0

I just finished deploying ejbca 6 on debian9 azure VM using this tutorial :

https://wiki.e-odyssey.net/ejbca/french-tuto

The installation succeeds, however : the ports 443,80 were closed

root@ejbcaDebian9:/home/ejbca# nmap <ejbca_public_ip>

Starting Nmap 7.40 ( https://nmap.org ) at 2021-07-01 16:43 UTC
Nmap scan report for my_ip
Host is up (0.0013s latency).
Not shown: 995 filtered ports
PORT     STATE  SERVICE
22/tcp   open   ssh
80/tcp   closed http
443/tcp  closed https
8080/tcp open   http-proxy
8443/tcp open   https-alt

tryed opening them with ufw and by adding networking inbound rules on azure But it didn't work so i rebooted the VM

after a reboot however : no port is open anymore

pki@ejbcaDebian9:~$ netstat -lapunta (No info could be read for "-p": geteuid()=1001 but you should be root.) Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN - tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN - tcp 0 36 172.18.0.4:22 51.144.166.96:37858 ESTABLISHED - tcp6 0 0 :::22 :::* LISTEN - udp 0 0 0.0.0.0:68 0.0.0.0:* -

pki@ejbcaDebian9~$ ps -aux | grep jboss
pki        716  0.0  0.0  11112   928 pts/0    S+   17:04   0:00 grep jboss
pki@ejbcaDebian9~$ ps -aux | grep wildfly
pki        723  0.0  0.0  11112   996 pts/0    S+   17:05   0:00 grep wildfly

and in the wildfly log we have this :

2021-07-01 16:22:43,402 INFO  [org.jboss.weld.Version] (MSC service thread 1-1) WELD-000900: 2.3.5 (Final)

2021-07-01 16:22:44,737 INFO  [org.cesecore.config.ConfigurationHolder] (MSC service thread 1-3) Allow external re-configuration: false

2021-07-01 16:22:44,737 DEBUG [org.cesecore.config.ConfigurationHolder] (MSC service thread 1-3) Add resource to configuration: /conf/cesecore.properties

2021-07-01 16:22:44,758 DEBUG [org.cesecore.config.ConfigurationHolder] (MSC service thread 1-3) Added url to configuration source: vfs:/content/ejbca.ear/lib/ejbca-properties.jar/conf/cesecore.properties

root@ejbcaDebian9 /opt/wildfly/standalone/log# tail -f server.log
2021-07-01 16:44:22,523 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0008: Undertow HTTPS listener httpspub suspending

2021-07-01 16:44:22,523 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0007: Undertow HTTPS listener httpspub stopped, was bound to 0.0.0.0:8442

2021-07-01 16:44:22,523 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0008: Undertow HTTP listener http suspending

2021-07-01 16:44:22,524 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-2) WFLYUT0007: Undertow HTTP listener http stopped, was bound to 0.0.0.0:8080
2021-07-01 16:44:22,537 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) WFLYSRV0208: Stopped subdeployment (runtime-name: ra-gui.war) in 311ms
2021-07-01 16:44:22,538 INFO  [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0004: Undertow 1.4.0.Final stopping

2021-07-01 16:44:22,545 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-4) WFLYSRV0208: Stopped subdeployment (runtime-name: doc.war) in 319ms

2021-07-01 16:44:22,551 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0208: Stopped subdeployment (runtime-name: adminweb.war) in 340ms

2021-07-01 16:44:22,564 INFO  [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0028: Stopped deployment ejbca.ear (runtime-name: ejbca.ear) in 352ms

2021-07-01 16:44:22,567 INFO  [org.jboss.as] (MSC service thread 1-4) WFLYSRV0050: WildFly Full 10.1.0.Final (WildFly Core 2.2.0.Final) stopped in 280ms

systemctl status wildfly doesn't work. Seems like this type of ejbca setup does't enable me to restart ejbca or wildfly services.

Iam wondering if it's not a persistance problem ?

docker_compose
  • 1
  • 1

1 Answers1

0

Your log tells me that WildFly was shut down. If you look further up in the logfile you should see some reason for the shutdown (unless you pressed ctrl-c). The guide you are following is rather old though, using a since long outdated version of EJBCA. I would suggest using the latest release of EJBCA instead from https://www.ejbca.org/

primetomas
  • 524
  • 2
  • 5
  • Thank you for your answer.Yes i reboot the VM I just don't understand why i get closed ports after install completes. I tryed differents linux distributions , ejbca, wildfly versions. Is ejbca compatible with azure VMs? i have opened ejbca ports on the azure networking /firewall and also opened ports via ufw on the VM itself. – docker_compose Jul 02 '21 at 08:17
  • "systemctl restart wildfly" doesn't work here. Is it linked to ejbca 6 ? – docker_compose Jul 02 '21 at 08:19
  • Yes, EJBCA is compatible with Azure. You can find EJBCA in Azure Marketplace. Perhaps it's a good idea to start a free Azure EJBCA Enterprise trial, then you can look at the configuration there. You can find the link to Azure from ejbca.org. https://www.ejbca.org/download/ – primetomas Jul 03 '21 at 09:09
  • Ok, i'll do it. In the mean time i was able to do the quick install for ejbca 7 on my personnal virtualbox VM. And it worked fine (appart from the fact my p12 password was not recognized ) but it worked for the public part. then i just rebooted my VM and now nothing works. How can i reload wildfly service in the quick install because i don't see wildfly running. In the normal install i was able to reload the service easily – docker_compose Jul 03 '21 at 09:44
  • I believe it's not installed as a service in the quick install. To start you change to the wildfly directory and run with bin/standalone.sh. – primetomas Jul 07 '21 at 08:38
  • I finally was able to make it work. But i had to manually insert in the database the superadmin password and hashed password and status. – docker_compose Jul 08 '21 at 09:04