ejbca-ce icon indicating copy to clipboard operation
ejbca-ce copied to clipboard
verified publisher icon Keyfactor

Cannot select certificate

Open BlackAnt1968601851 opened this issue 6 months ago • 3 comments

I installed ejbca 9 onto my pc using wildfly and ant, and I got it hosted but it keeps complaining about "No client certificate was presented"

Image

my log says this 2025-06-29 09:16:14,386 ERROR [org.ejbca.ui.web.admin.configuration.EjbcaJSFHelperImpl] (default task-2) Failed to initialize EjbcaWebBean: org.cesecore.authentication.AuthenticationNotProvidedException: Client certificate or OAuth bearer token required.

is there something I am missing? I have been trying to get this to work for atleast a year now. I don't want to buy windows server to just have a OCSP Responder or use docker containers.

I have the cert installed in firefox, I even tried private window and etc all the solutions in other github issues but I can't seem to get it to work, I also can't run docker commands since this is not a docker install

my ejbca config files and wildfly config files can be viewed here https://drive.google.com/file/d/15hObkhAcDBgvALQ2G0RHdVEXVTgx2KJe/view?usp=sharing

BlackAnt1968601851 avatar Jun 29 '25 13:06 BlackAnt1968601851

too long to put into original post but here's what the log says

	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.configuration.EjbcaWebBeanImpl.initializeInternal(EjbcaWebBeanImpl.java:307)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.configuration.EjbcaWebBeanImpl.initialize(EjbcaWebBeanImpl.java:270)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.configuration.EjbcaJSFHelperImpl.getEjbcaWebBean(EjbcaJSFHelperImpl.java:145)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.BaseManagedBean.getEjbcaWebBean(BaseManagedBean.java:82)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.BaseManagedBean.authorizedResources(BaseManagedBean.java:75)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.CheckAdmin.authorizedResources(CheckAdmin.java:48)
	at java.base/jdk.internal.reflect.DirectMethodHandleAccessor.invoke(DirectMethodHandleAccessor.java:103)
	at java.base/java.lang.reflect.Method.invoke(Method.java:580)
	at [email protected]//org.glassfish.expressly.util.ReflectionUtil.invokeMethod(ReflectionUtil.java:186)
	at [email protected]//org.glassfish.expressly.parser.AstValue.invoke(AstValue.java:253)
	at [email protected]//org.glassfish.expressly.MethodExpressionImpl.invoke(MethodExpressionImpl.java:248)
	at [email protected]//org.jboss.weld.module.web.util.el.ForwardingMethodExpression.invoke(ForwardingMethodExpression.java:40)
	at [email protected]//org.jboss.weld.module.web.el.WeldMethodExpression.invoke(WeldMethodExpression.java:50)
	at [email protected]//com.sun.faces.facelets.el.TagMethodExpression.invoke(TagMethodExpression.java:70)
	at [email protected]//com.sun.faces.facelets.tag.faces.core.DeclarativeSystemEventListener.processEvent(EventHandler.java:105)
	at [email protected]//jakarta.faces.component.UIComponent$ComponentSystemEventListenerAdapter.processEvent(UIComponent.java:2017)
	at [email protected]//jakarta.faces.event.SystemEvent.processListener(SystemEvent.java:124)
	at [email protected]//jakarta.faces.event.ComponentSystemEvent.processListener(ComponentSystemEvent.java:109)
	at [email protected]//com.sun.faces.application.applicationimpl.Events.processListeners(Events.java:242)
	at [email protected]//com.sun.faces.application.applicationimpl.Events.invokeComponentListenersFor(Events.java:177)
	at [email protected]//com.sun.faces.application.applicationimpl.Events.publishEvent(Events.java:98)
	at [email protected]//com.sun.faces.application.ApplicationImpl.publishEvent(ApplicationImpl.java:120)
	at [email protected]//com.sun.faces.application.ApplicationImpl.publishEvent(ApplicationImpl.java:112)
	at [email protected]//jakarta.faces.application.ApplicationWrapper.publishEvent(ApplicationWrapper.java:660)
	at [email protected]//com.sun.faces.lifecycle.RenderResponsePhase.execute(RenderResponsePhase.java:81)
	at [email protected]//com.sun.faces.lifecycle.Phase.doPhase(Phase.java:72)
	at [email protected]//com.sun.faces.lifecycle.LifecycleImpl.render(LifecycleImpl.java:150)
	at [email protected]//jakarta.faces.webapp.FacesServlet.executeLifecyle(FacesServlet.java:692)
	at [email protected]//jakarta.faces.webapp.FacesServlet.service(FacesServlet.java:449)
	at [email protected]//io.undertow.servlet.handlers.ServletHandler.handleRequest(ServletHandler.java:74)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:129)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.NoCacheFilter.doFilter(NoCacheFilter.java:68)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear//org.owasp.filters.ContentSecurityPolicyFilter.doFilter(ContentSecurityPolicyFilter.java:151)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at deployment.ejbca.ear.adminweb.war//org.ejbca.ui.web.admin.ProxiedAuthenticationFilter.doFilter(ProxiedAuthenticationFilter.java:104)
	at [email protected]//io.undertow.servlet.core.ManagedFilter.doFilter(ManagedFilter.java:67)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler$FilterChainImpl.doFilter(FilterHandler.java:131)
	at [email protected]//io.undertow.servlet.handlers.FilterHandler.handleRequest(FilterHandler.java:84)
	at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityRoleHandler.handleRequest(ServletSecurityRoleHandler.java:62)
	at [email protected]//io.undertow.servlet.handlers.ServletChain$1.handleRequest(ServletChain.java:68)
	at [email protected]//io.undertow.servlet.handlers.ServletDispatchingHandler.handleRequest(ServletDispatchingHandler.java:36)
	at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.lambda$handleRequest$1(ElytronRunAsHandler.java:68)
	at [email protected]//org.wildfly.security.auth.server.FlexibleIdentityAssociation.runAsFunctionEx(FlexibleIdentityAssociation.java:103)
	at [email protected]//org.wildfly.security.auth.server.Scoped.runAsFunctionEx(Scoped.java:161)
	at [email protected]//org.wildfly.security.auth.server.Scoped.runAs(Scoped.java:73)
	at [email protected]//org.wildfly.elytron.web.undertow.server.ElytronRunAsHandler.handleRequest(ElytronRunAsHandler.java:67)
	at [email protected]//io.undertow.servlet.handlers.RedirectDirHandler.handleRequest(RedirectDirHandler.java:68)
	at [email protected]//io.undertow.servlet.handlers.security.SSLInformationAssociationHandler.handleRequest(SSLInformationAssociationHandler.java:117)
	at [email protected]//io.undertow.servlet.handlers.security.ServletAuthenticationCallHandler.handleRequest(ServletAuthenticationCallHandler.java:57)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.security.handlers.AuthenticationConstraintHandler.handleRequest(AuthenticationConstraintHandler.java:53)
	at [email protected]//io.undertow.security.handlers.AbstractConfidentialityHandler.handleRequest(AbstractConfidentialityHandler.java:46)
	at [email protected]//io.undertow.servlet.handlers.security.ServletConfidentialityConstraintHandler.handleRequest(ServletConfidentialityConstraintHandler.java:64)
	at [email protected]//io.undertow.servlet.handlers.security.ServletSecurityConstraintHandler.handleRequest(ServletSecurityConstraintHandler.java:60)
	at [email protected]//io.undertow.security.handlers.AbstractSecurityContextAssociationHandler.handleRequest(AbstractSecurityContextAssociationHandler.java:43)
	at org.wildfly.security.elytron-web.undertow-server-servlet@4.1.0.Final//org.wildfly.elytron.web.undertow.server.servlet.CleanUpHandler.handleRequest(CleanUpHandler.java:38)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//org.wildfly.extension.undertow.security.jacc.JACCContextIdHandler.handleRequest(JACCContextIdHandler.java:44)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//org.wildfly.extension.undertow.deployment.GlobalRequestControllerHandler.handleRequest(GlobalRequestControllerHandler.java:51)
	at [email protected]//io.undertow.servlet.handlers.SendErrorPageHandler.handleRequest(SendErrorPageHandler.java:52)
	at [email protected]//io.undertow.server.handlers.PredicateHandler.handleRequest(PredicateHandler.java:43)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleFirstRequest(ServletInitialHandler.java:276)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:135)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler$2.call(ServletInitialHandler.java:132)
	at [email protected]//io.undertow.servlet.core.ServletRequestContextThreadSetupAction$1.call(ServletRequestContextThreadSetupAction.java:48)
	at [email protected]//io.undertow.servlet.core.ContextClassLoaderSetupAction$1.call(ContextClassLoaderSetupAction.java:43)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at [email protected]//org.wildfly.extension.undertow.deployment.UndertowDeploymentInfoService$UndertowThreadSetupAction.lambda$create$0(UndertowDeploymentInfoService.java:1421)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.dispatchRequest(ServletInitialHandler.java:256)
	at [email protected]//io.undertow.servlet.handlers.ServletInitialHandler.handleRequest(ServletInitialHandler.java:176)
	at [email protected]//org.wildfly.extension.undertow.deployment.ComponentStartupCountdownHandler.handleRequest(ComponentStartupCountdownHandler.java:39)
	at [email protected]//io.undertow.server.handlers.HttpContinueReadHandler.handleRequest(HttpContinueReadHandler.java:69)
	at [email protected]//io.undertow.server.handlers.PathHandler.handleRequest(PathHandler.java:104)
	at [email protected]//org.wildfly.extension.undertow.Host$OptionsHandler.handleRequest(Host.java:402)
	at [email protected]//io.undertow.server.handlers.HttpContinueReadHandler.handleRequest(HttpContinueReadHandler.java:69)
	at [email protected]//org.wildfly.extension.undertow.Host$AcmeResourceHandler.handleRequest(Host.java:424)
	at [email protected]//io.undertow.server.Connectors.executeRootHandler(Connectors.java:395)
	at [email protected]//io.undertow.server.HttpServerExchange$1.run(HttpServerExchange.java:861)
	at [email protected]//org.jboss.threads.ContextClassLoaderSavingRunnable.run(ContextClassLoaderSavingRunnable.java:35)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor.safeRun(EnhancedQueueExecutor.java:1990)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.doRunTask(EnhancedQueueExecutor.java:1486)
	at [email protected]//org.jboss.threads.EnhancedQueueExecutor$ThreadBody.run(EnhancedQueueExecutor.java:1348)
	at [email protected]//org.xnio.XnioWorker$WorkerThreadFactory$1$1.run(XnioWorker.java:1282)
	at java.base/java.lang.Thread.run(Thread.java:1583)```

BlackAnt1968601851 avatar Jun 29 '25 22:06 BlackAnt1968601851

another pc outside my network had the same certificate error

Image

BlackAnt1968601851 avatar Jun 29 '25 22:06 BlackAnt1968601851

I see you used the "Use 2-port separation configuration". Redo the TLS configuration and use the 3-post separation instead. I've never liked the 2-post configuration.

Make sure you install superadmin.p12 into you web browser, and with 3-post separation you should be prompter to select your certificate with accessing on port 8443.

primetomas avatar Jun 30 '25 06:06 primetomas

I couldn't find documentations for running it on windows so I had go based off of a video here's the said video

https://www.youtube.com/watch?v=qA45xR7GNYU

BlackAnt1968601851 avatar Jul 01 '25 11:07 BlackAnt1968601851

Thanks. There is very little linux specific in the official installation instructions. I'd say follow this, and just don't use "Galleon". https://docs.keyfactor.com/ejbca/latest/ejbca-installation And use 3-port separation.

A video on the internet for an older version of EJBCA, that will usually require a lot of you to not end up with problems. Just go with the official instructions and ask questions on specifics there.

Docker for windows works well nowadays though, it's really the easiest way to get started, and one of the best ways to run in production as well. Highly recommended if you are not really savvy.

primetomas avatar Jul 01 '25 15:07 primetomas