keyfactor / ejbca-ce Goto Github PK

View Code? Open in Web Editor NEW

566.0 27.0 104.0 711.29 MB

EJBCA® – Open-source public key infrastructure (PKI) and certificate authority (CA) software.

Home Page: https://www.ejbca.org/

License: GNU Lesser General Public License v2.1

Batchfile 0.05% Shell 0.13% JavaScript 0.10% HTML 6.12% Java 90.54% Perl 0.01% CSS 0.96% SQLPL 0.01% Mustache 2.09%

pki pkix pki-applications pki-tools cryptography ejbca

ejbca-ce's Introduction

EJBCA PKI

EJBCA covers all your needs – from certificate management, registration and enrollment to certificate validation.

Welcome to EJBCA – the Open Source Certificate Authority (software). EJBCA is one of the longest running CA software projects, providing time-proven robustness, reliability and flexibitlity. EJBCA is platform independent and can easily be scaled out to match the needs of your PKI requirements, whether you’re setting up a national eID, securing your industrial IoT platform or managing your own internal PKI for Enterprise or DevOps.

EJBCA is developed in Java and runs on a JVM such as OpenJDK, available on most platforms such as Linux and Windows.

There are two versions of EJBCA:

EJBCA Community (EJBCA CE) - free and open source, OSI Certified Open Source Software
EJBCA Enterprise (EJBCA EE) - commercial and Common Criteria certified

OSI Certified is a certification mark of the Open Source Initiative.

Get started

To get started with EJBCA Community, clone ejbca-ce and install it, see EJBCA Installation.

You can also easily run EJBCA as a container from Dockerhub.

Community Support

In our Community we welcome contributions. The Community software is open source and community supported, there is no support SLA, but a helpful best-effort Community.

To report a problem or suggest a new feature, use the Issues tab.
If you want to contribute actual bug fixes or proposed enhancements, use the Pull requests tab.
Ask the community for ideas: EJBCA Discussions.
Read more in our documentation: EJBCA Documentation.
See release information: EJBCA Release information.
Read more on the open source project website: EJBCA website.

Commercial Support

Commercial support is available for EJBCA Enterprise.

License

EJBCA Community is licensed under the LGPL license, please see LICENSE.

Related projects

ejbca-ce's People

Contributors

Stargazers

Watchers

Forkers

planetway isoeb newfirmaec cbxia qianwch mr-craps taro-75 hou85 danmikes ting723 bunyaminatik zeguimoko rain10 ifindthanh isblocksltd danielgora manny27nyc surpass lazydays79 86dh xiyuwang vict-dev-j adleader forgaoqiang laashub-soa pedro1810 dbatowl geofli chadkraut anjilinux shivamsharmamwp credentive-sec kaerez jschmucke registerme1963 r34dycsibrak tjeukayim hablutzel1 adminsharmasecureservicescausa jdflynn85 dgoltzsche netmackan cryptable ntvis ikeadavid primetomas satriapribadi xtxxueyan lu-guangrui jmr-x1 asiawyz sirtediousoffoo yogi-ra crypteguy devisefutures xzeng1991 colinschaub nopost yuanmabiji suyambuganesh82 chasangchual hanifkarimi virgree badpenguin3 gannino abhinavbhagwat shubhranshu2411 duneshadow 3keyroman zendroid6990 crajeshbe davenzeng xiaoruiguo dledob debambi daluntw uedvt359 rufusjwb karolinhem dcarella hongdouli tonnycao linuxdevel ebell451 stueypoo safy-io wyverm swanzess avila-tek techris45 dijker-nu nulledexceptions pks-os erick-virapatrin akretsch hossam16 rd-softlock chanpu9 github-user-6

ejbca-ce's Issues

ejbca ce : protocol acme is Unavailable

I am using ejbca ce using docker and i am trying to work with acme protocl but i saw this

Where the protocol acme is Unavailable. Why ?

How can i activate it ?.

Its only for testing purpose.

Caused by: javax.ejb.EJBException: org.ejbca.core.model.ca.publisher.PublisherException: LDAP ERROR: Error storing CRL: Message: Connect Error.

I face such an error when I try to Create CRL through the EJBCA Administration dashboard.
CA Functions -> CA Structure & CRL's -> "Create CRL".
When I click this button it waits nearly 10-15 minutes and throws an exception:

Error while getting certficate chain from CA.
javax.ejb.EJBException: javax.ejb.EJBException: Error creating CRL.
	at org.cesecore.core.ejb.ca.crl.CrlCreateSessionBean.run(CrlCreateSessionBean.java:519)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
...
Caused by: javax.ejb.EJBException: org.ejbca.core.model.ca.publisher.PublisherException: LDAP ERROR: Error storing CRL (certificateRevocationList;binary) in LDAP (top;applicationProcess;certificationAuthority-V2) for DN (CN=<VALUES>,o=<VALUES>,c=az). Message: Connect Error.
	at org.jboss.ejb3.tx.TxInterceptor$NotSupported.invoke(TxInterceptor.java:104)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at org.jboss.aspects.tx.TxPropagationInterceptor.invoke(TxPropagationInterceptor.java:76)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at org.jboss.ejb3.tx.NullInterceptor.invoke(NullInterceptor.java:42)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at org.jboss.ejb3.security.RoleBasedAuthorizationInterceptorv2.invoke(RoleBasedAuthorizationInterceptorv2.java:201)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
	at org.jboss.ejb3.security.Ejb3AuthenticationInterceptorv2.invoke(Ejb3AuthenticationInterceptorv2.java:186)
	at org.jboss.aop.joinpoint.MethodInvocation.invokeNext(MethodInvocation.java:102)
...

As the error suggests that there is a Connection error to the LDAP Server but I can reach the LDAP Server IP and Port from the machine that EJBCA runs (both ping and telnet are ok)

Can't access to REST Interface swagger-ui

I run a container use ejbca-ce:7.9.0.2 , setting ejbca.productionmode=false and enable for the REST on adminweb page，but I can't access to swagger-ui through URL https://localhost:8443/ejbca/swagger-ui；Is there anyone who can help me?

ejbca won't start with freshly created db structure

With ECA-8029 the support for hard tokens was dropped and hence the hardTokenIssuerId field from the UserData table was dropped, see here:

a0c4e17

But the UserData entity class still requires the hardTokenIssuerId to be present:

https://github.com/primekeydevs/ejbca-ce/blob/10c9d316789d68c56b9bf67fc60f268d6353ff46/modules/ejbca-entity/src/org/ejbca/core/ejb/ra/UserData.java#L80

There should either be a @Transient annotation present on that property or the scripts in doc/sql-scripts/* should still contain that property. Otherwise ejbca will fail to deploy:

11:43:32,620 INFO  [org.hibernate.event.internal.DefaultLoadEventListener] (ServerService Thread Pool -- 39) HHH000327: Error performing load command : org.hibernate.exception.SQLGrammarException: could not extract ResultSet
11:43:32,630 ERROR [org.jboss.as.ejb3.invocation] (ServerService Thread Pool -- 39) WFLYEJB0034: EJB Invocation failed on component AuthorizationSystemSessionBean for method public abstract boolean org.ejbca.core.ejb.authorization.AuthorizationSystemSessionLocal.initializeAuthorizationModule(): javax.ejb.EJBException: javax.persistence.PersistenceException: org.hibernate.exception.SQLGrammarException: could not extract ResultSet
[...]
Caused by: java.sql.SQLSyntaxErrorException: Unknown column 'userdata0_.hardTokenIssuerId' in 'field list'
Query is : select userdata0_.username as username1_34_0_, userdata0_.cAId as cAId2_34_0_, userdata0_.cardNumber as cardNumb3_34_0_, userdata0_.certificateProfileId as certific4_34_0_, userdata0_.clearPassword as clearPas5_34_0_, userdata0_.endEntityProfileId as endEntit6_34_0_, userdata0_.hardTokenIssuerId as hardToke7_34_0_, userdata0_.keyStorePassword as keyStore8_34_0_, userdata0_.passwordHash as password9_34_0_, userdata0_.rowVersion as rowVers10_34_0_, userdata0_.status as status11_34_0_, userdata0_.subjectAltName as subject12_34_0_, userdata0_.subjectDN as subject13_34_0_, userdata0_.subjectEmail as subject14_34_0_, userdata0_.timeCreated as timeCre15_34_0_, userdata0_.timeModified as timeMod16_34_0_, userdata0_.tokenType as tokenTy17_34_0_, userdata0_.type as type18_34_0_, userdata0_.extendedInformationData as extende19_34_0_, userdata0_.rowProtection as rowProt20_34_0_ from UserData userdata0_ where userdata0_.username='ejbca'
	at org.mariadb.jdbc.internal.util.ExceptionMapper.get(ExceptionMapper.java:125)
	at org.mariadb.jdbc.internal.util.ExceptionMapper.throwException(ExceptionMapper.java:69)
	at org.mariadb.jdbc.MariaDbStatement.executeQueryEpilog(MariaDbStatement.java:213)
	at org.mariadb.jdbc.MariaDbClientPreparedStatement.executeInternal(MariaDbClientPreparedStatement.java:185)
	at org.mariadb.jdbc.MariaDbClientPreparedStatement.executeQuery(MariaDbClientPreparedStatement.java:143)
	at org.jboss.jca.adapters.jdbc.CachedPreparedStatement.executeQuery(CachedPreparedStatement.java:113)
	at org.jboss.jca.adapters.jdbc.WrappedPreparedStatement.executeQuery(WrappedPreparedStatement.java:504)
	at org.hibernate.engine.jdbc.internal.ResultSetReturnImpl.extract(ResultSetReturnImpl.java:60)
	... 166 more
Caused by: org.mariadb.jdbc.internal.util.dao.QueryException: Unknown column 'userdata0_.hardTokenIssuerId' in 'field list'
Query is : select userdata0_.username as username1_34_0_, userdata0_.cAId as cAId2_34_0_, userdata0_.cardNumber as cardNumb3_34_0_, userdata0_.certificateProfileId as certific4_34_0_, userdata0_.clearPassword as clearPas5_34_0_, userdata0_.endEntityProfileId as endEntit6_34_0_, userdata0_.hardTokenIssuerId as hardToke7_34_0_, userdata0_.keyStorePassword as keyStore8_34_0_, userdata0_.passwordHash as password9_34_0_, userdata0_.rowVersion as rowVers10_34_0_, userdata0_.status as status11_34_0_, userdata0_.subjectAltName as subject12_34_0_, userdata0_.subjectDN as subject13_34_0_, userdata0_.subjectEmail as subject14_34_0_, userdata0_.timeCreated as timeCre15_34_0_, userdata0_.timeModified as timeMod16_34_0_, userdata0_.tokenType as tokenTy17_34_0_, userdata0_.type as type18_34_0_, userdata0_.extendedInformationData as extende19_34_0_, userdata0_.rowProtection as rowProt20_34_0_ from UserData userdata0_ where userdata0_.username='ejbca'
	at org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.getResult(AbstractQueryProtocol.java:870)
	at org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.executeQueries(AbstractQueryProtocol.java:789)
	at org.mariadb.jdbc.MariaDbClientPreparedStatement.executeInternal(MariaDbClientPreparedStatement.java:177)
	... 170 more

URLs in [?]-buttons do not work with confluence-based documentation

Summary:

during the migration to confluence docs, the paths to subpages changed, and this has not been updated in the [?] buttons in the web-UI.

Environment:

EJBCA-CE 7.9.0.2
WildFly 24.0.1.Final
RHEL 8.6 x86_64

Details:

As a workaround for issue #80, we tried to change web.docbaseuri in the web.properties file from internal to the URL of the online documentation.

After a rebuild, the links to documentation in the web UI now point there, but the direct links are still broken: For example, clicking on the [?] at adminweb/home -> CA Status links to https://doc.primekey.com/ejbca790/doc/CA_Operations_Guide.html#CA%20Status, but this page does not exist in the online documentation (and neither do any other pages that are linked to in the ?-buttons).

It should be https://doc.primekey.com/ejbca790/ejbca-operations/ejbca-operations-guide/ca-operations-guide/ejbca-overview-page#EJBCAOverviewPage-CAStatus. (I checked this by manually searching through the documentation)

All documentation paths should probably be updated to reflect their new URLs.

crashed on executing CLI "ca importprofiles" when certificatepolicies present in input xml

Hello, I tried to import a certificate profile that was exported from another ejbca instance, which contains a certificatepolicies definition. I got the following error:

================[error message]=================
2021-06-07 14:15:12,880+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Importing certificate and end entity profiles:
2021-06-07 14:15:12,928+0000 INFO [org.ejbca.ui.cli.ca.CaImportProfilesCommand] (main) Filename: 'certprofile_PMRootCA-1312821369.xml'
Exception in thread "main" java.lang.NoClassDefFoundError: org/apache/commons/lang3/reflect/MethodUtils
at org.cesecore.util.SecureXMLDecoder.parseObject(SecureXMLDecoder.java:820)
at org.cesecore.util.SecureXMLDecoder.readValue(SecureXMLDecoder.java:335)
at org.cesecore.util.SecureXMLDecoder.readValue(SecureXMLDecoder.java:187)
at org.cesecore.util.SecureXMLDecoder.parseCollection(SecureXMLDecoder.java:659)
at org.cesecore.util.SecureXMLDecoder.readValue(SecureXMLDecoder.java:296)
at org.cesecore.util.SecureXMLDecoder.readValue(SecureXMLDecoder.java:187)
at org.cesecore.util.SecureXMLDecoder.parseMap(SecureXMLDecoder.java:686)
at org.cesecore.util.SecureXMLDecoder.readValue(SecureXMLDecoder.java:315)
at org.cesecore.util.SecureXMLDecoder.readValue(SecureXMLDecoder.java:187)
at org.cesecore.util.SecureXMLDecoder.readObject(SecureXMLDecoder.java:145)
at org.ejbca.ui.cli.ca.CaImportProfilesCommand.execute(CaImportProfilesCommand.java:151)
at org.ejbca.ui.cli.infrastructure.command.PasswordUsingCommandBase.execute(PasswordUsingCommandBase.java:201)
at org.ejbca.ui.cli.infrastructure.library.CommandLibrary$Branch.execute(CommandLibrary.java:291)
at org.ejbca.ui.cli.infrastructure.library.CommandLibrary$Branch.execute(CommandLibrary.java:302)
at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.findAndExecuteCommandFromParameters(CommandLibrary.java:78)
at org.ejbca.ui.cli.EjbcaEjbCli.main(EjbcaEjbCli.java:33)
Caused by: java.lang.ClassNotFoundException: org.apache.commons.lang3.reflect.MethodUtils
at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(Unknown Source)
at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(Unknown Source)
at java.base/java.lang.ClassLoader.loadClass(Unknown Source)
... 16 more

============= [extract of profile definition xml] ===================
.... <void method="put"> <string>certificatepoliciescritical</string> <boolean>false</boolean> </void> <void method="put"> <string>certificatepolicies</string> <object class="java.util.ArrayList"> <void method="add"> <object class="org.cesecore.certificates.certificateprofile.CertificatePolicy"> <void property="policyID"> <string>2.5.29.32.0</string> </void> <void property="qualifier"> <string></string> </void> <void property="qualifierId"> <string></string> </void> </object> </void> </object> </void> ....

openjdk 11.0.15 breaks PKCS #11 HSM support

Latest docker container primekey/ejbca-ce:7.4.3.2 moved from openjdk 11.0.11 to 11.0.15. This seems to break the sun.security.pkcs11.wrapper.

After moving back to 11.0.11 everything works again using the same PKCS #11 library.

2022-05-09 17:55:40,525+0000 ERROR
[org.cesecore.keys.token.p11.Pkcs11Wrapper] (default task-1) Method
getInstance was not found in class
sun.security.pkcs11.wrapper.PKCS11.CK_C_INITIALIZE_ARGS, this may be
due to a change in the underlying library.:
java.lang.NoSuchMethodException:
sun.security.pkcs11.wrapper.PKCS11.getInstance(java.lang.String,
java.lang.String, sun.security.pkcs11.wrapper.CK_C_INITIALIZE_ARGS,
boolean)
at java.base/java.lang.Class.getDeclaredMethod(Unknown Source)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.Pkcs11Wrapper.(
Pkcs11Wrapper.java:103)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.Pkcs11Wrapper.getInst
ance(Pkcs11Wrapper.java:171)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.Pkcs11SlotLabel.getPr
ovider(Pkcs11SlotLabel.java:123)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.Pkcs11SlotLabel.getP1
1Provider(Pkcs11SlotLabel.java:554)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.Pkcs11SlotLabel.getP1
1Provider(Pkcs11SlotLabel.java:519)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.P11Slot.(P11Slo
t.java:59)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.P11Slot.getInstance(P
11Slot.java:248)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.P11Slot.getInstance(P
11Slot.java:205)
at
deployment.ejbca.ear//org.cesecore.keys.token.p11.P11Slot.getInstance(P
11Slot.java:183)
at
deployment.ejbca.ear//org.cesecore.keys.token.PKCS11CryptoToken.delayed
Init(PKCS11CryptoToken.java:123)
at
deployment.ejbca.ear//org.cesecore.keys.token.PKCS11CryptoToken.getP11s
lotWithDelayedInit(PKCS11CryptoToken.java:289)
at
deployment.ejbca.ear//org.cesecore.keys.token.PKCS11CryptoToken.activat
e(PKCS11CryptoToken.java:146)
at
deployment.ejbca.ear//org.cesecore.keys.token.BaseCryptoToken.autoActiv
ate(BaseCryptoToken.java:114)
at
deployment.ejbca.ear//org.cesecore.keys.token.BaseCryptoToken.getKeySto
re(BaseCryptoToken.java:97)
at
deployment.ejbca.ear//org.cesecore.keys.token.BaseCryptoToken.getTokenS
tatus(BaseCryptoToken.java:640)
at deployment.ejbca.ear.cesecore-
ejb.jar//org.cesecore.keys.token.CryptoTokenManagementSessionBean.getCr
yptoTokenInfo(CryptoTokenManagementSessionBean.java:117)
at deployment.ejbca.ear.cesecore-
ejb.jar//org.cesecore.keys.token.CryptoTokenManagementSessionBean.getCr
yptoTokenInfos(CryptoTokenManagementSessionBean.java:105)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown
Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unkn
own Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at [email protected]//org.jboss.as.ee.component.Mana
gedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodI
nterceptor.java:52)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.invocation.Inter
ceptorContext$Invocation.proceed(InterceptorContext.java:509)
at [email protected]//org.jboss.as.weld.int
erceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299Bindings
Interceptor.java:79)
at [email protected]//org.jboss.as.weld.int
erceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299Bindings
Interceptor.java:89)
at [email protected]//org.jboss.as.weld.int
erceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInt
erceptor.java:102)
at [email protected]//org.jboss.as.ee.component.inte
rceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFact
ory.java:63)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.component.
invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionT
imeInterceptor.java:43)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.jpa.interceptor.
SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:
47)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ee.concurrent.Con
currentContextInterceptor.processInvocation(ConcurrentContextIntercepto
r.java:45)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.invocation.Initi
alInterceptor.processInvocation(InitialInterceptor.java:40)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.invocation.Chain
edInterceptor.processInvocation(ChainedInterceptor.java:53)
at [email protected]//org.jboss.as.ee.component.inte
rceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDisp
atcherInterceptor.java:52)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.component.
pool.PooledInstanceInterceptor.processInvocation(PooledInstanceIntercep
tor.java:51)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.component.
interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSet
upInterceptor.java:54)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.tx.CMTTxIn
terceptor.invokeInNoTx(CMTTxInterceptor.java:230)
at [email protected]//org.jboss.as.ejb3.tx.CMTTxIn
terceptor.supports(CMTTxInterceptor.java:444)
at [email protected]//org.jboss.as.ejb3.tx.CMTTxIn
terceptor.processInvocation(CMTTxInterceptor.java:162)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.invocation.Inter
ceptorContext$Invocation.proceed(InterceptorContext.java:509)
at [email protected]//org.jboss.weld.module.ejb.A
bstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBReq
uestScopeActivationInterceptor.java:72)
at [email protected]//org.jboss.as.weld.ejb
.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScope
ActivationInterceptor.java:89)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.component.
interceptors.CurrentInvocationContextInterceptor.processInvocation(Curr
entInvocationContextInterceptor.java:41)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.component.
invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterce
ptor.java:47)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.security.I
dentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.
java:73)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.security.S
ecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.ja
va:44)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.deployment
.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInter
ceptor.java:22)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.component.
interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInt
erceptorFactory.java:64)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ejb3.component.
interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.ja
va:67)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.as.ee.component.Name
spaceContextInterceptor.processInvocation(NamespaceContextInterceptor.j
ava:50)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.invocation.Conte
xtClassLoaderInterceptor.processInvocation(ContextClassLoaderIntercepto
r.java:60)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.run(InterceptorContext.java:438)
at [email protected]//org.wildf
ly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityMan
ager.java:633)
at [email protected]//org.jboss.invocation.Acces
sCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:5
7)
at [email protected]//org.jboss.invocation.Inter
ceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.invocation.Chain
edInterceptor.processInvocation(ChainedInterceptor.java:53)
at [email protected]//org.jboss.as.ee.component.View
Service$View.invoke(ViewService.java:198)
at [email protected]//org.jboss.as.ee.component.View
Description$1.processInvocation(ViewDescription.java:191)
at [email protected]//org.jboss.as.ee.component.Prox
yInvocationHandler.invoke(ProxyInvocationHandler.java:81)
at deployment.ejbca.ear.cesecore-
ejb.jar//org.cesecore.keys.token.CryptoTokenManagementSessionLocal$$$vi
ew47.getCryptoTokenInfos(Unknown Source)
at
deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.cryptotoken.C
ryptoTokenMBean.getCryptoTokenGuiList(CryptoTokenMBean.java:757)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native
Method)
at
java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown
Source)
at
java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unkn
own Source)
at java.base/java.lang.reflect.Method.invoke(Unknown Source)
at [email protected]//javax.el.BeanELResolver.getValue(B
eanELResolver.java:186)
at [email protected]//com.sun.faces.el.DemuxComposit
eELResolver._getValue(DemuxCompositeELResolver.java:156)
at [email protected]//com.sun.faces.el.DemuxComposit
eELResolver.getValue(DemuxCompositeELResolver.java:184)
at [email protected]//com.sun.el.parser
.AstValue.getValue(AstValue.java:114)
at [email protected]//com.sun.el.parser
.AstValue.getValue(AstValue.java:177)
at [email protected]//com.sun.el.ValueE
xpressionImpl.getValue(ValueExpressionImpl.java:183)
at [email protected]//org.jboss.weld.module.web.e
l.WeldValueExpression.getValue(WeldValueExpression.java:50)
at [email protected]//org.jboss.weld.module.web.e
l.WeldValueExpression.getValue(WeldValueExpression.java:50)
at [email protected]//com.sun.faces.facelets.el.TagV
alueExpression.getValue(TagValueExpression.java:73)
at [email protected]//javax.faces.component.ComponentS
tateHelper.eval(ComponentStateHelper.java:170)
at [email protected]//javax.faces.component.ComponentS
tateHelper.eval(ComponentStateHelper.java:157)
at [email protected]//javax.faces.component.UIData.get
Value(UIData.java:736)
at [email protected]//javax.faces.component.UIData.get
DataModel(UIData.java:1849)
at [email protected]//javax.faces.component.UIData.set
RowIndexWithoutRowStatePreserved(UIData.java:479)
at [email protected]//javax.faces.component.UIData.set
RowIndex(UIData.java:468)
at [email protected]//com.sun.faces.renderkit.html_b
asic.TableRenderer.encodeBegin(TableRenderer.java:57)
at [email protected]//javax.faces.component.UIComponen
tBase.encodeBegin(UIComponentBase.java:540)
at [email protected]//javax.faces.component.UIData.enc
odeBegin(UIData.java:1153)
at [email protected]//javax.faces.component.UIComponen
t.encodeAll(UIComponent.java:1644)
at [email protected]//javax.faces.render.Renderer.enco
deChildren(Renderer.java:152)
at [email protected]//javax.faces.component.UIComponen
tBase.encodeChildren(UIComponentBase.java:566)
at [email protected]//com.sun.faces.renderkit.html_b
asic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:278)
at [email protected]//com.sun.faces.renderkit.html_b
asic.GroupRenderer.encodeChildren(GroupRenderer.java:90)
at [email protected]//javax.faces.component.UIComponen
tBase.encodeChildren(UIComponentBase.java:566)
at [email protected]//com.sun.faces.renderkit.html_b
asic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:278)
at [email protected]//com.sun.faces.renderkit.html_b
asic.GroupRenderer.encodeChildren(GroupRenderer.java:90)
at [email protected]//javax.faces.component.UIComponen
tBase.encodeChildren(UIComponentBase.java:566)
at [email protected]//com.sun.faces.renderkit.html_b
asic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:278)
at [email protected]//com.sun.faces.renderkit.html_b
asic.GroupRenderer.encodeChildren(GroupRenderer.java:90)
at [email protected]//javax.faces.component.UIComponen
tBase.encodeChildren(UIComponentBase.java:566)
at [email protected]//com.sun.faces.renderkit.html_b
asic.HtmlBasicRenderer.encodeRecursive(HtmlBasicRenderer.java:278)
at [email protected]//com.sun.faces.renderkit.html_b
asic.GroupRenderer.encodeChildren(GroupRenderer.java:90)
at [email protected]//javax.faces.component.UIComponen
tBase.encodeChildren(UIComponentBase.java:566)
at [email protected]//javax.faces.component.UIComponen
t.encodeAll(UIComponent.java:1647)
at [email protected]//javax.faces.component.UIComponen
t.encodeAll(UIComponent.java:1650)
at [email protected]//javax.faces.component.UIComponen
t.encodeAll(UIComponent.java:1650)
at [email protected]//com.sun.faces.application.view
.FaceletViewHandlingStrategy.renderView(FaceletViewHandlingStrategy.jav
a:468)
at [email protected]//com.sun.faces.application.view
.MultiViewHandler.renderView(MultiViewHandler.java:170)
at [email protected]//javax.faces.application.ViewHand
lerWrapper.renderView(ViewHandlerWrapper.java:132)
at
deployment.ejbca.ear.adminweb.war//org.apache.myfaces.tomahawk.applicat
ion.ResourceViewHandlerWrapper.renderView(ResourceViewHandlerWrapper.ja
va:169)
at [email protected]//javax.faces.application.ViewHand
lerWrapper.renderView(ViewHandlerWrapper.java:132)
at [email protected]//javax.faces.application.ViewHand
lerWrapper.renderView(ViewHandlerWrapper.java:132)
at [email protected]//com.sun.faces.lifecycle.Render
ResponsePhase.execute(RenderResponsePhase.java:102)
at [email protected]//com.sun.faces.lifecycle.Phase.
doPhase(Phase.java:76)
at [email protected]//com.sun.faces.lifecycle.Lifecy
cleImpl.render(LifecycleImpl.java:199)
at [email protected]//javax.faces.webapp.FacesServlet.
executeLifecyle(FacesServlet.java:708)
at [email protected]//javax.faces.webapp.FacesServlet.
service(FacesServlet.java:451)
at [email protected]//io.undertow.servlet.handler
s.ServletHandler.handleRequest(ServletHandler.java:74)
at [email protected]//io.undertow.servlet.handler
s.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
at
deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.NoCacheFilter
.doFilter(NoCacheFilter.java:68)
at [email protected]//io.undertow.servlet.core.Ma
nagedFilter.doFilter(ManagedFilter.java:61)
at [email protected]//io.undertow.servlet.handler
s.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doF
ilter(ContentSecurityPolicyFilter.java:223)
at [email protected]//io.undertow.servlet.core.Ma
nagedFilter.doFilter(ManagedFilter.java:61)
at [email protected]//io.undertow.servlet.handler
s.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at
deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.ProxiedAuthen
ticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
at [email protected]//io.undertow.servlet.core.Ma
nagedFilter.doFilter(ManagedFilter.java:61)
at [email protected]//io.undertow.servlet.handler
s.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
at [email protected]//io.undertow.servlet.handler
s.FilterHandler.handleRequest(FilterHandler.java:84)
at [email protected]//io.undertow.servlet.handler
s.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRole
Handler.java:62)
at [email protected]//io.undertow.servlet.handler
s.ServletChain$1.handleRequest(ServletChain.java:68)
at [email protected]//io.undertow.servlet.handler
s.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.jav
a:36)
at [email protected]//org.wildfly.ext
ension.undertow.security.SecurityContextAssociationHandler.handleReques
t(SecurityContextAssociationHandler.java:78)
at [email protected]//io.undertow.server.handlers.Pr
edicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.servlet.handler
s.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
at [email protected]//io.undertow.servlet.handler
s.security.SSLInformationAssociationHandler.handleRequest(SSLInformatio
nAssociationHandler.java:117)
at [email protected]//io.undertow.servlet.handler
s.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthen
ticationCallHandler.java:57)
at [email protected]//io.undertow.server.handlers.Pr
edicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.security.handlers.
AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintH
andler.java:53)
at [email protected]//io.undertow.security.handlers.
AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHan
dler.java:46)
at [email protected]//io.undertow.servlet.handler
s.security.ServletConfidentialityConstraintHandler.handleRequest(Servle
tConfidentialityConstraintHandler.java:64)
at [email protected]//io.undertow.servlet.handler
s.security.ServletSecurityConstraintHandler.handleRequest(ServletSecuri
tyConstraintHandler.java:59)
at [email protected]//io.undertow.security.handlers.
AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsH
andler.java:60)
at [email protected]//io.undertow.servlet.handler
s.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthen
ticatedSessionHandler.java:77)
at [email protected]//io.undertow.security.handlers.
NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.j
ava:50)
at [email protected]//io.undertow.security.handlers.
AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurit
yContextAssociationHandler.java:43)
at [email protected]//io.undertow.server.handlers.Pr
edicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//org.wildfly.ext
ension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCCo
ntextIdHandler.java:61)
at [email protected]//io.undertow.server.handlers.Pr
edicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.servlet.handler
s.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
at [email protected]//io.undertow.server.handlers.Pr
edicateHandler.handleRequest(PredicateHandler.java:43)
at [email protected]//io.undertow.servlet.handler
s.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:2
69)
at [email protected]//io.undertow.servlet.handler
s.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
at [email protected]//io.undertow.servlet.handler
s.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
at [email protected]//io.undertow.servlet.handler
s.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
at [email protected]//io.undertow.servlet.core.Se
rvletRequestContextThreadSetupAction$1.call(ServletRequestContextThread
SetupAction.java:48)
at [email protected]//io.undertow.servlet.core.Co
ntextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:4
3)
at [email protected]//org.wildfly.ext
ension.undertow.security.SecurityContextThreadSetupAction.lambda$create
$0(SecurityContextThreadSetupAction.java:105)
at [email protected]//org.wildfly.ext
ension.undertow.deployment.UndertowDeploymentInfoService$UndertowThread
SetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//org.wildfly.ext
ension.undertow.deployment.UndertowDeploymentInfoService$UndertowThread
SetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//org.wildfly.ext
ension.undertow.deployment.UndertowDeploymentInfoService$UndertowThread
SetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//org.wildfly.ext
ension.undertow.deployment.UndertowDeploymentInfoService$UndertowThread
SetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//org.wildfly.ext
ension.undertow.deployment.UndertowDeploymentInfoService$UndertowThread
SetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1530)
at [email protected]//io.undertow.servlet.handler
s.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
at [email protected]//io.undertow.servlet.handler
s.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
at [email protected]//io.undertow.servlet.handler
s.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
at [email protected]//io.undertow.server.Connectors.
executeRootHandler(Connectors.java:387)
at [email protected]//io.undertow.server.HttpServerE
xchange$1.run(HttpServerExchange.java:841)
at [email protected]//org.jboss.threads.ContextClas
sLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
at [email protected]//org.jboss.threads.EnhancedQue
ueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
at [email protected]//org.jboss.threads.EnhancedQue
ueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
at [email protected]//org.jboss.threads.EnhancedQue
ueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
at [email protected]//org.xnio.XnioWorker$WorkerThread
Factory$1$1.run(XnioWorker.java:1280)
at java.base/java.lang.Thread.run(Unknown Source)

NullPointerException while editing End Entity

I am using EJBCA 7.9.0.2 Community and am getting NullPointerException after I hit "Save" in End Entity edit page. This End Entity uses subAltNames (DNS Names).

Caused by: java.lang.NullPointerException
	at org.cesecore.util.CertTools.isAllDNSNamesExcluded(CertTools.java:4746)
	at org.cesecore.util.CertTools.checkNameConstraints(CertTools.java:4726)
	at org.ejbca.core.ejb.ra.EndEntityManagementSessionBean.changeUser(EndEntityManagementSessionBean.java:930)

checkNameConstraints() has an explicit check for variable "excluded" not being null before executing bunch of code, however later it misses such check before invoking isAllDNSNamesExcluded(excluded), which by itself does not expect its parameter to be null.

Will ejbca-ce include the entity manager rest api?

It seems that the code is now in repo.

EJBCA Certificate Enrollment Error (Not Allow Signature Algorithm Different from CA)

I have a question about when I use different Signature Algorithm Certificate profile against form CA
Such like CA is using SHA512ECDSA and Certificate profile is setting up to SHA256RSA
will get the enrollment error below

EJBCA Certificate Enrollment Error
Username: 
Request failed. org.bouncycastle.operator.OperatorCreationException: cannot create signer: Supplied key
(org.bouncycastle.jcajce.provider.asymmetric.ec.BCECPrivateKey) is not a RSAPrivateKey instance

SSL_CLIENT_CERT header ignored in ejbca-ce docker image

I am testing docker primekey/ejbca-ce:7.4.3.2 using following environment variables in a docker compose file:

  ejbca-ce:
    image: primekey/ejbca-ce:${EJBCA_VERSION}
    environment:
      - DATABASE_JDBC_URL=${EJBCA_DB_JDBCURL}
      - DATABASE_USER=${EJBCA_DB_USER}
      - DATABASE_PASS=${EJBCA_DB_PASS}
      - PROXY_HTTP_BIND=0.0.0.0

haproxy 2.5.1 configuration:

frontend http-in
   bind :8000
   bind :8443 ssl crt-list /etc/mycerts/cert-list.txt ca-file /etc/mycerts/CA.pem verify optional 
   http-request set-header SSL_CLIENT_CERT %{+Q}[ssl_c_der,base64] if { ssl_c_used }
   acl prefixed-with-ejbca path_beg /ejbca
   option forwardfor
   use_backend ejbca if prefixed-with-ejbca

 backend ejbca
    mode http
    http-request set-header X-Forwarded-Proto https
    http-request set-header X-Forwarded-Port %[dst_port]
    server server1 "${EJBCA_HOST}":8082

Using https://foohost/ejbca/adminweb ask the certificate properly but it failed that certificate is not presented. Same approach I used for Keycloak behind haproxy. In official documentation I did not find any reference that this header is handled in ejbca. Is that a feature that was not developed yet? Before that, I was using Setting up a HA Proxy in front of EJBCA; but I would like to hide the port and use this approach.

Am I missing something or this is documented but still not available in community edition? Is required to create keystore/trustore files?

Logs:

ejbca.lakaut.com        | 2022-01-19 00:04:00,527+0000 INFO  [/opt/primekey/bin/start.sh] (process:1) Enabling HTTP proxy listeners on 0.0.0.0:8081 and 0.0.0.0:8082.
ejbca.lakaut.com        | 2022-01-19 00:04:08,676+0000 INFO  [/opt/primekey/bin/start.sh] (process:1) Health check now reports application status at /ejbca/publicweb/healthcheck/ejbcahealth
ejbca.lakaut.com        | 2022-01-19 00:04:09,590+0000 ERROR [org.ejbca.ui.web.admin.configuration.EjbcaJSFHelperImpl] (default task-1) org.cesecore.authentication.AuthenticationFailedException: Client certificate or OAuth bearer token required.
ejbca.lakaut.com        | 2022-01-19 00:04:09,604+0000 WARN  [org.ejbca.ui.web.admin.configuration.EjbcaWebBeanImpl] (default task-1) Language was not initialized for this session

Encoding of ExpiredCertsOnCRL GeneralizedTime

I noticed that encoding of GeneralizedTime in CRL extension ExpiredCertsOnCRL looks wrong, at least according to PKIX.
ejbca-ca adds fractional seconds (set to 000).. And X.690 says that "11.7.3 The fractional-seconds elements, if present, shall omit all trailing '0's; if the elements correspond to 0, they shall be wholly omitted, and the decimal point element also shall be omitted."

In RFC 5280 (PKIX) it is stated that GeneralizedTime should not contain fractional seconds. The ITU-T X.509 says GeneralizedTime shall be encoded according to ITU-T X.690 / ISO/IEC 8825-1. X.690 does not specify that fractional seconds should be omitted but
according to a fellow crypto/PKI expert (that has written a few RFC's) he says that RFC 5280 should be followed and that this specific issue might have been oversighted when ITU-T X.509/690 was written.

After some investigations, we have also seen that most commercial CA's out there does not add fractional seconds..

OCSP failures with Java 17

We're running EJBCA-ce version 7.4.3.2.

Our services are running fine on Java 15 and 16, but once we tried upgrading to 17 (without changing anything else), our OCSP certificate revocation tests started failing with the following:

Caused by: java.security.cert.CertPathValidatorException: OCSP response error: MALFORMED_REQUEST
	at java.base/sun.security.provider.certpath.OCSPResponse.verify(OCSPResponse.java:389)
	at java.base/sun.security.provider.certpath.OCSP.check(OCSP.java:199)
	at java.base/sun.security.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:785)
	at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:369)
	at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:343)
	at java.base/sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
	... 90 more
	Suppressed: java.security.cert.CertPathValidatorException: Could not determine revocation status
		at java.base/sun.security.provider.certpath.RevocationChecker.buildToNewKey(RevocationChecker.java:1152)
		at java.base/sun.security.provider.certpath.RevocationChecker.verifyWithSeparateSigningKey(RevocationChecker.java:972)
		at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:611)
		at java.base/sun.security.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:471)
		at java.base/sun.security.provider.certpath.RevocationChecker.check(RevocationChecker.java:400)

I did some research and there might have been some changes that could affect:
https://www.oracle.com/java/technologies/javase/17-relnote-issues.html

It also applies to the signature and digest algorithms of the certificates in the certificate chain of the code signer and the Timestamp Authority, and any CRLs or OCSP responses that are used to verify if those certificates have been revoked.

and there is a fix (not sure if it's relevant or not) in the commercial version of EJBCA (7.8.0.1):

CRL and OCSP Validity Compliance
It was brought to our attention by a customer that EJBCA adds a second of validity to CRLs and OCSP replies to what is intended in RFC 5280. This issue has been addressed in EJBCA 7.8.0.1 by reducing the validity of CRLs and OCSP responses by 1 second

https://doc.primekey.com/ejbca/ejbca-release-information/ejbca-release-notes/ejbca-7-8-0-release-notes

Any ideas on how to fix this problem in CE?

Unable to build local documentation

Summary:

local documentation cannot be built, and no pre-built version is avaliable for download

Environment:

EJBCA-CE 7.9.0.2
WildFly 24.0.1.Final
RHEL 8.6 x86_64

Details:

When building EJBCA 7.9.0.2, the internal documentation is not included. It only says:

If you're seeing this page then EJBCA has been built directly from GIT without access to PrimeKey's Confluence server.

Build using ant doc -Ddoc.update=true to update.

However, the documentation cannot be built, since it requires API access to keyfactor's confluence server. Here are the relevant lines from the ant output:

doc-confluence-from-server:
    [mkdir] Created dir: /opt/ejbca-ce-EJBCA_7_9_0_2_20220616/tmp/htdocs/docs
Unknown host: none

BUILD FAILED
/opt/ejbca-ce-EJBCA_7_9_0_2_20220616/docs.xmli:127: The following error occurred while executing this line:
/opt/ejbca-ce-EJBCA_7_9_0_2_20220616/docs.xmli:142: Could not contact Confluence Server at http://none:-1/. doc.update=true

Worse, when clicking the [?] buttons next to each settings option (these should link directly to subpages describing the relevant options), these links now return an unhelpful 404, since no documentation is available. it also appears that pre-built documentation is not available for download (at least, not that we could find).

Changing web.docbaseuri to point to the online docs is not ideal, because we need access to the documentation during emergencies, and does not work anyways due to a seperate Bug I'll file shortly.

log4j vulnerability

Is EJBCA impacted because of this? If yes, is there any mitigation that can be applied?

Issue with Subject Alternative Names and re-key

I have been testing CMP for OpenSSL using the generic CMP client and run into some trouble with Key Update Request (KUR) messages where the end entity has a DNS name set as the SAN which matches their CN. In end-entity profile I have:
Subject Alternative Name: DNS Name

Use entity CN field
Required
Modifiable
Validation

My Initialisation Request seems to work fine but the KUR constantly fails with

ERROR: received PKIStatus: rejection; PKIFailureInfo: badRequest; StatusString: "Wrong number of DNSNAME fields in Subject Alternative Name."

I have tried multiple variations of the config above and I can't seem to get it to work. IR and KUR when I remove the SAN config work fine.

I have also tried to rekey manually by uploading a CSR to the web portal. But when I tried to change the status of the end-entity to new I got a similar message, see attached.

Not sure whether this is a problem with my configuration or a bug so any help would be appreciated.

Run ejbca in a different host, not in localhost

I am trying to run ejbca on a virtual network. In such a way that I have a client(10.0.2.2) in a host and the ejbca(10.0.4.4) in another. I wanna let the client interact with ejbca server from its machine, thus, I've tried the following:

First, create a user granting him privileges to access to mariadb from its ip address: https://linuxhint.com/expose_mysql_server_internet/

-Then, modify ejbca-setup.sh switching the following parameters from localhost to 10.0.4.4:
httpsserver_hostname=¨10.0.4.4¨ database_host= ¨10.0.4.4¨

The proccess of deploying EJBCA in the new host ends in failure, only wildfly is deployed with success.

Logs:
ERROR [org.jboss.msc.service.fail] (ServerService Thread Pool -- 65) MSC000001: Failed to start service jboss.persistenceunit."ejbca.ear#ejbca": org.jboss.msc.service.StartException in service jboss.persistenceunit."ejbca.ear#ejbca": javax.persistence.PersistenceException: [PersistenceUnit: ejbca] Unable to build Hibernate SessionFactory

ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("deploy") failed - address:

"WFLYCTL0080: Failed services" => {"jboss.persistenceunit.\"ejbca.ear#ejbca\"" => "org.jboss.msc.service.StartException in service jboss.persistenceunit.\"ejbca.ear#ejbca\": javax.persistence.PersistenceException: [PersistenceUnit: ejbca] Unable to build Hibernate SessionFactory

ERROR [org.jboss.as.controller.management-operation] (DeploymentScanner-threads - 2) WFLYCTL0013: Operation ("deploy") failed - address: ([("deployment" => "ejbca.ear")]) - failure description: {

`Caused by: javax.persistence.PersistenceException: [PersistenceUnit: ejbca] Unable to build Hibernate SessionFactory
Caused by: org.hibernate.tool.schema.spi.SchemaManagementException: Unable to open JDBC connection for schema management target
Caused by: java.sql.SQLException: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/EjbcaDS
Caused by: javax.resource.ResourceException: IJ000453: Unable to get managed connection for java:/EjbcaDS
Caused by: javax.resource.ResourceException: IJ031084: Unable to create connection
Caused by: java.sql.SQLNonTransientConnectionException: Could not connect to address=(host=10.0.4.4)(port=3306)(type=master) : Connection refused (Connection refused)
Caused by: java.net.ConnectException: Connection refused (Connection refused)"},
"WFLYCTL0412: Required services that are not installed:" => ["jboss.persistenceunit.\"ejbca.ear#ejbca\""],
"WFLYCTL0180: Services with missing/unavailable dependencies" => undefined

Is there any other parammeter I should change or something I'm not doing well? I really appreciate any kind of help, thanks in advance

ejbca adminweb is not accessible on azure primekey.

Question: Dockerfile for primekey/ejbca-ce:latest

Hi,

could you share the Dockerfile for primekey/ejbca-ce:latest?

https://hub.docker.com/layers/primekey/ejbca-ce/latest/images/sha256-7398f097e9af53e569b158155f4c7dc13c4f462bf9111df43f6854e59aeab6c6?context=explore

Maybe upload it to https://github.com/primekeydevs/containers?

Thanks.

PKCS#11 missing in Crypto Token menu

I'm trying to use a custom PKCS#11 provider with EJBCA. For that I followed these steps.

I installed the dependencies for version 7.4 EJBCA (java 1.8, mariadb server, etc.)
I downloaded and unzipped version 7.4 of EJBCA and installed it using the /bin/extra/ejbca-setup.sh script
I edited the conf/web.properties file with the following information:

cryptotoken.p11.lib.255.name=provider
cryptotoken.p11.lib.255.file=/mnt/hgfs/shared/provider.so

I went to the ejbca folder and executed ant deployear
Once everything is running again, under de Create New Cryptotoken menu, only the SOFT type of crypto token appears

The provider seems to work with the ejbcaClientToolBox, so it should appear in the Create Crypto token menu. The wildfly version that I'm using is the default in the installation script (WildFly 10.1.0.Final).

Support MariaDB 10.2

With ejbca releases > 7.4.3.3, the support of mariadb 10.2 dropped:

Caused by: org.mariadb.jdbc.internal.util.dao.QueryException: Unknown table 'sequences' in information_schema
Query is : select SEQUENCE_CATALOG, SEQUENCE_SCHEMA, SEQUENCE_NAME, INCREMENT from information_schema.sequences
	at org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.getResult(AbstractQueryProtocol.java:870)
	at org.mariadb.jdbc.internal.protocol.AbstractQueryProtocol.executeQuery(AbstractQueryProtocol.java:575)
	at org.mariadb.jdbc.MariaDbStatement.executeInternal(MariaDbStatement.java:256)
	... 23 more

This can be avoided using org.hibernate.dialect.MariaDB102Dialect.

I will provide a pull request which should fix this issue.

Kind regards,
Michael

Problem with mail configuration

I find myself configuring the email to be able to send notifications, for which I am using a GMAIL email, it has IMAP and POP enabled.
To run the docker container I use the following code:
docker run -it --rm -p 80:8080 -p 443:8443 -h localhost -e "SMTP_DESTINATION=smtp.gmail.com" -e "SMTP_DESTINATION_PORT=465" -e "[email protected]" -e "[email protected]" -e "SMTP_PASSWORD=mypassword" keyfactor/ejbca-ce.

When I generate a new certificate with the option to send the notification by email, the server log gives me two errors:

2022-08-02 04:24:31,062+0000 ERROR [org.ejbca.util.mail.MailSender] (default task-4) Unable to send email: : javax.mail.MessagingException: Got bad greeting from SMTP host: smtp.gmail.com, port: 465, response: [EOF]
at [email protected]//com.sun.mail.smtp.SMTPTransport.openServer(SMTPTransport.java:2198)
at [email protected]//com.sun.mail.smtp.SMTPTransport.protocolConnect(SMTPTransport.java:722)
at [email protected]//javax.mail.Service.connect(Service.java:364)
at [email protected]//javax.mail.Service.connect(Service.java:222)
at [email protected]//javax.mail.Service.connect(Service.java:171)
at ...
at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
at java.base/java.lang.Thread.run(Unknown Source)

2022-08-02 04:24:31,067+0000 ERROR [org.ejbca.core.ejb.ra.EndEntityManagementSessionBean] (default task-4) Error sending notification to user newuser with email [email protected].: org.ejbca.util.mail.MailException: Failed to hand over email to JavaMail.
at deployment.ejbca.ear//org.ejbca.util.mail.MailSender.sendMailOrThrow(MailSender.java:78)
at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ra.EndEntityManagementSessionBean.sendNotification(EndEntityManagementSessionBean.java:2149)
at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ra.EndEntityManagementSessionBean.addUser(EndEntityManagementSessionBean.java:486)
at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ra.EndEntityManagementSessionBean.addUser(EndEntityManagementSessionBean.java:275)
at ...
at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
at java.base/java.lang.Thread.run(Unknown Source)

First of all, Thanks

Upgrade 6.5.x to 7.4.x - XmlPullParserException: only whitespace content allowed before start tag

I am testing upgrade using docker image version 7.4.3.2. The container does not start and it shows below exception.

2022-01-18 10:20:38,517+0000 ERROR [org.jboss.as.ejb3.invocation] (ServerService Thread Pool -- 49) WFLYEJB0034: EJB Invocation failed on component InternalKeyBindingDataSessionBean for method public abstract org.cesecore.keybind.InternalKeyBinding org.cesecore.keybind.InternalKeyBindingDataSessionLocal.getInternalKeyBinding(int): javax.ejb.EJBException: java.lang.IllegalStateException: Failed to parse InternalKeyBindingData data map in database: org.xmlpull.v1.XmlPullParserException: only whitespace content allowed before start tag and not 9 (position: START_DOCUMENT seen 9... @1:1) 
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:237)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:444)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:162)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.IdentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.java:73)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:44)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:633)
	at [email protected]//org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at [email protected]//org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:191)
	at [email protected]//org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:81)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.keybind.InternalKeyBindingDataSessionLocal$$$view11.getInternalKeyBinding(Unknown Source)
	at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionBean.reloadOcspSigningCache(OcspResponseGeneratorSessionBean.java:417)
	at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionBean.initTimers(OcspResponseGeneratorSessionBean.java:260)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:89)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:102)
	at [email protected]//org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:230)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.notSupported(CMTTxInterceptor.java:371)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:147)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.IdentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.java:73)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:44)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:633)
	at [email protected]//org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at [email protected]//org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:191)
	at [email protected]//org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:81)
	at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionLocal$$$view5.initTimers(Unknown Source)
	at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.StartupSingletonBean.startup(StartupSingletonBean.java:349)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:96)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doLifecycleInterception(Jsr299BindingsInterceptor.java:126)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.weld.injection.WeldInjectionInterceptor.processInvocation(WeldInjectionInterceptor.java:53)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.AroundConstructInterceptorFactory$1.processInvocation(AroundConstructInterceptorFactory.java:28)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.weld.injection.WeldInterceptorInjectionInterceptor.processInvocation(WeldInterceptorInjectionInterceptor.java:56)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsCreateInterceptor.processInvocation(Jsr299BindingsCreateInterceptor.java:111)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.EjbBMTInterceptor.handleInvocation(EjbBMTInterceptor.java:103)
	at [email protected]//org.jboss.as.ejb3.tx.BMTInterceptor.processInvocation(BMTInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.weld.injection.WeldInjectionContextInterceptor.processInvocation(WeldInjectionContextInterceptor.java:43)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.singleton.StartupCountDownInterceptor.processInvocation(StartupCountDownInterceptor.java:25)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:161)
	at [email protected]//org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:134)
	at [email protected]//org.jboss.as.ee.component.BasicComponent.createInstance(BasicComponent.java:88)
	at [email protected]//org.jboss.as.ejb3.component.singleton.SingletonComponent.getComponentInstance(SingletonComponent.java:127)
	at [email protected]//org.jboss.as.ejb3.component.singleton.SingletonComponent.start(SingletonComponent.java:141)
	at [email protected]//org.jboss.as.ee.component.ComponentStartService$1.run(ComponentStartService.java:54)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Unknown Source)
	at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: java.lang.IllegalStateException: Failed to parse InternalKeyBindingData data map in database: org.xmlpull.v1.XmlPullParserException: only whitespace content allowed before start tag and not 9 (position: START_DOCUMENT seen 9... @1:1) 
	at deployment.ejbca.ear//org.cesecore.keybind.InternalKeyBindingData.getDataMap(InternalKeyBindingData.java:194)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.keybind.InternalKeyBindingDataSessionBean.getInternalKeyBinding(InternalKeyBindingDataSessionBean.java:98)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:89)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:102)
	at [email protected]//org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:230)
	... 184 more
Caused by: java.io.IOException: org.xmlpull.v1.XmlPullParserException: only whitespace content allowed before start tag and not 9 (position: START_DOCUMENT seen 9... @1:1) 
	at deployment.ejbca.ear//org.cesecore.util.SecureXMLDecoder.readObject(SecureXMLDecoder.java:157)
	at deployment.ejbca.ear//org.cesecore.keybind.InternalKeyBindingData.getDataMap(InternalKeyBindingData.java:185)
	... 213 more
Caused by: org.xmlpull.v1.XmlPullParserException: only whitespace content allowed before start tag and not 9 (position: START_DOCUMENT seen 9... @1:1) 
	at deployment.ejbca.ear//org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1519)
	at deployment.ejbca.ear//org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1395)
	at deployment.ejbca.ear//org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)
	at deployment.ejbca.ear//org.xmlpull.mxp1.MXParser.nextTag(MXParser.java:1078)
	at deployment.ejbca.ear//org.cesecore.util.SecureXMLDecoder.readHeader(SecureXMLDecoder.java:168)
	at deployment.ejbca.ear//org.cesecore.util.SecureXMLDecoder.readObject(SecureXMLDecoder.java:141)
	... 214 more

2022-01-18 10:20:38,520+0000 ERROR [org.jboss.as.ejb3.invocation] (ServerService Thread Pool -- 49) WFLYEJB0034: EJB Invocation failed on component OcspResponseGeneratorSessionBean for method public abstract void org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionLocal.initTimers(): javax.ejb.EJBException: java.lang.IllegalStateException: Failed to parse InternalKeyBindingData data map in database: org.xmlpull.v1.XmlPullParserException: only whitespace content allowed before start tag and not 9 (position: START_DOCUMENT seen 9... @1:1) 
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:237)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.supports(CMTTxInterceptor.java:444)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:162)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.IdentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.java:73)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:44)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:633)
	at [email protected]//org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at [email protected]//org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:191)
	at [email protected]//org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:81)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.keybind.InternalKeyBindingDataSessionLocal$$$view11.getInternalKeyBinding(Unknown Source)
	at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionBean.reloadOcspSigningCache(OcspResponseGeneratorSessionBean.java:417)
	at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionBean.initTimers(OcspResponseGeneratorSessionBean.java:260)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:89)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:102)
	at [email protected]//org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:230)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.notSupported(CMTTxInterceptor.java:371)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:147)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.IdentityOutflowInterceptor.processInvocation(IdentityOutflowInterceptor.java:73)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.SecurityDomainInterceptor.processInvocation(SecurityDomainInterceptor.java:44)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:633)
	at [email protected]//org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at [email protected]//org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:191)
	at [email protected]//org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:81)
	at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.ocsp.OcspResponseGeneratorSessionLocal$$$view5.initTimers(Unknown Source)
	at deployment.ejbca.ear.ejbca-ejb.jar//org.ejbca.core.ejb.StartupSingletonBean.startup(StartupSingletonBean.java:349)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceLifecycleMethodInterceptor.processInvocation(ManagedReferenceLifecycleMethodInterceptor.java:96)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doLifecycleInterception(Jsr299BindingsInterceptor.java:126)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:81)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.weld.injection.WeldInjectionInterceptor.processInvocation(WeldInjectionInterceptor.java:53)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceFieldInjectionInterceptorFactory$ManagedReferenceFieldInjectionInterceptor.processInvocation(ManagedReferenceFieldInjectionInterceptorFactory.java:112)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.AroundConstructInterceptorFactory$1.processInvocation(AroundConstructInterceptorFactory.java:28)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.weld.injection.WeldInterceptorInjectionInterceptor.processInvocation(WeldInterceptorInjectionInterceptor.java:56)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsCreateInterceptor.processInvocation(Jsr299BindingsCreateInterceptor.java:111)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.EjbBMTInterceptor.handleInvocation(EjbBMTInterceptor.java:103)
	at [email protected]//org.jboss.as.ejb3.tx.BMTInterceptor.processInvocation(BMTInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.weld.injection.WeldInjectionContextInterceptor.processInvocation(WeldInjectionContextInterceptor.java:43)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.singleton.StartupCountDownInterceptor.processInvocation(StartupCountDownInterceptor.java:25)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:161)
	at [email protected]//org.jboss.as.ee.component.BasicComponent.constructComponentInstance(BasicComponent.java:134)
	at [email protected]//org.jboss.as.ee.component.BasicComponent.createInstance(BasicComponent.java:88)
	at [email protected]//org.jboss.as.ejb3.component.singleton.SingletonComponent.getComponentInstance(SingletonComponent.java:127)
	at [email protected]//org.jboss.as.ejb3.component.singleton.SingletonComponent.start(SingletonComponent.java:141)
	at [email protected]//org.jboss.as.ee.component.ComponentStartService$1.run(ComponentStartService.java:54)
	at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.base/java.util.concurrent.FutureTask.run(Unknown Source)
	at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at java.base/java.lang.Thread.run(Unknown Source)
	at [email protected]//org.jboss.threads.JBossThread.run(JBossThread.java:513)
Caused by: java.lang.IllegalStateException: Failed to parse InternalKeyBindingData data map in database: org.xmlpull.v1.XmlPullParserException: only whitespace content allowed before start tag and not 9 (position: START_DOCUMENT seen 9... @1:1) 
	at deployment.ejbca.ear//org.cesecore.keybind.InternalKeyBindingData.getDataMap(InternalKeyBindingData.java:194)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.keybind.InternalKeyBindingDataSessionBean.getInternalKeyBinding(InternalKeyBindingDataSessionBean.java:98)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
	at java.base/java.lang.reflect.Method.invoke(Unknown Source)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:89)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:102)
	at [email protected]//org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:230)
	... 184 more
Caused by: java.io.IOException: org.xmlpull.v1.XmlPullParserException: only whitespace content allowed before start tag and not 9 (position: START_DOCUMENT seen 9... @1:1) 
	at deployment.ejbca.ear//org.cesecore.util.SecureXMLDecoder.readObject(SecureXMLDecoder.java:157)
	at deployment.ejbca.ear//org.cesecore.keybind.InternalKeyBindingData.getDataMap(InternalKeyBindingData.java:185)
	... 213 more
Caused by: org.xmlpull.v1.XmlPullParserException: only whitespace content allowed before start tag and not 9 (position: START_DOCUMENT seen 9... @1:1) 
	at deployment.ejbca.ear//org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1519)
	at deployment.ejbca.ear//org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1395)
	at deployment.ejbca.ear//org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)
	at deployment.ejbca.ear//org.xmlpull.mxp1.MXParser.nextTag(MXParser.java:1078)
	at deployment.ejbca.ear//org.cesecore.util.SecureXMLDecoder.readHeader(SecureXMLDecoder.java:168)
	at deployment.ejbca.ear//org.cesecore.util.SecureXMLDecoder.readObject(SecureXMLDecoder.java:141)
	... 214 more

No required for some inputs in End Entity Profile

Hi,

There are missing required checkbox in the End Entity Profile editor, I'd like to force requirement of Certificate Validity Start Time and Certificate Validity End Time but I can't,

Does anyone have an idea ?

Thanks in advance !

CA Structure & CRLs Can't get CRL

I find a issue with subjects such like OU, O.. etc. contain special character "&" will show Server 500 or 404 error when request to click "Get CRL"
I just thought the special character "&" didn't convert to URL encode cause the root cause
The & should be convert to %26 (After I manual change the & to %26 the URL works)

https://1.2.3.4:8443/ejbca/adminweb/ca/getcrl/getcrl?cmd=crl&issuer=E=network%40foo.bar%2CCN=foo%20SHA2%20ECDSA%20Root%20CA%2COU=foo%20&%20bar%20Center%2C

2021-12-02 06:03:07,865+0000 INFO  [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-5) 2021-12-02 06:03:07+00:00;ADMINWEB_ADMINISTRATORLOGGEDOUT;SUCCESS;ADMINWEB;EJBCA;UID=c-0ujdlan58r1dlphw7,CN=SuperAdmin,O=EJBCA Container Quickstart;922651399;438E3DA3C244E4F51539F1879EC5CE98EE9F62EC;;remoteip=140.124.3.61,
2021-12-02 06:03:13,644+0000 INFO  [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-5) 2021-12-02 06:03:13+00:00;ADMINWEB_ADMINISTRATORLOGGEDIN;SUCCESS;ADMINWEB;EJBCA;UID=c-0ujdlan58r1dlphw7,CN=SuperAdmin,O=EJBCA Container Quickstart;922651399;438E3DA3C244E4F51539F1879EC5CE98EE9F62EC;;remoteip=140.124.3.61,
2021-12-02 06:03:13,646+0000 INFO  [org.cesecore.certificates.crl.CrlStoreSessionBean] (default task-5) Retrieved CRL from issuer 'UID=c-0ujdlan58r1dlphw7,CN=ManagementCA,O=EJBCA Container Quickstart', with CRL number 1.,
2021-12-02 06:06:16,650+0000 INFO  [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (EJB default - 1) Reloading CA certificate cache.,
2021-12-02 06:06:46,044+0000 INFO  [org.cesecore.certificates.crl.CrlStoreSessionBean] (default task-5) Error retrieving CRL for issuer '[email protected],CN=foo SHA2 ECDSA Root CA,OU=foo' with CRL number 0.

Docker keyfactor/ejbca-ce on ARM64

Hello team, could you please publish linux/arm64 image to https://hub.docker.com/r/keyfactor/ejbca-ce/ ? This will help to set up development boxes on Mac M1 notebooks.

Under Mac AMD64 emulation, docker start is just hung at:

[/opt/primekey/bin/start.sh] (process:1) Creating database tables...

Publish artifacts to a server using SCP

EJBCA Enterprise contains a publisher called "SCP publisher" which can publish CRLs and certificates to another server using SCP.

It would be nice to have something similar in EJBCA Community. The publisher in EJBCA Enterprise also has certain limitations, e.g. it publishes the certificates as a serialised Java objects which makes it difficult to read them with a non-Java application. It could also be useful to be able to invoke a script after the publisher has completed.

There is a library here on GitHub called sshj which provides an SCP client for Java.

The publisher could be written as a plugin by adding a class to the org.ejbca.scp.publisher package. For example:

public class ScpPublisherv2 extends CustomPublisherContainer implements ICustomPublisher, CustomPublisherUiSupport {
    // Implementation goes here
}

Here are some features which would be nice to have:

Support publishing of CRLs, certificates and pre-produced OCSP responses
Attempt to create the specified directory if it does not exist
Support the following variables in path:
- ISO_TIMESTAMP, e.g. 2022-01-01T13:37
- ISSUER_DN, e.g. CN=Foo CA,O=Foo AB,C=SE
- ISSUER_CN, e.g. Foo CA
- SERIAL_NUMBER (only for certificates), e.g. 0E34CB12
- CRL_NUMBER (only for CRLs), e.g. 3
Atomic publishing by transferring to a temporary directory and then moving the file to the correct location
Optionally invoke the specified script after publishing
Authenticate with a private key which is either uploaded as a file or pasted in a textbox
The button "Save and test connection" should print the current public key fingerprint of the server
The button "Save" should cache the current public key fingerprint

With these features supported, the following information needs to be specified by the CA administrator:

SSH username
IP or hostname
Port number
The name of the directories where the artifacts will be published
A private key
The password of the private key
The name of the script to invoke after publishing

Error when running ejbca-setup.sh

I am installing ejbca on a linux machine,(ubuntu 20.04), I follow the steps at ejbca quick star guide: https://doc.primekey.com/ejbca6152/tutorials-and-guides/quick-start-guide . However, whenever I run the script
./<ejbca-install-directory>/bin/extra/ejbca-setup

I got the following errors:

Init database
Dropping all database tables in database ejbcatest (using the script ejbca/doc/sql-scripts/drop-tables-ejbca-mysql.sql), using DB user ejbca, who should have privileges to do that
ERROR 1146 (42S02) at line 1: Table 'ejbcatest.AccessRulesData' doesn't exist
ERROR 1146 (42S02) at line 2: Table 'ejbcatest.AdminEntityData' doesn't exist

The script continues executing,but at the step of running wildfly, it ends in failure and the script is stopped. Could anybody tell me what this error was due to?
Thanks in advance :)

Notification Events

Hello, we have upgraded EJBCA from 6.5 to 7.8.2.1. We noticed some email notification events are deprecated like STATUSINITIALIZED and STATUSINPROCESS. Is there another way to activate the user notification, like when a user requests a new certificates.

https://doc.primekey.com/ejbca/ejbca-operations/ejbca-ca-concept-guide/end-entities-overview/end-entity-profiles-overview/e-mail-notifications#EmailNotifications-NotificationEventsNotificationEvents

Thanks in Advanced,
Zm

EJBCA Community - SCEP and CISCO Devices, problems with CERT STATUS expected value?

I have setup EJBCA as a divisional CA. Both root and issuing. Windows servers no issues. CISCO devices are my next obstacle (who wants to use self-signed certificates, and go through the 'i acknowledge' every time?! lol

Grabbing the CA chain, no problems.

Enrolling for the device cert is where the problems begin...

Logs:

1st attempt (ejbca successful - CISCO failed (says no cert and says request failed))

2022-05-26 15:31:48,166-0400 INFO [org.ejbca.ui.web.protocol.ScepServlet] (default task-5) No SCEP alias specified in the URL. Using the default alias: scep
2022-05-26 15:31:48,166-0400 INFO [org.ejbca.ui.web.protocol.ScepServlet] (default task-5) Received a SCEP message from (IP).
2022-05-26 15:31:48,180-0400 INFO [org.cesecore.certificates.certificate.request.PKCS10RequestMessage] (default task-5) No CN in DN: SN=(SN)+unstructuredName=(FQDN)
2022-05-26 15:31:48,180-0400 INFO [org.cesecore.certificates.certificate.request.PKCS10RequestMessage] (default task-5) No CN in DN: SN=(SN)+unstructuredName=(FQDN)
2022-05-26 15:31:48,182-0400 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-5) 2022-05-26 15:31:48-04:00;CA_USERAUTH;SUCCESS;CA;EJBCA;(IP);-1207975468;;(SN);msg=Authenticated user (SN).
2022-05-26 15:31:48,185-0400 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-5) 2022-05-26 15:31:48-04:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;(IP);;;;resource0=/ca_functionality/create_certificate;resource1=/ca/-1207975468
2022-05-26 15:31:48,185-0400 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-5) 2022-05-26 15:31:48-04:00;CERT_REQUEST;SUCCESS;CERTIFICATE;CORE;(IP);-1207975468;;(SN);subjectdn=unstructuredName=(FQDN),SN=(SN);requestX500name=SN=(SN)+unstructuredName=(FQDN);subjectaltname=DNSNAME=(FQDN), IPADDRESS=(IP), IPADDRESS=(IP2);requestaltname=;certprofile=1340328713;keyusage=-1;notbefore=;notafter=;sequence=;publickey=(removed)
2022-05-26 15:31:48,192-0400 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-5) 2022-05-26 15:31:48-04:00;CERT_STORED;SUCCESS;CERTIFICATE;CORE;(IP);-1207975468;(Serial);(SN);msg=Certificate stored for username '(SN)', fp=c5fce136128b3b4841e702f9d243964d7ea669ae, subjectDN 'unstructuredName=(FQDN),SN=(SN)', issuerDN 'CN=(IssuingCN)', serialNo=(Serial).
2022-05-26 15:31:48,193-0400 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-5) 2022-05-26 15:31:48-04:00;CERT_CREATION;SUCCESS;CERTIFICATE;CORE;(IP);-1207975468;(Serial);(SN);subjectdn=unstructuredName=(FQDN),SN=(SN);certprofile=1340328713;issuancerevocationreason=-1;cert=(removed)
2022-05-26 15:31:48,206-0400 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-5) 2022-05-26 15:31:48-04:00;RA_EDITENDENTITY;SUCCESS;RA;CORE;Local admin call from EndEntityManagementSession.decRequestCounter;-1207975468;;(SN);msg=Edited end entity (SN), new status 40.
2022-05-26 15:31:48,206-0400 INFO [org.ejbca.core.ejb.ca.auth.EndEntityAuthenticationSessionBean] (default task-5) Changed status for '(SN)' to STATUS_GENERATED.
2022-05-26 15:31:48,210-0400 INFO [org.ejbca.ui.web.protocol.ScepServlet] (default task-5) Sent a SCEP PKIOperation response to (IP).

Changed the certificate from GENERATED back to NEW to attempt again

2nd attempt (ejbca failed - CISCO failed (says no cert and says request failed))

2022-05-26 15:31:49,881-0400 INFO [org.ejbca.ui.web.protocol.ScepServlet] (default task-5) No SCEP alias specified in the URL. Using the default alias: scep
2022-05-26 15:31:49,882-0400 INFO [org.ejbca.ui.web.protocol.ScepServlet] (default task-5) Received a SCEP message from (IP).
2022-05-26 15:31:49,889-0400 INFO [org.cesecore.certificates.certificate.request.PKCS10RequestMessage] (default task-5) No CN in DN: SN=(SN)+unstructuredName=(FQDN)
2022-05-26 15:31:49,889-0400 INFO [org.cesecore.certificates.certificate.request.PKCS10RequestMessage] (default task-5) No CN in DN: SN=(SN)+unstructuredName=(FQDN)
2022-05-26 15:31:49,890-0400 INFO [org.ejbca.core.ejb.ca.auth.EndEntityAuthenticationSessionBean] (default task-5) Got request with status GENERATED (40), NEW, FAILED or INPROCESS required: (SN).
2022-05-26 15:31:49,890-0400 INFO [org.cesecore.certificates.certificate.request.PKCS10RequestMessage] (default task-5) No CN in DN: SN=(SN)+unstructuredName=(FQDN)
2022-05-26 15:31:49,890-0400 INFO [org.ejbca.core.protocol.scep.ScepMessageDispatcherSessionBean] (default task-5) Attempted to enroll on an end entity (username: (SN), alias: scep) with incorrect status: Got request with status GENERATED (40), NEW, FAILED or INPROCESS required: (SN).: org.ejbca.core.model.ca.AuthStatusException: Got request with status GENERATED (40), NEW, FAILED or INPROCESS required: (SN).
2022-05-26 15:31:48,206-0400 INFO [org.ejbca.core.ejb.ca.auth.EndEntityAuthenticationSessionBean] (default task-5) Changed status for '(SN)' to STATUS_GENERATED.
2022-05-26 15:31:49,897-0400 INFO [org.ejbca.ui.web.protocol.ScepServlet] (default task-5) Sent a SCEP PKIOperation response to (IP).

So, why is EJBCA (or is it CISCO) expecting the cert status to match the serial number and not generated?

Jonathan

RA Web Role Members "Unknown CA"

ejbca-ce-EJBCA_7_9_0_2_20220616

When adding a Role Member via RA Web it results in an "Unknown CA".

Doing this in the Administration Web GUI its doing well, and is also shown correctly in RA Web.

WARNING: An illegal reflective access operation has occurred

Greetings colleagues.
It turns out that I am implementing the primekey/ejbca-ce image in a virtualized environment. I cloned the virtual server where I have it running and when I lift the container on the new server I get this error in the logs:
WARNING: An illegal reflective access operation has occurred...
I can access the public web via http but I cannot access the interface via https.
I will appreciate any suggestions
Thanks

Refreshing Crypto Tokens page after deleting a token causes another token to be deleted.

I think this can only happen with unused crypto tokens.

EJBCA 7.4.3.2 Community official Docker container

Steps to reproduce:

Create three soft crypto tokens (e.g. test0, test1, test2).
Click delete by test0 and confirm.
Refresh the page. If it asks to resend data click ok.
test1 should disappear.
Refresh again.
test2 should disappear.

DB2 support

Can I add DB2 driver (db2jcc4.jar) to container and connect to DB2 database?

Deleting a Crypto Token in 7.9.0.2 generates an NPE

Whether deleting a Soft token or a PKCS11 token on an HSM (specifically tested with Utimaco PCIe Se12), it generates a NullPointerException (NPE) on the back-end and a message on the GUI: "An exception has occurred". I haven't tried it with a token that was empty - but the software and hardware tokens did have keys in them. While it is easier to clean up the P11 token in the HSM (by reinitializing it), is there any way to clean up the software tokens? Thanks.

The NPE is shown below:

`2022-09-19 16:42:29,942 ERROR [org.jboss.as.ejb3.invocation] (default task-1) WFLYEJB0034: Jakarta Enterprise Beans Invocation failed on component GlobalConfigurationSessionBean for method public abstract org.cesecore.configuration.ConfigurationBase org.cesecore.configuration.GlobalConfigurationSession.getCachedConfiguration(java.lang.String): javax.ejb.EJBException: java.lang.NullPointerException
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:239)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.notSupported(CMTTxInterceptor.java:373)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:149)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:633)
	at [email protected]//org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at [email protected]//org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:191)
	at [email protected]//org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:81)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.configuration.GlobalConfigurationSessionLocal$$$view46.getCachedConfiguration(Unknown Source)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.cryptotoken.CryptoTokenMBean.referencedAcmeConfigurationIDs(CryptoTokenMBean.java:944)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.cryptotoken.CryptoTokenMBean.deleteCryptoToken(CryptoTokenMBean.java:924)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at [email protected]//com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:153)
	at [email protected]//com.sun.el.parser.AstValue.invoke(AstValue.java:261)
	at [email protected]//com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:237)
	at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
	at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
	at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
	at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
	at [email protected]//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65)
	at [email protected]//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:66)
	at [email protected]//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:82)
	at [email protected]//com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:71)
	at [email protected]//javax.faces.component.UICommand.broadcast(UICommand.java:222)
	at [email protected]//javax.faces.component.UIData.broadcast(UIData.java:1127)
	at [email protected]//javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847)
	at [email protected]//javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396)
	at [email protected]//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58)
	at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
	at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
	at [email protected]//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
	at [email protected]//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
	at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:223)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at [email protected]//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
	at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
	at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
	at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
	at [email protected]//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at [email protected]//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at [email protected]//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
	at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
	at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
	at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
	at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
	at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.lang.NullPointerException
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.configuration.GlobalConfigurationSessionBean$GlobalConfigurationCacheHolder.updateConfiguration(GlobalConfigurationSessionBean.java:272)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.configuration.GlobalConfigurationSessionBean.getCachedConfiguration(GlobalConfigurationSessionBean.java:111)
	at jdk.internal.reflect.GeneratedMethodAccessor222.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:89)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:102)
	at [email protected]//org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:232)
	... 119 more

2022-09-19 16:42:29,960 WARNING [javax.enterprise.resource.webcontainer.jsf.lifecycle] (default task-1) #{cryptoTokenMBean.deleteCryptoToken}: javax.ejb.EJBException: java.lang.NullPointerException: javax.faces.FacesException: #{cryptoTokenMBean.deleteCryptoToken}: javax.ejb.EJBException: java.lang.NullPointerException
	at [email protected]//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:96)
	at [email protected]//com.sun.faces.application.ActionListenerImpl.processAction(ActionListenerImpl.java:71)
	at [email protected]//javax.faces.component.UICommand.broadcast(UICommand.java:222)
	at [email protected]//javax.faces.component.UIData.broadcast(UIData.java:1127)
	at [email protected]//javax.faces.component.UIViewRoot.broadcastEvents(UIViewRoot.java:847)
	at [email protected]//javax.faces.component.UIViewRoot.processApplication(UIViewRoot.java:1396)
	at [email protected]//com.sun.faces.lifecycle.InvokeApplicationPhase.execute(InvokeApplicationPhase.java:58)
	at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:76)
	at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.execute(LifecycleImpl.java:177)
	at [email protected]//javax.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:707)
	at [email protected]//javax.faces.webapp.FacesServlet.service(FacesServlet.java:451)
	at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at io.opentracing.contrib.opentracing-jaxrs2//io.opentracing.contrib.jaxrs2.server.SpanFinishingFilter.doFilter(SpanFinishingFilter.java:52)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:223)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:61)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at [email protected]//org.wildfly.extension.undertow.security.SecurityContextAssociationHandler.handleRequest(SecurityContextAssociationHandler.java:78)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
	at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
	at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
	at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:59)
	at [email protected]//io.undertow.security.handlers.AuthenticationMechanismsHandler.handleRequest(AuthenticationMechanismsHandler.java:60)
	at [email protected]//io.undertow.servlet.handlers.security.CachedAuthenticatedSessionHandler.handleRequest(CachedAuthenticatedSessionHandler.java:77)
	at [email protected]//io.undertow.security.handlers.NotificationReceiverHandler.handleRequest(NotificationReceiverHandler.java:50)
	at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:61)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:68)
	at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:269)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$100(ServletInitialHandler.java:78)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:133)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:130)
	at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at [email protected]//org.wildfly.extension.undertow.security.SecurityContextThreadSetupAction.lambda$create$0(SecurityContextThreadSetupAction.java:105)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1535)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:249)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.access$000(ServletInitialHandler.java:78)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$1.handleRequest(ServletInitialHandler.java:99)
	at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:387)
	at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:841)
	at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1377)
	at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1280)
	at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: javax.faces.el.EvaluationException: javax.ejb.EJBException: java.lang.NullPointerException
	at [email protected]//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:76)
	at [email protected]//com.sun.faces.application.ActionListenerImpl.getNavigationOutcome(ActionListenerImpl.java:82)
	... 71 more
Caused by: javax.ejb.EJBException: java.lang.NullPointerException
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:239)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.notSupported(CMTTxInterceptor.java:373)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:149)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
	at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.CurrentInvocationContextInterceptor.processInvocation(CurrentInvocationContextInterceptor.java:41)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.WaitTimeInterceptor.processInvocation(WaitTimeInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.security.SecurityContextInterceptor.processInvocation(SecurityContextInterceptor.java:100)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.deployment.processors.StartupAwaitInterceptor.processInvocation(StartupAwaitInterceptor.java:22)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.ShutDownInterceptorFactory$1.processInvocation(ShutDownInterceptorFactory.java:64)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.LoggingInterceptor.processInvocation(LoggingInterceptor.java:67)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.component.NamespaceContextInterceptor.processInvocation(NamespaceContextInterceptor.java:50)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ContextClassLoaderInterceptor.processInvocation(ContextClassLoaderInterceptor.java:60)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext.run(InterceptorContext.java:438)
	at [email protected]//org.wildfly.security.manager.WildFlySecurityManager.doChecked(WildFlySecurityManager.java:633)
	at [email protected]//org.jboss.invocation.AccessCheckingInterceptor.processInvocation(AccessCheckingInterceptor.java:57)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.ViewService$View.invoke(ViewService.java:198)
	at [email protected]//org.jboss.as.ee.component.ViewDescription$1.processInvocation(ViewDescription.java:191)
	at [email protected]//org.jboss.as.ee.component.ProxyInvocationHandler.invoke(ProxyInvocationHandler.java:81)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.configuration.GlobalConfigurationSessionLocal$$$view46.getCachedConfiguration(Unknown Source)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.cryptotoken.CryptoTokenMBean.referencedAcmeConfigurationIDs(CryptoTokenMBean.java:944)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.cryptotoken.CryptoTokenMBean.deleteCryptoToken(CryptoTokenMBean.java:924)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at [email protected]//com.sun.el.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:153)
	at [email protected]//com.sun.el.parser.AstValue.invoke(AstValue.java:261)
	at [email protected]//com.sun.el.MethodExpressionImpl.invoke(MethodExpressionImpl.java:237)
	at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
	at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
	at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
	at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
	at [email protected]//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:65)
	at [email protected]//com.sun.faces.application.MethodBindingMethodExpressionAdapter.invoke(MethodBindingMethodExpressionAdapter.java:66)
	... 72 more
Caused by: java.lang.NullPointerException
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.configuration.GlobalConfigurationSessionBean$GlobalConfigurationCacheHolder.updateConfiguration(GlobalConfigurationSessionBean.java:272)
	at deployment.ejbca.ear.cesecore-ejb.jar//org.cesecore.configuration.GlobalConfigurationSessionBean.getCachedConfiguration(GlobalConfigurationSessionBean.java:111)
	at jdk.internal.reflect.GeneratedMethodAccessor222.invoke(Unknown Source)
	at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
	at java.base/java.lang.reflect.Method.invoke(Method.java:566)
	at [email protected]//org.jboss.as.ee.component.ManagedReferenceMethodInterceptor.processInvocation(ManagedReferenceMethodInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.delegateInterception(Jsr299BindingsInterceptor.java:79)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.doMethodInterception(Jsr299BindingsInterceptor.java:89)
	at [email protected]//org.jboss.as.weld.interceptors.Jsr299BindingsInterceptor.processInvocation(Jsr299BindingsInterceptor.java:102)
	at [email protected]//org.jboss.as.ee.component.interceptors.UserInterceptorFactory$1.processInvocation(UserInterceptorFactory.java:63)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.invocationmetrics.ExecutionTimeInterceptor.processInvocation(ExecutionTimeInterceptor.java:43)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.jpa.interceptor.SBInvocationInterceptor.processInvocation(SBInvocationInterceptor.java:47)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ee.concurrent.ConcurrentContextInterceptor.processInvocation(ConcurrentContextInterceptor.java:45)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.InitialInterceptor.processInvocation(InitialInterceptor.java:40)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.invocation.ChainedInterceptor.processInvocation(ChainedInterceptor.java:53)
	at [email protected]//org.jboss.as.ee.component.interceptors.ComponentDispatcherInterceptor.processInvocation(ComponentDispatcherInterceptor.java:52)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.pool.PooledInstanceInterceptor.processInvocation(PooledInstanceInterceptor.java:51)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.component.interceptors.AdditionalSetupInterceptor.processInvocation(AdditionalSetupInterceptor.java:54)
	at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
	at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInNoTx(CMTTxInterceptor.java:232)
	... 119 more`

EJBCA 7.9.0.x community edition deployment issues

This is something that I am not really familiar with, but I banged my head against the wall some days and nights because of this. Of course I might have missed something that is obvious for everyone else.

Following the deployment instructions "ant deploy-keystore" copies the two files to Wildfly .../keystore as ".jks" while the instructions to configure Wildfly 24 refer to the same files as ".p12". The deployment succeeds but nothing works as for some weird reason Wildfly startup doesn't fail if the configured certificates are missing.

As the next step, while finally after endless troubleshooting I found this issue, my .p12 files were owned by root. Then at least Wildfly finally failed to start up. So chown wildfly.wildfly .../keystore/*.p12 would also be needed to do a successful setup after the files have been named correctly.

A smaller issue is that whatever configuration files you put into /opt/ejbca-custom are copied by ant to /opt/ejbca/ instead of /opt/ejbca/conf where they are actually read from during the configuration and installation.

How to configure utimaco PKCS11 R3 lib

Since latest version of utimaco cryptoserver, use PKCS#11 R3 lib file, but current web.properties does not have such configurations:https://github.com/Keyfactor/ejbca-ce/blob/main/src/java/defaultvalues.properties,it still only have the R2 configurations
I want to know if ejbca can support Utimaco R3 if does, which version will support it, and how the web.properties will look like?

I can't access superadmin console

Hello, I have installed the docker version of ejbca, with the Quick Start: Classic Workflow, with the command line
docker run -it --rm -p 80:8080 -p 443:8443 -h mycahostname keyfactor/ejbca-ce
I am able to access and download the superadmin.p12 certificate and import it into my browser, however it does not allow me to access the ejbca admin console "https://localhost/ejbca/adminweb/" I get the message "Authorization Denied
No client certificate was presented". Can you help me please?

Update from ejbca-ce 6.15 to 7.4/7.9: Java-error "could not deserialize" in wildfly's server.log

Hello @ll,

we followed the instruction from https://doc.primekey.com/ejbca790/ejbca-installation/application-servers/wildfly-24 and ending up in the java error: could not deserialize.
Trace:
2022-09-06 10:50:51,926 INFO [org.ejbca.core.ejb.authorization.AuthorizationSystemSessionBean] (ServerService Thread Pool -- 117) Roles or CAs exist, not intializing Super Administrator Role
2022-09-06 10:50:56,574 WARN [io.undertow.servlet] (ServerService Thread Pool -- 98) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2022-09-06 10:50:56,577 INFO [org.wildfly.extension.undertow] (ServerService Thread Pool -- 98) WFLYUT0021: Registered web context: '/ejbca/ra' for server 'default-server'
2022-09-06 10:50:58,321 ERROR [org.jboss.as.ejb3.invocation] (ServerService Thread Pool -- 117) WFLYEJB0034: EJB Invocation failed on component EndEntityProfileSessionBean for method public abstract void org.ejbca.core.ejb.ra.raadmin.EndEntityProfileSessionLocal.initializeAndUpgradeProfiles(): javax.ejb.EJBException: javax.persistence.PersistenceException: org.hibernate.type.SerializationException: could not deserialize
at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInOurTx(CMTTxInterceptor.java:266)
at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.required(CMTTxInterceptor.java:388)
at [email protected]//org.jboss.as.ejb3.tx.CMTTxInterceptor.processInvocation(CMTTxInterceptor.java:158)
at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at [email protected]//org.jboss.invocation.InterceptorContext$Invocation.proceed(InterceptorContext.java:509)
at [email protected]//org.jboss.weld.module.ejb.AbstractEJBRequestScopeActivationInterceptor.aroundInvoke(AbstractEJBRequestScopeActivationInterceptor.java:72)
at [email protected]//org.jboss.as.weld.ejb.EjbRequestScopeActivationInterceptor.processInvocation(EjbRequestScopeActivationInterceptor.java:89)
at [email protected]//org.jboss.invocation.InterceptorContext.proceed(InterceptorContext.java:422)
at

Lines later in wildfly's server.log we get also the error message: ClassNotFoundException: org.jboss.invocation.MarshalledValue

Complete line for "ClassNotFoundException":

2022-09-07 08:34:52,439 ERROR [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 109) Error thrown during upgrade: : javax.ejb.EJBException: java.lang.IllegalStateException: java.lang.ClassNotFoundException: org.jboss.invocation.MarshalledValue from [Module "deployment.ejbca.ear" from Service Module Loader]

In wildfly's standalone.xml we could find the line:

and the file:

/opt/kvtg/wildfly-24.0.1.Final/modules/system/layers/base/org/jboss/as/clustering/infinispan

but we could not find:

# standalone.xml
/opt/kvtg/wildfly-24.0.1.Final/modules/system/layers/base/org/jboss/invocation/MarshalledValue # Linux file system

We used following system and software versions:
OS: Centos 7
Wildfly: 24 (we tried v20 and v15 as well)
ant: 1.9.4
ejbca: 7.9 (7.4 also)
java: java-1.8.0-openjdk-1.8.0.342.b07-1.el79 (java 11 has the same behavior).

At the moment we have not any success and any help is apreciated.

Kind regards,
Michael

Execution issue with ejbca-ejb-cli.jar

Hi,

Bitnami developer here. We are working on the release of EJBCA version 7.10.0 but executing the ejbca-ejb-cli.jar is failing with the following error:

root@cd60b543682e:/# /opt/bitnami/java/bin/java -jar /opt/bitnami/ejbca/dist//bca-ejb-cli/ejbca-ejb-cli.jar
09:23:52.270 [main] ERROR org.cesecore.jndi.JndiHelper - JNDI name lookup error
javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or in an application resource file: java.naming.factory.initial
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:702) ~[?:?]
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[?:?]
	at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:342) ~[?:?]
	at javax.naming.InitialContext.lookup(InitialContext.java:409) ~[?:?]
	at org.cesecore.jndi.JndiHelper.getRemoteSession(JndiHelper.java:70) [cesecore-common.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
	at org.cesecore.util.EjbRemoteHelper.getRemoteSession(EjbRemoteHelper.java:79) [cesecore-common.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
	at org.cesecore.util.EjbRemoteHelper.getRemoteSession(EjbRemoteHelper.java:54) [cesecore-common.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
	at org.ejbca.ui.cli.ra.AddEndEntityCommand.<init>(AddEndEntityCommand.java:97) [ejbca-ejb-cli.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
	at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [?:?]
	at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:490) [?:?]
	at java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:780) [?:?]
	at java.util.ServiceLoader$ProviderImpl.get(ServiceLoader.java:722) [?:?]
	at java.util.ServiceLoader$3.next(ServiceLoader.java:1395) [?:?]
	at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.<init>(CommandLibrary.java:52) [keyfactor-commons-cli-1.0.0.jar:?]
	at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.<clinit>(CommandLibrary.java:36) [keyfactor-commons-cli-1.0.0.jar:?]
	at org.ejbca.ui.cli.EjbcaEjbCli.main(EjbcaEjbCli.java:38) [ejbca-ejb-cli.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
Exception in thread "main" java.util.ServiceConfigurationError: org.ejbca.ui.cli.infrastructure.command.CliCommandPlugin: Provider org.ejbca.ui.cli.ra.AddEndEntityCommand could not be instantiated
	at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:582)
	at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:804)
	at java.base/java.util.ServiceLoader$ProviderImpl.get(ServiceLoader.java:722)
	at java.base/java.util.ServiceLoader$3.next(ServiceLoader.java:1395)
	at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.<init>(CommandLibrary.java:52)
	at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.<clinit>(CommandLibrary.java:36)
	at org.ejbca.ui.cli.EjbcaEjbCli.main(EjbcaEjbCli.java:38)
Caused by: java.lang.NullPointerException
	at org.ejbca.ui.cli.ra.AddEndEntityCommand.<init>(AddEndEntityCommand.java:98)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
	at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:780)
	... 5 more
roooot@cd60b543682e:/# /opt/bitnami/java/bin/java -jar /opt/bitnami/ejbca/distjbcejb-cli/ejbca-ejb-cli.jar
09:24:05.062 [main] ERROR org.cesecore.jndi.JndiHelper - JNDI name lookup error
javax.naming.NoInitialContextException: Need to specify class name in environment or system property, or in an application resource file: java.naming.factory.initial
	at javax.naming.spi.NamingManager.getInitialContext(NamingManager.java:702) ~[?:?]
	at javax.naming.InitialContext.getDefaultInitCtx(InitialContext.java:305) ~[?:?]
	at javax.naming.InitialContext.getURLOrDefaultInitCtx(InitialContext.java:342) ~[?:?]
	at javax.naming.InitialContext.lookup(InitialContext.java:409) ~[?:?]
	at org.cesecore.jndi.JndiHelper.getRemoteSession(JndiHelper.java:70) [cesecore-common.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
	at org.cesecore.util.EjbRemoteHelper.getRemoteSession(EjbRemoteHelper.java:79) [cesecore-common.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
	at org.cesecore.util.EjbRemoteHelper.getRemoteSession(EjbRemoteHelper.java:54) [cesecore-common.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
	at org.ejbca.ui.cli.ra.AddEndEntityCommand.<init>(AddEndEntityCommand.java:97) [ejbca-ejb-cli.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
	at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) [?:?]
	at jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) [?:?]
	at java.lang.reflect.Constructor.newInstance(Constructor.java:490) [?:?]
	at java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:780) [?:?]
	at java.util.ServiceLoader$ProviderImpl.get(ServiceLoader.java:722) [?:?]
	at java.util.ServiceLoader$3.next(ServiceLoader.java:1395) [?:?]
	at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.<init>(CommandLibrary.java:52) [keyfactor-commons-cli-1.0.0.jar:?]
	at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.<clinit>(CommandLibrary.java:36) [keyfactor-commons-cli-1.0.0.jar:?]
	at org.ejbca.ui.cli.EjbcaEjbCli.main(EjbcaEjbCli.java:38) [ejbca-ejb-cli.jar:EJBCA 7.10.0.1 Community (a3751951068a789517bb8b2a7f738cdf00cb0df3)]
Exception in thread "main" java.util.ServiceConfigurationError: org.ejbca.ui.cli.infrastructure.command.CliCommandPlugin: Provider org.ejbca.ui.cli.ra.AddEndEntityCommand could not be instantiated
	at java.base/java.util.ServiceLoader.fail(ServiceLoader.java:582)
	at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:804)
	at java.base/java.util.ServiceLoader$ProviderImpl.get(ServiceLoader.java:722)
	at java.base/java.util.ServiceLoader$3.next(ServiceLoader.java:1395)
	at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.<init>(CommandLibrary.java:52)
	at org.ejbca.ui.cli.infrastructure.library.CommandLibrary.<clinit>(CommandLibrary.java:36)
	at org.ejbca.ui.cli.EjbcaEjbCli.main(EjbcaEjbCli.java:38)
Caused by: java.lang.NullPointerException
	at org.ejbca.ui.cli.ra.AddEndEntityCommand.<init>(AddEndEntityCommand.java:98)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
	at java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62)
	at java.base/jdk.internal.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
	at java.base/java.lang.reflect.Constructor.newInstance(Constructor.java:490)
	at java.base/java.util.ServiceLoader$ProviderImpl.newInstance(ServiceLoader.java:780)
	... 5 more

We are using Java version 11.0.15-1 and Wildfly 26.1.1-157 without any changes to the previous configuration. The ejbca-ejb-cli folder contains these files:

root@cd60b543682e:/# ls -la /opt/bitnami/ejbca/dist/ejbca-ejb-cli/
total 536
drwxrwxr-x 1 root root   4096 Oct 18 13:51 .
drwxrwxr-x 1 root root   4096 Oct 18 13:51 ..
-rw-rw-r-- 1 root root 501236 Oct 18 13:32 ejbca-ejb-cli.jar
drwxrwxr-x 1 root root   4096 Oct 18 13:51 intresources
-rw-rw-r-- 1 root root    273 Oct 18 13:32 jboss-ejb-client.properties
-rw-rw-r-- 1 root root    146 Oct 18 13:32 jndi.properties
drwxrwxr-x 1 root root   4096 Oct 18 13:51 lib
-rw-rw-r-- 1 root root   2260 Oct 18 13:32 log4j.xml

The jndi.properties file content:

root@cd60b543682e:/opt/bitnami/ejbca/dist/ejbca-ejb-cli# cat  jndi.properties
# JBoss 7
java.naming.factory.url.pkgs=org.jboss.ejb.client.naming

And the jboss-ejb-client.properties file content:

root@cd60b543682e:/opt/bitnami/ejbca/dist/ejbca-ejb-cli# cat jboss-ejb-client.properties

remote.connectionprovider.create.options.org.xnio.Options.SSL_ENABLED=false
remote.connections=default
remote.connection.default.host=localhost
remote.connection.default.port = 4447
remote.connection.default.connect.options.org.xnio.Options.SASL_POLICY_NOANONYMOUS=false

I couldn't find any changes in the Changelog that could explain why it would fail as we are using the recommended versions of the components.

https://doc.primekey.com/ejbca/ejbca-installation/managing-ejbca-configurations

Could you please help me with this issue?

Release EJBCA CE 7.9.0.2 bad zip

The downloaded file for the release EJBCA CE 7.9.0.2 has an "unexpected end of file" error. I downloaded it multiple times, both the .zip and the .tar.gz and its the same. I can still extract using tar command and I get a bunch of files but I though it best to post this issue in case some of the files are broken or something of the sort.
Cheers. Edelmiro.

EJBCA CE Jboss EAP 7.4 Compatibility

Hello,

Could I please check if EJBCA CE is supported on JBOSS EAP 7.4 which has been GA released for almost 10 months now. I tried searching but could not find any documentation around JBOSS EAP 7.4 compatibility

EJBCA 7.9.0.2 community edition docker - typo in ra web interface with apache ajp proxy

Hi !

In EJBCA-CE 7.9.0.2 on docker there is a typo leading to a "not found page":

To reproduce, in GUI:

go to "End entity profiles"
in the list of profiles select an End Entity Profile (alternatively create a new End Entity Profile then select for edit)
click on the button "Edit End Entity Profile"
getting a "not found" page.

Looking at the url after clicking the "edit" button, there are two Bs in the URL:

"ejbca/adminwebb/ra....." instead of "ejbca/adminweb/ra....".

Correcting manually the url leads to the correct page.

Thank you for your time !!

New release due to log4j vulnurability

Hi! There is a serious log4j vulnerability https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44228. Is there a plan for a new release with an updated log4j?

SQL scripts have invalid SQL syntax with PostgreSQL

sql-scripts/create-index-ejbca.sql has the following error with PostgreSQL (tested with 13):

STATEMENT: DROP INDEX IF EXISTS crldata_idx3 ON CRLData;
db_1 | ERROR: syntax error at or near "ON"
db_1 | LINE 1: DROP INDEX IF EXISTS crldata_idx3 ON CRLData;

The "ON CRLData" should be removed for these 2 entries:
DROP INDEX IF EXISTS crldata_idx3 ON CRLData;
DROP INDEX IF EXISTS crldata_idx4 ON CRLData;

How to add multiple custom qc statement on certificate profile

I have checked certificate profiles page on UI and there is only one input field for adding custom qc statement. But I want to add more than one custom qc statement.

Is there any possibility to solve that or should I do customization?

EJBCA Upgrade from 6.5.x to 7.4.x fail - Fail to drop indexes on Postgres

I am testing upgrade and there is an issue during the upgrade. Reproduced using docker image version 7.4.3.2.

2022-01-18 10:20:38,163+0000 WARN  [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread Pool -- 49) SQL Error: 0, SQLState: 42601
2022-01-18 10:20:38,163+0000 ERROR [org.hibernate.engine.jdbc.spi.SqlExceptionHelper] (ServerService Thread Pool -- 49) ERROR: syntax error at or near "ON"
  Position: 35
2022-01-18 10:20:38,170+0000 ERROR [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 49) An error occurred when adjusting indexes for database table 'CRLData': javax.persistence.PersistenceException: org.hibernate.exception.SQLGrammarException: could not execute statement
2022-01-18 10:20:38,170+0000 ERROR [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 49) You can update the indexes manually by running the following SQL queries:
2022-01-18 10:20:38,170+0000 ERROR [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 49)     DROP INDEX IF EXISTS crldata_idx3 ON CRLData;
2022-01-18 10:20:38,170+0000 ERROR [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 49)     DROP INDEX IF EXISTS crldata_idx4 ON CRLData;
2022-01-18 10:20:38,170+0000 ERROR [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 49)     CREATE INDEX IF NOT EXISTS crldata_idx5 ON CRLData(cRLNumber, issuerDN, crlPartitionIndex);
2022-01-18 10:20:38,170+0000 ERROR [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 49)     CREATE UNIQUE INDEX IF NOT EXISTS crldata_idx6 ON CRLData(issuerDN, crlPartitionIndex, deltaCRLIndicator, cRLNumber);
2022-01-18 10:20:38,170+0000 ERROR [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 49) These changes are only needed if you want to use 'Partitioned CRLs'. See ECA-8680.
2022-01-18 10:20:38,170+0000 INFO  [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 49) If an index could not be created because duplicates were found you could remove them using something like:
    DELETE t1 FROM CRLData t1, CRLData t2 WHERE t1.fingerprint > t2.fingerprint AND t1.issuerDN = t2.issuerDN 
AND t1.deltaCRLIndicator = t2.deltaCRLIndicator AND t1.cRLNumber = t2.cRLNumber AND t1.crlPartitionIndex = t2.crlPartitionIndex;
``

[Droping index](https://www.postgresql.org/docs/14/sql-dropindex.html) in Postgres does not require define table. Using name is enough.

superadmin.p12 ERR_SSL_VERSION_OR_CIPHER_MISMATCH

Hi,

I installed ejbca following the officials documentation using wildfly 22 and ejbca 7.9.0.2 all worked fine except that in the end when i installaed the superadmin.p12 certificate on differents browser i got this message error

ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Unsupported protocol
The client and server don't support a common SSL protocol version or cipher suite.

when using curl

curl --tlsv1.2 --tls-max 1.2 -v --cert-type P12 --cert /tmp/superadmin.p12:ejbca https://localhost:8443/ejbca/adminweb/
*   Trying 127.0.0.1:8443...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 8443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
 CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS alert, handshake failure (552):
* error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure
* Closing connection 0
curl: (35) error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure

thanks in advance.

Add End Entity Miss CA List after enable System Configuration Enable Session Timeout

env:primekey/ejbca-ce:latest

Before System Configuration > Enable Session Timeout Enabled
Add End Entity > Main Certificate Data > CA list is missing(empty)

Before:

After:

Integration EJBCA in docker container with SMTP server.

Hi,
I'm trying to integrate EJBCA Community 7.4.3.2 (docker image) with an SMTP server to send notifications via email from RA.
I set the SMTP_DESTINATION / PORT variables - the configuration in standalone.xml is changed correctly, but the problem appears when sending the notification - a problem with STARTTLS.
Unable to send email: : com.sun. mail.smtp.SMTPSendFailedException: 530 5.7.0 Must issue a STARTTLS command first

Command docker exec container_id printenv - it only shows SMTP_DESTINATION and PORT, STARTLS parameter is missing.

I'm using this suggestion https://sourceforge.net/p/ejbca/discussion/123122/thread/f2eea5ed74/#a04c/6040 but the problem with
email still occurs.

when launching the container, it adds JAVA_OPTS ( accoridng to https://javaee.github.io/javamail/docs/api/com/sun/mail/smtp/package-summary.html)
-e JAVA_OPTS=" -server -Xms128m -Xmx5626m -Xss256k -XX:MetaspaceSize=160m -XX:MaxMetaspaceSize=256m -XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:+ExitOnOutOfMemoryError -Djdk.tls.ephemeralDHKeySize=2048 -Djava.net.preferIPv4Stack=true -Djavax.net.debug=ssl:handshake -Xlog:gc*:verbose_gc.log:time -Djava.security.egd=file:/dev/random -Dcontainer.database.name=mysql -Dcontainer.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED -Dmail.smtp.starttls.enable=true"

but when sending the notification, the STARTLS error still appears

JAVA_OPTS already set in environment; overriding default settings with values: -server -Xms128m -Xmx5626m -Xss256k -XX:MetaspaceSize=160m -XX:MaxMetaspaceSize=256m -XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:+ExitOnOutOfMemoryError -Djdk.tls.ephemeralDHKeySize=2048 -Djava.net.preferIPv4Stack=true -Djavax.net.debug=ssl:handshake -Xlog:gc*:verbose_gc.log:time -Djava.security.egd=file:/dev/random -Dcontainer.database.name=mysql -Dcontainer.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED -Dmail.smtp.starttls.enable=true JAVA_OPTS: -server -Xms128m -Xmx5626m -Xss256k -XX:MetaspaceSize=160m -XX:MaxMetaspaceSize=256m -XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:+ExitOnOutOfMemoryError -Djdk.tls.ephemeralDHKeySize=2048 -Djava.net.preferIPv4Stack=true -Djavax.net.debug=ssl:handshake -Xlog:gc*:verbose_gc.log:time -Djava.security.egd=file:/dev/random -Dcontainer.database.name=mysql -Dcontainer.hibernate.dialect=org.hibernate.dialect.MySQL5Dialect -Dhibernate.dialect.storage_engine=innodb -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED -Dmail.smtp.starttls.enable=true --add-exports=java.base/sun.nio.ch=ALL-UNNAMED --add-exports=jdk.unsupported/sun.misc=ALL-UNNAMED --add-exports=jdk.unsupported/sun.reflect=ALL-UNNAMED 2022-04-14 01:28:42,738+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-1) 2022-04-14 01:28:42+00:00;RA_ADDENDENTITY;SUCCESS;RA;CORE;172.18.3.64 (TRANSPORT_CONFIDENTIAL);-20934253;;superadmin;msg=Added end entity superadmin.;caid=-20934253;cardnumber=;certificateprofileid=1;endentityprofileid=1;status=10;subjectAltName=;subjectDN=B64:Q049U3VwZXJBZG1pbg==;subjectEmail=;tokentype=2;type=1;username=superadmin 2022-04-14 01:41:03,269+0000 ERROR [org.ejbca.util.mail.MailSender] (default task-1) Unable to send email: : com.sun.mail.smtp.SMTPSendFailedException: 530 5.7.0 Must issue a STARTTLS command first at [email protected]//com.sun.mail.smtp.SMTPTransport.issueSendCommand(SMTPTransport.java:2374) at [email protected]//com.sun.mail.smtp.SMTPTransport.mailFrom(SMTPTransport.java:1808) at [email protected]//com.sun.mail.smtp.SMTPTransport.sendMessage(SMTPTransport.java:1285) at [email protected]//javax.mail.Transport.send0(Transport.java:231) at [email protected]//javax.mail.Transport.send(Transport.java:100) at deployment.ejbca.ear//org.ejbca.util.mail.MailSender.sendMailWithSession(MailSender.java:174)

Thanks for every suggestion.