I want ot use EJBCA with Wildfly (JBoss) application server as PKI infrastructure.
I can access
http://127.0.0.1:8080/ejbca/
https://127.0.0.1:8442/ejbca/
but not
https://127.0.0.1:8443/ejbca/adminweb/
Then I will get with Firefox:
The connection to 127.0.0.1:8443 was interrupted while the was loading
With wireshark I can see the FIN ACKs of the application server.
I am using Ubuntu 16.04.2 LTS AMD64 virtual machine with Java
java -version
openjdk version “1.8.0_131”
OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-0ubuntu1.16.04.2-b11)
OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)
and with EJBCA ejbca_ce_6_5.0.5.zip
and with Wildfly (JBoss) application server wildfly-10.0.0.Final.zip
and with MariaDB which seems to work well except above mentioned Administration access in the GUI.
The configuration is similar to this I found on the EJBCA install page. It seems, that the part with port 8443 was not correctly configured. Do you have a hint for me to find a solution for my problem?
Regards
drnie
For configuration details please have a look at the following lines:
----------------------- BEGIN CONFIG -----------------------
configuring MariaDB after unzipping as User ejbca configured the following files
setting the keystore password
$EJBCA_HOME /conf/cesecore.properties
setting database properties (DB name, DB url, DB driver, DB user name and DB password)
$EJBCA_HOME /conf/database.properties
setting cms keystore password and app server home
$EJBCA_HOME /conf/ejbca.properties
kept all settings ...
$EJBCA_HOME /conf/install.properties
Added Management user with
cd /home/ejbca/wildfly-10.0.0.Final/bin/
./add-user.sh
started Wildfly app server
--- Add datasource ---
opened the Call Level Interface
/home/ejbca/wildfly-10.0.0.Final/bin/jboss-cli.sh -c
entered the commands
data-source add --name=ejbcads --driver-name="mariadb-java-client-1.2.0.jar" --connection-url="jdbc:mysql://127.0.0.1:3306/ejbca" --jndi-name="java:/EjbcaDS" --use-ccm=true --driver-class="org.mariadb.jdbc.Driver" --user-name="ejbca" --password="ejbca" --validate-on-match=true --background-validation=false --prepared-statements-cache-size=50 --share-prepared-statements=true --min-pool-size=5 --max-pool-size=150 --pool-prefill=true --transaction-isolation=TRANSACTION_READ_COMMITTED --check-valid-connection-sql="select 1;"
:reload
--- Configure WildFly Remoting ---
/subsystem=remoting/http-connector=http-remoting-connector:remove
/subsystem=remoting/http-connector=http-remoting-connector:add(connector-ref="remoting",security-realm="ApplicationRealm")
/socket-binding-group=standard-sockets/socket-binding=remoting:add(port="4447")
/subsystem=undertow/server=default-server/http-listener=remoting:add(socket-binding=remoting)
:reload
--- Configure logging ---
/subsystem=logging/logger=org.ejbca:add
/subsystem=logging/logger=org.ejbca:write-attribute(name=level, value=DEBUG)
/subsystem=logging/logger=org.cesecore:add
/subsystem=logging/logger=org.cesecore:write-attribute(name=level, value=DEBUG)
:reload
--- Remove existing TLS and HTTP configuration ---
/subsystem=undertow/server=default-server/http-listener=default:remove
/subsystem=undertow/server=default-server/https-listener=https:remove
/socket-binding-group=standard-sockets/socket-binding=http:remove
/socket-binding-group=standard-sockets/socket-binding=https:remove
:reload
quitting CLI shell
restarted wildfly app server
--- Deploy EJBCA ---
ant clean deployear
--- Run install ---
ant runinstall
--- Deploy TLS keystores to WildFly ---
ant deploy-keystore
in the CLI shell
/interface=http:add(inet-address="0.0.0.0")
/interface=httpspub:add(inet-address="0.0.0.0")
/interface=httpspriv:add(inet-address="0.0.0.0")
/socket-binding-group=standard-sockets/socket-binding=http:add(port="8080",interface="http")
/subsystem=undertow/server=default-server/http-listener=http:add(socket-binding=http)
/subsystem=undertow/server=default-server/http-listener=http:write-attribute(name=redirect-socket, value="httpspriv")
:reload
waiting for reload to complete Configure identities and socket bindings:
/core-service=management/security-realm=SSLRealm:add()
/core-service=management/security-realm=SSLRealm/server-identity=ssl:add(keystore-path="${jboss.server.config.dir}/keystore/keystore.jks", keystore-password="serverpwd", alias="localhost")
/core-service=management/security-realm=SSLRealm/authentication=truststore:add(keystore-path="${jboss.server.config.dir}/keystore/truststore.jks", keystore-password="changeit")
/socket-binding-group=standard-sockets/socket-binding=httpspriv:add(port="8443",interface="httpspriv")
/socket-binding-group=standard-sockets/socket-binding=httpspub:add(port="8442", interface="httpspub")
restart the application server completely and then
/subsystem=undertow/server=default-server/https-listener=httpspriv:add(socket-binding=httpspriv, security-realm="SSLRealm", verify-client=REQUIRED)
/subsystem=undertow/server=default-server/https-listener=httpspub:add(socket-binding=httpspub, security-realm="SSLRealm")
:reload
--- Finalize Wildfly configurations ---
/system-property=org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH:add(value=true)
/system-property=org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH:add(value=true)
/system-property=org.apache.catalina.connector.URI_ENCODING:add(value="UTF-8")
/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING:add(value=true)
/subsystem=webservices:write-attribute(name=wsdl-host, value=jbossws.undefined.host)
/subsystem=webservices:write-attribute(name=modify-wsdl-address, value=true)
:reload
----------------------- END CONFIG -----------------------
I know this is old, but I am betting you did not have the hostname set in web.properties. You need to set httpsserver.hostname=myejbcaservername (default is localhost).
Also, try using FireFox. It has its own certificate store (separate from the OS certificate store) and works better when managing PKIs.
Also, restart your browser if you do have the superadmin certificate installed. If you have hit cancel or done something it will genernally not renegotiate until you use a private browsing window or restart your browser.