErrorAdminCommandException:
> javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No name matching localhost found
> at
> org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:166)
> at
> org.ejbca.core.protocol.ws.client.ejbcawsracli.main(ejbcawsracli.java:34)
> Caused by: javax.xml.ws.WebServiceException:
> javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No name matching localhost found
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:162)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parseWSDL(RuntimeWSDLParser.java:188)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.parse(RuntimeWSDLParser.java:66)
> at com.sun.xml.ws.wsdl.WSDLContext.<init>(WSDLContext.java:57)
> at
> com.sun.xml.ws.client.ServiceContextBuilder.build(ServiceContextBuilder.java:60)
> at
> com.sun.xml.ws.client.WSServiceDelegate.<init>(WSServiceDelegate.java:103)
> at
> com.sun.xml.ws.spi.ProviderImpl.createServiceDelegate(ProviderImpl.java:50)
> at javax.xml.ws.Service.<init>(Service.java:57)
> at
> org.ejbca.core.protocol.ws.client.gen.EjbcaWSService.<init>(EjbcaWSService.java:36)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:205)
> at
> org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.getEjbcaRAWS(EJBCAWSRABaseCommand.java:187)
> at
> org.ejbca.core.protocol.ws.client.EditUserCommand.execute(EditUserCommand.java:154)
> ... 1 more
> Caused by: javax.net.ssl.SSLHandshakeException:
> java.security.cert.CertificateException: No name matching localhost found
> at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1611)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:187)
> at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:181)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1035)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:124)
> at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:516)
> at
> com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:454)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:884)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1112)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1139)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1123)
> at
> sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
> at
> sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
> at
> sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1041)
> at
> sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:234)
> at java.net.URL.openStream(URL.java:1009)
> at
> com.sun.xml.ws.wsdl.parser.RuntimeWSDLParser.createReader(RuntimeWSDLParser.java:159)
> ... 12 more
> Caused by: java.security.cert.CertificateException: No name matching
> localhost found
> at sun.security.util.HostnameChecker.matchDNS(HostnameChecker.java:210)
> at sun.security.util.HostnameChecker.match(HostnameChecker.java:77)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:264)
> at
> com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:250)
> at
> com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1014)
> ... 25 more
>
>
>
> You have configured the wrong keystore or password in
> ejbcawsracli.properties.
>
> the error is clear .-)
>
> Caused by: java.io.IOException: Keystore was tampered with, or password
> was incorrect
>
> Cheers,
> Tomas
>
>
>  

--
PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf




------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop

smime.p7s (3K) Download Attachment

Re: Help on generating IS cert and key

by khsheh :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message

Dear Johan,

I just discover there is such a a file web.properties in EJBCA_HOME/conf/web.properties.sample.

I copy it to web.properties and no matter whether I set the httpsserver.hostname=devnbmbsi03  (which is my workstation name) or httpsserver.hostname=localhost, I stilll I get the error of "No name matching localhost found".

Would you explain more of what I should do? Is there any documentation of it? In the command, "ejbcawsracli edituser isrsa1 foo123 false "CN=ISRSA1,C=CN" NULL NULL DV-RSA-1 1 USERGENERATED NEW IS IS", how to control which server to connect to? Is there anything I should set in C:\jboss\server\default\conf\keystore\truststore.jks like importing anything to it?

I now only have 1 workstation, and I have tomcat.jks (devnbmbsi03), superadmin.jks (superadmin) and truststore.jks (AdminCA1).

Thanks.

Regards,
Wilson.


Hi khsheh,

When you installed EJBCA you specified a server name that is used in the
server side SSL certificate ( EJBCA_HOME/conf/web.properties:
httpsserver.hostname=... ).

You must connect to this hostname or the SSL connection will fail, since
the serverside is issued for a different host than 'localhost'.

Best Regards,
Johan


Re: Help on generating IS cert and key

by Tomas Gustavsson :: Rate this Message:

Reply to Author | View Threaded | Show Only this Message


Hi,

that value is used during installation when the server side SSL
certificate is created. In order to change the certificate in an already
installed setup you have to edit the user "tomcat".

What you need to do is the same as for "SSL certificate expire" from the
User Guide at ejbca.org. You need to set the Common Name of the tomcat
user to match you real hostname.

Regards,
Tomas
-----
PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
info@... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

On Wed, 2009-11-04 at 22:56 -0800, khsheh wrote:

> Dear Johan,
>
> I just discover there is such a a file web.properties in
> EJBCA_HOME/conf/web.properties.sample.
>
> I copy it to web.properties and no matter whether I set the
> httpsserver.hostname=devnbmbsi03  (which is my workstation name) or
> httpsserver.hostname=localhost, I stilll I get the error of "No name
> matching localhost found".
>
> Would you explain more of what I should do? Is there any documentation of
> it? In the command, "ejbcawsracli edituser isrsa1 foo123 false
> "CN=ISRSA1,C=CN" NULL NULL DV-RSA-1 1 USERGENERATED NEW IS IS", how to
> control which server to connect to? Is there anything I should set in
> C:\jboss\server\default\conf\keystore\truststore.jks like importing anything
> to it?
>
> I now only have 1 workstation, and I have tomcat.jks (devnbmbsi03),
> superadmin.jks (superadmin) and truststore.jks (AdminCA1).
>
> Thanks.
>
> Regards,
> Wilson.
>
>
> Hi khsheh,
>
> When you installed EJBCA you specified a server name that is used in the
> server side SSL certificate ( EJBCA_HOME/conf/web.properties:
> httpsserver.hostname=... ).
>
> You must connect to this hostname or the SSL connection will fail, since
> the serverside is issued for a different host than 'localhost'.
>
> Best Regards,
> Johan
>
>



------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
Free embeddable forum powered by Nabble Forum Help