I want ot use EJBCA with Wildfly (JBoss) application server as PKI infrastructure.
I can access
http://127.0.0.1:8080/ejbca/
https://127.0.0.1:8442/ejbca/
but not
https://127.0.0.1:8443/ejbca/adminweb/
Then I will get with Firefox:
The connection to 127.0.0.1:8443 was interrupted while the was loading
With wireshark I can see the FIN ACKs of the application server.
I am using Ubuntu 16.04.2 LTS AMD64 virtual machine with Java
java -version
openjdk version “1.8.0_131”
OpenJDK Runtime Environment (build 1.8.0_131-8u131-b11-0ubuntu1.16.04.2-b11)
OpenJDK 64-Bit Server VM (build 25.131-b11, mixed mode)
and with EJBCA ejbca_ce_6_5.0.5.zip
and with Wildfly (JBoss) application server wildfly-10.0.0.Final.zip
and with MariaDB which seems to work well except above mentioned Administration access in the GUI.
The configuration is similar to this I found on the EJBCA install page. It seems, that the part with port 8443 was not correctly configured. Do you have a hint for me to find a solution for my problem?
Regards
drnie
For configuration details please have a look at the following lines:
----------------------- BEGIN CONFIG -----------------------
configuring MariaDB after unzipping as User ejbca configured the following files
setting the keystore password
$EJBCA_HOME /conf/cesecore.properties
setting database properties (DB name, DB url, DB driver, DB user name and DB password)
$EJBCA_HOME /conf/database.properties
setting cms keystore password and app server home
$EJBCA_HOME /conf/ejbca.properties
kept all settings ...
$EJBCA_HOME /conf/install.properties
Added Management user with
cd /home/ejbca/wildfly-10.0.0.Final/bin/
./add-user.sh
started Wildfly app server
--- Add datasource ---
opened the Call Level Interface
/home/ejbca/wildfly-10.0.0.Final/bin/jboss-cli.sh -c
entered the commands
data-source add --name=ejbcads --driver-name="mariadb-java-client-1.2.0.jar" --connection-url="jdbc:mysql://127.0.0.1:3306/ejbca" --jndi-name="java:/EjbcaDS" --use-ccm=true --driver-class="org.mariadb.jdbc.Driver" --user-name="ejbca" --password="ejbca" --validate-on-match=true --background-validation=false --prepared-statements-cache-size=50 --share-prepared-statements=true --min-pool-size=5 --max-pool-size=150 --pool-prefill=true --transaction-isolation=TRANSACTION_READ_COMMITTED --check-valid-connection-sql="select 1;"
:reload
--- Configure WildFly Remoting ---
/subsystem=remoting/http-connector=http-remoting-connector:remove
/subsystem=remoting/http-connector=http-remoting-connector:add(connector-ref="remoting",security-realm="ApplicationRealm")
/socket-binding-group=standard-sockets/socket-binding=remoting:add(port="4447")
/subsystem=undertow/server=default-server/http-listener=remoting:add(socket-binding=remoting)
:reload
--- Configure logging ---
/subsystem=logging/logger=org.ejbca:add
/subsystem=logging/logger=org.ejbca:write-attribute(name=level, value=DEBUG)
/subsystem=logging/logger=org.cesecore:add
/subsystem=logging/logger=org.cesecore:write-attribute(name=level, value=DEBUG)
:reload
--- Remove existing TLS and HTTP configuration ---
/subsystem=undertow/server=default-server/http-listener=default:remove
/subsystem=undertow/server=default-server/https-listener=https:remove
/socket-binding-group=standard-sockets/socket-binding=http:remove
/socket-binding-group=standard-sockets/socket-binding=https:remove
:reload
quitting CLI shell
restarted wildfly app server
--- Deploy EJBCA ---
ant clean deployear
--- Run install ---
ant runinstall
--- Deploy TLS keystores to WildFly ---
ant deploy-keystore
in the CLI shell
/interface=http:add(inet-address="0.0.0.0")
/interface=httpspub:add(inet-address="0.0.0.0")
/interface=httpspriv:add(inet-address="0.0.0.0")
/socket-binding-group=standard-sockets/socket-binding=http:add(port="8080",interface="http")
/subsystem=undertow/server=default-server/http-listener=http:add(socket-binding=http)
/subsystem=undertow/server=default-server/http-listener=http:write-attribute(name=redirect-socket, value="httpspriv")
:reload
waiting for reload to complete Configure identities and socket bindings:
/core-service=management/security-realm=SSLRealm:add()
/core-service=management/security-realm=SSLRealm/server-identity=ssl:add(keystore-path="${jboss.server.config.dir}/keystore/keystore.jks", keystore-password="serverpwd", alias="localhost")
/core-service=management/security-realm=SSLRealm/authentication=truststore:add(keystore-path="${jboss.server.config.dir}/keystore/truststore.jks", keystore-password="changeit")
/socket-binding-group=standard-sockets/socket-binding=httpspriv:add(port="8443",interface="httpspriv")
/socket-binding-group=standard-sockets/socket-binding=httpspub:add(port="8442", interface="httpspub")
restart the application server completely and then
/subsystem=undertow/server=default-server/https-listener=httpspriv:add(socket-binding=httpspriv, security-realm="SSLRealm", verify-client=REQUIRED)
/subsystem=undertow/server=default-server/https-listener=httpspub:add(socket-binding=httpspub, security-realm="SSLRealm")
:reload
--- Finalize Wildfly configurations ---
/system-property=org.apache.tomcat.util.buf.UDecoder.ALLOW_ENCODED_SLASH:add(value=true)
/system-property=org.apache.catalina.connector.CoyoteAdapter.ALLOW_BACKSLASH:add(value=true)
/system-property=org.apache.catalina.connector.URI_ENCODING:add(value="UTF-8")
/system-property=org.apache.catalina.connector.USE_BODY_ENCODING_FOR_QUERY_STRING:add(value=true)
/subsystem=webservices:write-attribute(name=wsdl-host, value=jbossws.undefined.host)
/subsystem=webservices:write-attribute(name=modify-wsdl-address, value=true)
:reload
----------------------- END CONFIG -----------------------
