I want ot use EJBCA with Wildfly (JBoss) application server as PKI infrastructure.
I can access
http://127.0.0.1:8080/ejbca/
https://127.0.0.1:8442/ejbca/
but not
https://127.0.0.1:8443/ejbca/adminweb/
Then I will get with Firefox:
The connection to 127.0.0.1:8443 was interrupted while the was loading
With wireshark I can see the FIN ACKs of the application server.
I am using Ubuntu 16.04.2 LTS AMD64 virtual machine with Java
java -version
openjdk version “1.8.0_131”
OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-0ubuntu1.16.04.2-b11)
OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)
and with EJBCA ejbca_ce_6_5.0.5.zip
and with Wildfly (JBoss) application server wildfly-10.0.0.Final.zip
and with MariaDB which seems to work well except above mentioned Administration access in the GUI.
The configuration is similar to this I found on the EJBCA install page. It seems, that the part with port 8443 was not correctly configured. Do you have a hint for me to find a solution for my problem?
Regards
drnie
For configuration details please have a look at the following lines:
----------------------- BEGIN CONFIG -----------------------
configuring MariaDB
after unzipping as User ejbca
configured the following files
setting the keystore password
$EJBCA_HOME /conf/cesecore.properties
setting database properties (DB name, DB url, DB driver, DB user name and DB password)
$EJBCA_HOME /conf/database.properties
setting cms keystore password and app server home
$EJBCA_HOME /conf/ejbca.properties
kept all settings ...
$EJBCA_HOME /conf/install.properties
Added Management user with
cd /home/ejbca/wildfly-10.0.0.Final/bin/
./add-user.sh
started Wildfly app server
--- Add datasource ---
opened the Call Level Interface
/home/ejbca/wildfly-10.0.0.Final/bin/jboss-cli.sh -c
entered the commands
data-source add --name=ejbcads --driver-name="mariadb-java-client-1.2.0.jar" --connection-url="jdbc:mysql://127.0.0.1:3306/ejbca" --jndi-name="java:/EjbcaDS" --use-ccm=true --driver-class="org.mariadb.jdbc.Driver" --user-name="ejbca" --password="ejbca" --validate-on-match=true --background-validation=false --prepared-statements-cache-size=50 --share-prepared-statements=true --min-pool-size=5 --max-pool-size=150 --pool-prefill=true --transaction-isolation=TRANSACTION_READ_COMMITTED --check-valid-connection-sql="select 1;"
:reload
--- Configure WildFly Remoting ---
/subsystem=remoting/http-connector=http-remoting-connector:remove
/subsystem=remoting/http-connector=http-remoting-connector:add(connector-ref="remoting",security-realm="ApplicationRealm")
/socket-binding-group=standard-sockets/socket-binding=remoting:add(port="4447")
/subsystem=undertow/server=default-server/http-listener=remoting:add(socket-binding=remoting)
:reload
--- Configure logging ---
/subsystem=logging/logger=org.ejbca:add
/subsystem=logging/logger=org.ejbca:write-attribute(name=level, value=DEBUG)
/subsystem=logging/logger=org.cesecore:add
/subsystem=logging/logger=org.cesecore:write-attribute(name=level, value=DEBUG)
:reload
--- Remove existing TLS and HTTP configuration ---
/subsystem=undertow/server=default-server/http-listener=default:remove
/subsystem=undertow/server=default-server/https-listener=https:remove
/socket-binding-group=standard-sockets/socket-binding=http:remove
/socket-binding-group=standard-sockets/socket-binding=https:remove
:reload
quitting CLI shell
restarted wildfly app server
--- Deploy EJBCA ---
ant clean deployear
--- Run install ---
ant runinstall
--- Deploy TLS keystores to WildFly ---
ant deploy-keystore
in the CLI shell
/interface=http:add(inet-address="0.0.0.0")
/interface=httpspub:add(inet-address="0.0.0.0")
/interface=httpspriv:add(inet-address="0.0.0.0")
/socket-binding-group=standard-sockets/socket-binding=http:add(port="8080",interface="http")
/subsystem=undertow/server=default-server/http-listener=http:add(socket-binding=http)
/subsystem=undertow/server=default-server/http-listener=http:write-attribute(name=redirect-socket, value="httpspriv")
:reload
waiting for reload to complete
Configure identities and socket bindings:
/core-service=management/security-realm=SSLRealm:add()
/core-service=management/security-realm=SSLRealm/server-identity=ssl:add(keystore-path="${jboss.server.config.dir}/keystore/keystore.jks", keystore-password="serverpwd", alias="localhost")
/core-service=management/security-realm=SSLRealm/authentication=truststore:add(keystore-path="${jboss.server.config.dir}/keystore/truststore.jks", keystore-password="changeit")
/socket-binding-group=standard-sockets/socket-binding=httpspriv:add(port="8443",interface="httpspriv")
/socket-binding-group=standard-sockets/socket-binding=httpspub:add(port="8442", interface="httpspub")
restart the application server completely and then
/subsystem=undertow/server=default-server/https-listener=httpspriv:add(socket-binding=httpspriv, security-realm="SSLRealm", verify-client=REQUIRED)
/subsystem=undertow/server=default-server/https-listener=httpspub:add(socket-binding=httpspub, security-realm="SSLRealm")
:reload
--- Finalize Wildfly configurations ---
/system-property=org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH:add(value=true)
/system-property=org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH:add(value=true)
/system-property=org.apache.catalina.connector.URI_ENCODING:add(value="UTF-8")
/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING:add(value=true)
/subsystem=webservices:write-attribute(name=wsdl-host, value=jbossws.undefined.host)
/subsystem=webservices:write-attribute(name=modify-wsdl-address, value=true)
:reload
----------------------- END CONFIG -----------------------
I know this is old, but I am betting you did not have the hostname set in web.properties. You need to set httpsserver.hostname=myejbcaservername (default is localhost).
Also, try using FireFox. It has its own certificate store (separate from the OS certificate store) and works better when managing PKIs.
Also, restart your browser if you do have the superadmin certificate installed. If you have hit cancel or done something it will genernally not renegotiate until you use a private browsing window or restart your browser.
Related
Installing Mirth Connect (3.10) on Ubuntu (18.04.4 LTS) based on the user guide here (https://www.nextgen.com/-/media/files/nextgen-connect/nextgen-connect-310-user-guide.pdf) and running into problem where can't log into the Mirth Connect Administrator view (pg.23 of the linked-to guide).
I see...
(where I'm using the default password "admin")
The /usr/local/mirthconnect/logs/mirth.log seems to show that the server is alive there
INFO 2020-12-06 20:52:19,670 [Main Server Thread] com.mirth.connect.server.Mirth: Mirth Connect 3.10.0 (Built on November 5, 2020) server successfully started.
INFO 2020-12-06 20:52:19,672 [Main Server Thread] com.mirth.connect.server.Mirth: This product was developed by NextGen Healthcare (https://www.nextgen.com) and its contributors (c)2005-2020.
INFO 2020-12-06 20:52:19,673 [Main Server Thread] com.mirth.connect.server.Mirth: Running OpenJDK 64-Bit Server VM 11.0.9.1 on Linux (5.3.0-59-generic, amd64), derby, with charset UTF-8.
INFO 2020-12-06 20:52:19,673 [Main Server Thread] com.mirth.connect.server.Mirth: Web server running at http://172.18.4.124:8080/ and https://172.18.4.124:8443/
and I can connect to it on the web browser
and log into the Web Dashboard using user/password admin/admin, so not sure what the problem could be.
Anyone with more experience with this know what could be happening here?
I'm using Apache Ignite entity framework Nuget as a second level cache in an ApsNetCore 2.0 web application under IIS(as reverse proxy).
On my development machine (VS2017 Windows 8.1) everything works well. Wen i deploy to WindowsServer 2012 the Ignite crash at startup with :
An error occurred while starting the application.
IgniteException: Failed to load jvm.dll (Please specify IgniteConfiguration.JvmDllPath or JAVA_HOME.)
Apache.Ignite.Core.Impl.Unmanaged.Jni.JvmDll.Load(string configJvmDllPath, ILogger log)
TargetInvocationException: Exception has been thrown by the target of an invocation.
System.RuntimeTypeHandle.CreateInstance(RuntimeType type, bool publicOnly, bool noCheck, ref bool canBeCached, ref RuntimeMethodHandleInternal ctor, ref bool bNeedSecurityCheck)
IgniteException: Failed to load jvm.dll (Please specify IgniteConfiguration.JvmDllPath or JAVA_HOME.)
Apache.Ignite.Core.Impl.Unmanaged.Jni.JvmDll.Load(string configJvmDllPath, ILogger log)
Apache.Ignite.Core.Ignition.Start(IgniteConfiguration cfg)
Apache.Ignite.EntityFramework.IgniteDbConfiguration.GetOrStartIgnite(IgniteConfiguration cfg)
Apache.Ignite.EntityFramework.IgniteDbConfiguration..ctor()
I checked and re-chewed, installed the JDK , correct system variables....everything. The error don't goes away. What is interesting is the application run ok as console. When it runs under IIS(reverse proxy) it crashes at startup with the above error.
Any suggestions ?
Thank you
I managed to start the website. How ? Only with JDK 11 and explicit path to jvm.dll on app.config file:
If is not explicit in config then crashes.
The JAVA_HOME from system variable is correct set. Also the Path variable is
%JAVA_HOME%;%JAVA_HOME%\bin;%JAVA_HOME%\bin\server;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0;C:\Program Files\Microsoft\Web Platform Installer;C:\Program Files\dotnet;C:\Program Files (x86)\dotnet;C:\ProgramData\chocolatey\bin;C:\Program Files\Memurai;C:\Program Files\Java\jdk-15.0.1\bin\
Maybe is a conflict with C:\Program Files\Java\jdk-15.0.1\bin\ ? It carsh with jvm 15. But it works with jvm 11
Looks like the IIS worker process is running in 32-bit mode, so Ignite looks for a 32-bit JDK, which is not present.
And the console app runs in 64-bit mode, using 64-bit JDK, so it works.
Please check the app pool settings in IIS Manager -> Application Pools -> select the app pool you want and -> Advanced Settings.
Additionally, you can enable detailed logging to a file (since you can't see console logs in IIS) - Ignite logs all attempts to resolve the JDK path. For example, with Apache.Ignite.NLog package:
var nlogConfig = new LoggingConfiguration();
var fileTarget = new FileTarget
{
FileName = "/home/pavel/w/ignite_nlog.log"
};
nlogConfig.AddTarget("logfile", fileTarget);
nlogConfig.LoggingRules.Add(new LoggingRule("*", LogLevel.Trace, fileTarget));
LogManager.Configuration = nlogConfig;
var igniteConfig = new IgniteConfiguration
{
Logger = new IgniteNLogLogger()
};
Ignition.Start(igniteConfig);
I've checked the suggested points by Pavel Tupitsyn:
App pool aplication is 64bits (emable 32bits=false)
I've installed apache.Ignite.NLog
I'tested it on my machine and it logs well all java resolves.
I've deployed to windows server 2012 and under IIS i'm getting 'Process Failure'.
The log file looks like:
2020-12-07 19:39:38.3304|DEBUG||Starting Ignite.NET 2.9.0.50002
2020-12-07 19:39:38.3834|WARN||GC server mode is not enabled, this could lead to less than optimal performance on multi-core machines (to enable see http://msdn.microsoft.com/en-us/library/ms229357(v=vs.110).aspx).
2020-12-07 19:39:46.2534|DEBUG||Starting Ignite.NET 2.9.0.50002
so...just a warning (present on my machine too).
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info:
Apache.Ignite.Core.Common.IgniteException
at Apache.Ignite.Core.Impl.Unmanaged.Jni.JvmDll.Load(System.String, Apache.Ignite.Core.Log.ILogger)
at Apache.Ignite.Core.Ignition.Start(Apache.Ignite.Core.IgniteConfiguration)
at Nop.Web.Program.Main(System.String[])
well...adding apache.ingite.nlog throws PROCESS FAILURE
Hosting is virtual machine with Windows Server 2012 64bits
Any other ideas please....
I have a problem with the installation of Jasper Server v. 6.4.2 on Redhat 7.2
redhat-release-server-7.5-8.el7.x86_64.
My Tomcat is running and my postgresql
[root# jasperreports-server-cp-6.4.2]# ./ctlscript.sh restart
Using CATALINA_BASE: /opt/jasperreports-server-cp-6.4.2/apache-tomcat
Using CATALINA_HOME: /opt/jasperreports-server-cp-6.4.2/apache-tomcat
Using CATALINA_TMPDIR: /opt/jasperreports-server-cp-6.4.2/apache-tomcat/temp
Using JRE_HOME: /opt/jasperreports-server-cp-6.4.2/java
Using CLASSPATH: /opt/jasperreports-server-cp-6.4.2/apache-tomcat/bin/bootstrap.jar:/opt/jasperreports-server-cp-6.4.2/apache-tomcat/bin/tomcat-juli.jar
Using CATALINA_PID: /opt/jasperreports-server-cp-6.4.2/apache-tomcat/temp/catalina.pid
Tomcat stopped.
/opt/jasperreports-server-cp-6.4.2/apache-tomcat/scripts/ctl.sh : tomcat stopped
waiting for server to shut down.... done
server stopped
/opt/jasperreports-server-cp-6.4.2/postgresql/scripts/ctl.sh : postgresql stopped
waiting for server to start.... done
server started
/opt/jasperreports-server-cp-6.4.2/postgresql/scripts/ctl.sh : postgresql started at port 5432
Using CATALINA_BASE: /opt/jasperreports-server-cp-6.4.2/apache-tomcat
Using CATALINA_HOME: /opt/jasperreports-server-cp-6.4.2/apache-tomcat
Using CATALINA_TMPDIR: /opt/jasperreports-server-cp-6.4.2/apache-tomcat/temp
Using JRE_HOME: /opt/jasperreports-server-cp-6.4.2/java
Using CLASSPATH: /opt/jasperreports-server-cp-6.4.2/apache-tomcat/bin/bootstrap.jar:/opt/jasperreports-server-cp-6.4.2/apache-tomcat/bin/tomcat-juli.jar
Using CATALINA_PID: /opt/jasperreports-server-cp-6.4.2/apache-tomcat/temp/catalina.pid
Tomcat started.
/opt/jasperreports-server-cp-6.4.2/apache-tomcat/scripts/ctl.sh : tomcat started
but went I try to connect to http://localhost:8080/jasperserver-pro I have this Message
HTTP Status 404 – Not Found
Type Status Report
Message /jasperserver-pro
Description The origin server did not find a current representation for the target resource or is not willing to disclose that one exists.
Apache Tomcat/8.5.20
First of all just check the whether your war file (tomcat> webapps> jasperserver-pro) is there or not.
Sometimes it does get corrupt and deleted while you are running a js-install sh script for database setup.
So while setting up jasperserver, before running js-install sh (/buildomatic/) make one directory in at /buildmomatic/install_resources with name "war" and copy your war file from tomcat> webapps> to this directory. otherwise, jasperverserver will through error (/war/jasperserver not found).
I need to monitor WAS liberty profiles i made some configuration changes in sever.xml
<feature>restConnector-1.0</feature>^M
<feature>jsp-2.2</feature>^M
<feature>appSecurity-1.0</feature>^M
<feature>ssl-1.0</feature>
<feature>monitor-1.0</feature>^M
but when i am connecting with rest port i am only getting following mbeans regarding websphere
WebSphere
WebSphere:feature=restConnector,type=FileService,name=FileService
WebSphere:service=com.ibm.websphere.application.ApplicationMBean,name=WLProject
WebSphere:feature=channelfw,type=endpoint,name=defaultHttpEndpoint-ssl
WebSphere:feature=restConnector,type=FileTransfer,name=FileTransfer
WebSphere:service=com.ibm.websphere.application.ApplicationMBean,name=kohls
WebSphere:service=com.ibm.ws.kernel.filemonitor.FileNotificationMBean
WebSphere:service=com.ibm.websphere.application.ApplicationMBean,name=worklightadmin
WebSphere:feature=channelfw,type=endpoint,name=defaultHttpEndpoint
WebSphere:service=com.ibm.websphere.application.ApplicationMBean,name=worklightconsole
WebSphere:name=com.ibm.ws.jmx.mbeans.generatePluginConfig
WebSphere:service=com.ibm.websphere.application.ApplicationMBean,name=_analytics
WebSphere:name=com.ibm.ws.config.serverSchemaGenerator
WebSphere:service=com.ibm.websphere.application.ApplicationMBean,name=_MobileBrowserSimulator
WebSphere:service=com.ibm.websphere.application.ApplicationMBean,name=nsecom
not able to get threadpool, webcontaineer mbeans , is there any configuration i have to do??
Maybe update to the latest Liberty version and try to test with jconsole. I'm running v8.5.5.3 and it works fine. I'm using the following command to start jconsole using rest connector (all in one line, formatted for readability):
jconsole
-J-Djava.class.path=C:\
IBM\WebSphere\LibertyIM\java\java_1.7_32\lib\jconsole.jar;C:\IBM\WebSphere\Liber
tyIM\java\java_1.7_32\lib\tools.jar;C:\IBM\WebSphere\wlp\clients\restConnector.j
ar
-J-Djavax.net.ssl.trustStore=C:/IBM/WebSphere/wlp/usr/servers/monitoringServe
r/resources/security/key.jks
-J-Djavax.net.ssl.trustStorePassword=password
-J-Djavax.net.ssl.trustStoreType=jks
-J-Duser.language=en
I can see ThreadPoolStats and ServletStats. For SessionStats or ConnectionPoolStats your application actually needs to use the feature (e.g. session or connection to db) to be visible in jconsole and have mbean.
I tried to do remote debugging on a remote glassfish server for some time, using eclipse.
I want to do it on my local server which is in my own computer. I followed the same
instructions that one follows for setting up remote debugging. In eclipse, I set debug
configurations with info - host = localhost, port = 6767 and server in debug mode.
6767 is the port which I use to connect to the admin of my glassfish server.
This approach worked in the actual remote debugging. But it fails in local debugging.
I get the error - Failed to connect to remote VM. Connection timed out.
org.eclipse.jdi.TimeoutException
How do I fix this error ?
The log from the folder workspace dir > .metadata > .log is given below:
!ENTRY org.eclipse.jdt.launching
!MESSAGE Failed to connect to remote VM. Connection timed out.
!STACK 0
org.eclipse.jdi.TimeoutException
at org.eclipse.jdi.internal.connect.SocketTransportService.attach(SocketTransportService.java:162)
at org.eclipse.jdi.internal.connect.SocketTransportImpl.attach(SocketTransportImpl.java:45)
at org.eclipse.jdi.internal.connect.SocketAttachingConnectorImpl.attach(SocketAttachingConnectorImpl.java:134)
at org.eclipse.jdt.internal.launching.SocketAttachConnector.connect(SocketAttachConnector.java:141)
at org.eclipse.jdt.internal.launching.JavaRemoteApplicationLaunchConfigurationDelegate.launch(JavaRemoteApplicationLaunchConfigurationDelegate.java:84)
at org.eclipse.debug.internal.core.LaunchConfiguration.launch(LaunchConfiguration.java:858)
at org.eclipse.debug.internal.core.LaunchConfiguration.launch(LaunchConfiguration.java:707)
at org.eclipse.debug.internal.ui.DebugUIPlugin.buildAndLaunch(DebugUIPlugin.java:1018)
at org.eclipse.debug.internal.ui.DebugUIPlugin$8.run(DebugUIPlugin.java:1222)
at org.eclipse.core.internal.jobs.Worker.run(Worker.java:53)
I tried one solution which did not work -
open glassfish admin console in a browser > Configuration > server-config > JVM settings > Debug: Enable the checkbox
You do not debug a local application using the remote debugging method. Simply right click your project > debug as > debug on server > choose tomcat or glassfish etc.
Then, run your app from the web browser and see the debugging.