env TLS_SETUP_ENABLED true doesn't create a ManagementCA
Closed this issue · 12 comments
chuegel commented
Using the value
TLS_SETUP_ENABLED: "true"
on a fresh installation doesn't create the ManagementCA. The variable is available inside the container though:
k exec -it -n apps keyfactor-ejbca-community-helm-d9bc5dd6-lnc2t -- sh
sh-4.4$ set | grep TLS
SMTP_TLS_ENABLED=false
TLS_SETUP_ENABLED=trueThe same happens with TLS_SETUP_ENABLED: "simple"
svenska-primekey commented
Have you reviewed the container logs when it started up to see what happened? Asserting simple is the default setting if this setting is not asserted.
chuegel commented
The pod seems to start normal but I have to test the deployment in our test cluster
Shouldn't the ManagementCA be created also with TLS_SETUP_ENABLED: "simple"?
Anyways, I created the ManagementCA manually so it's not a big deal
Edit:
these are the startup logs from the container on a fresh installation (ejbca 8.2.0.1 , k8s 1.27, external PostgreSQL cluster)
2024-03-22 13:25:46,581+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Configure logging for Application Server
2024-03-22 13:25:46,599+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Configure logging for ejbca
2024-03-22 13:25:46,619+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) uid=10001 gid=0(root) groups=0(root)
2024-03-22 13:25:46,767+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Detected 4 available core(s).
2024-03-22 13:25:46,790+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Detected 33609609216 bytes available host memory.
2024-03-22 13:25:46,810+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Observable at 0.0.0.0:8090 under paths: /health /health/ready /health/live /metrics
2024-03-22 13:25:46,844+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) LOG_LEVEL_APP_OCSP_TRANSACTIONS setting is depricated and does nothing
2024-03-22 13:25:46,854+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) LOG_LEVEL_APP_OCSP_AUDIT setting is depricated and does nothing
2024-03-22 13:25:46,864+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) PostgreSQL database.
2024-03-22 13:25:46,897+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Looking for plugins to import and initialize under /opt/keyfactor/ejbca/plugins/.
2024-03-22 13:25:46,930+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) External hostname env.HTTPSERVER_HOSTNAME is set to 'pki.example.tech'.
2024-03-22 13:25:46,944+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Cluster Node ID is set to '6i62v6cvpjmzkimojs'.
2024-03-22 13:25:46,961+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Setting the password.encryption.key.
2024-03-22 13:25:46,971+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Setting the ca.keystorepass.
2024-03-22 13:25:46,980+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Using provided CLI username and secret
2024-03-22 13:25:48,837+0000 INFO [org.apache.commons.beanutils.FluentPropertyBeanIntrospector] (main) Error when creating PropertyDescriptor for public final void org.apache.commons.configuration2.AbstractConfiguration.setProperty(java.lang.String,java.lang.Object)! Ignoring this property.
2024-03-22 13:25:49,228+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Connected.
2024-03-22 13:25:49,248+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'SELECT 1' -> hit
2024-03-22 13:25:49,250+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Done.
2024-03-22 13:25:51,012+0000 INFO [org.apache.commons.beanutils.FluentPropertyBeanIntrospector] (main) Error when creating PropertyDescriptor for public final void org.apache.commons.configuration2.AbstractConfiguration.setProperty(java.lang.String,java.lang.Object)! Ignoring this property.
2024-03-22 13:25:51,381+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Connected.
2024-03-22 13:25:51,400+0000 ERROR [org.ejbca.ui.cli.jdbc.JdbcTool] (main) ERROR: relation "globalconfigurationdata" does not exist
Position: 24
2024-03-22 13:25:51,401+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Done.
2024-03-22 13:25:51,442+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Creating database tables...
2024-03-22 13:25:52,923+0000 INFO [org.apache.commons.beanutils.FluentPropertyBeanIntrospector] (main) Error when creating PropertyDescriptor for public final void org.apache.commons.configuration2.AbstractConfiguration.setProperty(java.lang.String,java.lang.Object)! Ignoring this property.
2024-03-22 13:25:53,036+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Loading SQL script '/opt/keyfactor/ejbca/doc/sql-scripts/create-tables-ejbca-postgres.sql' with 479 lines.
2024-03-22 13:25:53,209+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Connected.
2024-03-22 13:25:53,240+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AccessRulesData ( pK INT4 NOT NULL, accessRule TEXT NOT NULL, isRecursive BOOLEAN NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, rule INT4 NOT NULL, AdminGroupData_accessRules INT4, PRIMARY KEY (pK) )' -> 0
2024-03-22 13:25:53,248+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AdminEntityData ( pK INT4 NOT NULL, cAId INT4 NOT NULL, matchType INT4 NOT NULL, matchValue TEXT, matchWith INT4 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, tokenType TEXT, AdminGroupData_adminEntities INT4, PRIMARY KEY (pK) )' -> 0
2024-03-22 13:25:53,255+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AdminGroupData ( pK INT4 NOT NULL, adminGroupName TEXT NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (pK) )' -> 0
2024-03-22 13:25:53,265+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AdminPreferencesData ( id TEXT NOT NULL, data BYTEA NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,278+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE ApprovalData ( id INT4 NOT NULL, approvalData TEXT NOT NULL, approvalId INT4 NOT NULL, approvalType INT4 NOT NULL, cAId INT4 NOT NULL, endEntityProfileId INT4 NOT NULL, expireDate INT8 NOT NULL, remainingApprovals INT4 NOT NULL, subjectDn TEXT, email TEXT, reqAdminCertIssuerDn TEXT, reqAdminCertSn TEXT, requestData TEXT NOT NULL, requestDate INT8 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, status INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,287+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AuditRecordData ( pk TEXT NOT NULL, additionalDetails TEXT, authToken TEXT NOT NULL, customId TEXT, eventStatus TEXT NOT NULL, eventType TEXT NOT NULL, module TEXT NOT NULL, nodeId TEXT NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, searchDetail1 TEXT, searchDetail2 TEXT, sequenceNumber INT8 NOT NULL, service TEXT NOT NULL, timeStamp INT8 NOT NULL, PRIMARY KEY (pk) )' -> 0
2024-03-22 13:25:53,294+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AuthorizationTreeUpdateData ( pK INT4 NOT NULL, authorizationTreeUpdateNumber INT4 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (pK) )' -> 0
2024-03-22 13:25:53,301+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE Base64CertData ( fingerprint TEXT NOT NULL, base64Cert TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, certificateRequest TEXT, PRIMARY KEY (fingerprint) )' -> 0
2024-03-22 13:25:53,310+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE CAData ( cAId INT4 NOT NULL, data TEXT NOT NULL, expireTime INT8 NOT NULL, name TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, status INT4 NOT NULL, subjectDN TEXT, updateTime INT8 NOT NULL, PRIMARY KEY (cAId) )' -> 0
2024-03-22 13:25:53,317+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE CRLData ( fingerprint TEXT NOT NULL, base64Crl TEXT NOT NULL, cAFingerprint TEXT NOT NULL, crlPartitionIndex INT4, cRLNumber INT4 NOT NULL, deltaCRLIndicator INT4 NOT NULL, issuerDN TEXT NOT NULL, nextUpdate INT8 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, thisUpdate INT8 NOT NULL, PRIMARY KEY (fingerprint) )' -> 0
2024-03-22 13:25:53,327+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE CertReqHistoryData ( fingerprint TEXT NOT NULL, issuerDN TEXT NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, serialNumber TEXT NOT NULL, timestamp INT8 NOT NULL, userDataVO TEXT NOT NULL, username TEXT NOT NULL, PRIMARY KEY (fingerprint) )' -> 0
2024-03-22 13:25:53,336+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE CertificateData ( fingerprint TEXT NOT NULL, base64Cert TEXT, cAFingerprint TEXT, certificateProfileId INT4 NOT NULL, endEntityProfileId INT4, crlPartitionIndex INT4, expireDate INT8 NOT NULL, issuerDN TEXT NOT NULL, notBefore INT8, invalidityDate INT8, revocationDate INT8 NOT NULL, revocationReason INT4 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, serialNumber TEXT NOT NULL, status INT4 NOT NULL, subjectAltName TEXT, subjectDN TEXT NOT NULL, subjectKeyId TEXT, accountBindingId TEXT, tag TEXT, type INT4 NOT NULL, updateTime INT8 NOT NULL, username TEXT, certificateRequest TEXT, PRIMARY KEY (fingerprint) )' -> 0
2024-03-22 13:25:53,343+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE CertificateProfileData ( id INT4 NOT NULL, certificateProfileName TEXT NOT NULL, data BYTEA NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,349+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE CryptoTokenData ( id INT4 NOT NULL, lastUpdate INT8 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, tokenData TEXT, tokenName TEXT NOT NULL, tokenProps TEXT, tokenType TEXT NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,355+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE EndEntityProfileData ( id INT4 NOT NULL, data BYTEA NOT NULL, profileName TEXT NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,362+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE GlobalConfigurationData ( configurationId TEXT NOT NULL, data BYTEA NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (configurationId) )' -> 0
2024-03-22 13:25:53,368+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE InternalKeyBindingData ( id INT4 NOT NULL, certificateId TEXT, cryptoTokenId INT4 NOT NULL, keyBindingType TEXT NOT NULL, keyPairAlias TEXT NOT NULL, lastUpdate INT8 NOT NULL, name TEXT NOT NULL, rawData TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, status TEXT NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,375+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE KeyRecoveryData ( certSN TEXT NOT NULL, issuerDN TEXT NOT NULL, cryptoTokenId INT4 DEFAULT 0 NOT NULL, keyAlias TEXT, keyData TEXT NOT NULL, markedAsRecoverable BOOLEAN NOT NULL, publicKeyId TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, username TEXT, PRIMARY KEY (certSN, issuerDN) )' -> 0
2024-03-22 13:25:53,382+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE PeerData ( id INT4 NOT NULL, connectorState INT4 NOT NULL, data TEXT, name TEXT NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, url TEXT NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,388+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE ProfileData ( id INT4 NOT NULL, profileName TEXT NOT NULL, profileType TEXT NOT NULL, rawData TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,394+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE PublisherData ( id INT4 NOT NULL, data TEXT, name TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, updateCounter INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,400+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE PublisherQueueData ( pk TEXT NOT NULL, fingerprint TEXT, lastUpdate INT8 NOT NULL, publishStatus INT4 NOT NULL, publishType INT4 NOT NULL, publisherId INT4 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, timeCreated INT8 NOT NULL, tryCounter INT4 NOT NULL, volatileData TEXT, PRIMARY KEY (pk) )' -> 0
2024-03-22 13:25:53,408+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE BlacklistData ( id INT4 NOT NULL, type TEXT NOT NULL, value TEXT NOT NULL, data TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, updateCounter INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,417+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE RoleData ( id INT4 NOT NULL, roleName TEXT NOT NULL, nameSpace TEXT, rawData TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,423+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE RoleMemberData ( primaryKey INT4 NOT NULL, tokenType TEXT NOT NULL, tokenIssuerId INT4 NOT NULL, tokenProviderId INT4 DEFAULT 0 NOT NULL, tokenMatchKey INT4 NOT NULL, tokenMatchOperator INT4 NOT NULL, tokenMatchValue TEXT, roleId INT4 NOT NULL, description TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (primaryKey) )' -> 0
2024-03-22 13:25:53,431+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE ServiceData ( id INT4 NOT NULL, data TEXT, name TEXT NOT NULL, nextRunTimeStamp INT8 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, runTimeStamp INT8 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,440+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE UserData ( username TEXT NOT NULL, cAId INT4 NOT NULL, cardNumber TEXT, certificateProfileId INT4 NOT NULL, clearPassword TEXT, endEntityProfileId INT4 NOT NULL, extendedInformationData TEXT, hardTokenIssuerId INT4 NOT NULL, keyStorePassword TEXT, passwordHash TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, status INT4 NOT NULL, subjectAltName TEXT, subjectDN TEXT, subjectEmail TEXT, timeCreated INT8 NOT NULL, timeModified INT8 NOT NULL, tokenType INT4 NOT NULL, type INT4 NOT NULL, PRIMARY KEY (username) )' -> 0
2024-03-22 13:25:53,447+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE UserDataSourceData ( id INT4 NOT NULL, data TEXT, name TEXT NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, updateCounter INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,454+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE NoConflictCertificateData ( id TEXT NOT NULL, fingerprint TEXT NOT NULL, base64Cert TEXT, cAFingerprint TEXT, certificateProfileId INT4 NOT NULL, endEntityProfileId INT4, crlPartitionIndex INT4, expireDate INT8 NOT NULL, issuerDN TEXT NOT NULL, notBefore INT8, invalidityDate INT8, revocationDate INT8 NOT NULL, revocationReason INT4 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, serialNumber TEXT NOT NULL, status INT4 NOT NULL, subjectAltName TEXT, subjectDN TEXT NOT NULL, subjectKeyId TEXT, accountBindingId TEXT, tag TEXT, type INT4 NOT NULL, updateTime INT8 NOT NULL, username TEXT, certificateRequest TEXT, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,463+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AcmeNonceData ( nonce TEXT NOT NULL, timeExpires INT8 NOT NULL, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (nonce) )' -> 0
2024-03-22 13:25:53,471+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AcmeAccountData ( accountId TEXT NOT NULL, currentKeyId TEXT NOT NULL, rawData TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (accountId) )' -> 0
2024-03-22 13:25:53,478+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AcmeOrderData ( orderId TEXT NOT NULL, accountId TEXT NOT NULL, fingerprint TEXT, status TEXT NOT NULL, rawData TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (orderId) )' -> 0
2024-03-22 13:25:53,487+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AcmeChallengeData ( challengeId TEXT NOT NULL, authorizationId TEXT NOT NULL, type TEXT NOT NULL, rawData TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (challengeId) )' -> 0
2024-03-22 13:25:53,496+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE AcmeAuthorizationData ( authorizationId TEXT NOT NULL, identifier TEXT, identifierType TEXT, expires INT8, status TEXT, orderId TEXT, accountId TEXT NOT NULL, rawData TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (authorizationId) )' -> 0
2024-03-22 13:25:53,504+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE SctData ( pk TEXT NOT NULL, logId INT4 NOT NULL, fingerprint TEXT NOT NULL, certificateExpirationDate INT8 NOT NULL, data TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (pk) )' -> 0
2024-03-22 13:25:53,511+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE OcspResponseData ( id TEXT NOT NULL, serialNumber TEXT NOT NULL, producedAt INT8 NOT NULL, nextUpdate INT8, ocspResponse BYTEA, cAId INT4, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (id) )' -> 0
2024-03-22 13:25:53,518+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE TABLE IncompleteIssuanceJournalData ( serialNumberAndCaId TEXT NOT NULL, startTime INT8 NOT NULL, rawData TEXT, rowProtection TEXT, rowVersion INT4 NOT NULL, PRIMARY KEY (serialNumberAndCaId) )' -> 0
2024-03-22 13:25:53,523+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'alter table AccessRulesData add constraint FKABB4C1DFDBBC970 foreign key (AdminGroupData_accessRules) references AdminGroupData' -> 0
2024-03-22 13:25:53,526+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'alter table AdminEntityData add constraint FKD9A99EBCB3A110AD foreign key (AdminGroupData_adminEntities) references AdminGroupData' -> 0
2024-03-22 13:25:53,527+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Done.
2024-03-22 13:25:53,559+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Applying recommended database indexes...
2024-03-22 13:25:55,094+0000 INFO [org.apache.commons.beanutils.FluentPropertyBeanIntrospector] (main) Error when creating PropertyDescriptor for public final void org.apache.commons.configuration2.AbstractConfiguration.setProperty(java.lang.String,java.lang.Object)! Ignoring this property.
2024-03-22 13:25:55,208+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Loading SQL script '/opt/keyfactor/ejbca/doc/sql-scripts/create-index-ejbca.sql' with 129 lines.
2024-03-22 13:25:55,430+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Connected.
2024-03-22 13:25:55,442+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE UNIQUE INDEX auditrecorddata_idx2 ON AuditRecordData (nodeId,sequenceNumber)' -> 0
2024-03-22 13:25:55,448+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX auditrecorddata_idx3 ON AuditRecordData (timeStamp)' -> 0
2024-03-22 13:25:55,453+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX auditrecorddata_idx4 ON AuditRecordData (searchDetail2)' -> 0
2024-03-22 13:25:55,459+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX crldata_idx5 ON CRLData(cRLNumber, issuerDN, crlPartitionIndex)' -> 0
2024-03-22 13:25:55,469+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE UNIQUE INDEX crldata_idx6 ON CRLData(issuerDN, crlPartitionIndex, deltaCRLIndicator, cRLNumber)' -> 0
2024-03-22 13:25:55,474+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE UNIQUE INDEX cadata_idx1 ON CAData (name)' -> 0
2024-03-22 13:25:55,480+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx2 ON CertificateData (username)' -> 0
2024-03-22 13:25:55,485+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx4 ON CertificateData (subjectDN)' -> 0
2024-03-22 13:25:55,490+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx5 ON CertificateData (type)' -> 0
2024-03-22 13:25:55,495+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx6 ON CertificateData (issuerDN,status)' -> 0
2024-03-22 13:25:55,500+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx7 ON CertificateData(certificateProfileId)' -> 0
2024-03-22 13:25:55,505+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx11 ON CertificateData (subjectKeyId)' -> 0
2024-03-22 13:25:55,510+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'DELETE FROM CertificateData WHERE fingerprint='caba75f68c833c3c2d33f3f5052b7d5a76e80383'' -> 0
2024-03-22 13:25:55,512+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'DELETE FROM CertificateData WHERE fingerprint='05a219d835622653192c30eeeee8f01f918b30fb'' -> 0
2024-03-22 13:25:55,515+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'DELETE FROM Base64CertData WHERE fingerprint='caba75f68c833c3c2d33f3f5052b7d5a76e80383'' -> 0
2024-03-22 13:25:55,516+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'DELETE FROM Base64CertData WHERE fingerprint='05a219d835622653192c30eeeee8f01f918b30fb'' -> 0
2024-03-22 13:25:55,521+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE UNIQUE INDEX certificatedata_idx12 ON CertificateData (serialNumber, issuerDN)' -> 0
2024-03-22 13:25:55,525+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx15 ON CertificateData (issuerDN,notBefore)' -> 0
2024-03-22 13:25:55,529+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx16 ON CertificateData (issuerDN,revocationDate)' -> 0
2024-03-22 13:25:55,534+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx17 ON CertificateData (issuerDN, status, crlPartitionIndex)' -> 0
2024-03-22 13:25:55,539+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx18 ON CertificateData (issuerDN, status, crlPartitionIndex, revocationDate)' -> 0
2024-03-22 13:25:55,543+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx_serial ON CertificateData (serialNumber)' -> 0
2024-03-22 13:25:55,548+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) 'CREATE INDEX certificatedata_idx_eab ON CertificateData (accountBindingId)' -> 0
2024-03-22 13:25:55,558+0000 ERROR [org.ejbca.ui.cli.jdbc.JdbcTool] (main) ERROR: function subjectaltname(integer) does not exist
Hint: No function matches the given name and argument types. You might need to add explicit type casts.
Position: 58
2024-03-22 13:25:55,559+0000 INFO [org.ejbca.ui.cli.jdbc.JdbcTool] (main) Done.
2024-03-22 13:25:55,602+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Starting application server:
=========================================================================
JBoss Bootstrap Environment
JBOSS_HOME: /opt/keyfactor/wildfly-26.1.3.Final
JAVA: /usr/lib/jvm/java-11-slim/bin/java
JAVA_OPTS: -server -Xms128m -Xmx31716m -Xss256k -XX:MetaspaceSize=160m -XX:MaxMetaspaceSize=256m -XX:+UseParallelGC -XX:GCTimeRatio=4 -XX:AdaptiveSizePolicyWeight=90 -XX:MinHeapFreeRatio=10 -XX:MaxHeapFreeRatio=20 -XX:+ExitOnOutOfMemoryError -Djdk.tls.ephemeralDHKeySize=2048 -Djava.net.preferIPv4Stack=false -Djava.security.egd=file:/dev/random -Dwildfly.statistics-enabled=true -Dcontainer.database.name=postgres -Dcontainer.hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect -Djboss.modules.system.pkgs=org.jboss.byteman -Djava.awt.headless=true --add-exports=java.desktop/sun.awt=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.ldap=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.url.ldap=ALL-UNNAMED --add-exports=java.naming/com.sun.jndi.url.ldaps=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.lang.invoke=ALL-UNNAMED --add-opens=java.base/java.lang.reflect=ALL-UNNAMED --add-opens=java.base/java.io=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.util.concurrent=ALL-UNNAMED --add-opens=java.management/javax.management=ALL-UNNAMED --add-opens=java.naming/javax.naming=ALL-UNNAMED
=========================================================================
2024-03-22 13:25:57,418+0000 INFO [org.jboss.as] (MSC service thread 1-2) WFLYSRV0049: WildFly Full 26.1.3.Final (WildFly Core 18.1.2.Final) starting
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/opt/keyfactor/wildfly-26.1.3.Final/modules/system/layers/base/org/wildfly/extension/elytron/main/wildfly-elytron-integration-18.1.2.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2024-03-22 13:25:59,160+0000 WARN [org.jboss.as.server.deployment.scanner] (ServerService Thread Pool -- 6) WFLYDS0006: Reliable deployment behaviour is not possible when auto-deployment of exploded content is enabled (i.e. deployment without use of ".dodeploy"' marker files). Configuration of auto-deployment of exploded content is not recommended in any situation where reliability is desired. Configuring the deployment scanner's auto-deploy-exploded setting to "false" is recommended.
2024-03-22 13:25:59,280+0000 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
2024-03-22 13:25:59,415+0000 INFO [org.wildfly.extension.microprofile.openapi.smallrye] (ServerService Thread Pool -- 54) WFLYMPOAI0001: Activating MicroProfile OpenAPI Subsystem
2024-03-22 13:25:59,432+0000 INFO [org.wildfly.extension.health] (ServerService Thread Pool -- 42) WFLYHEALTH0001: Activating Base Health Subsystem
2024-03-22 13:25:59,473+0000 INFO [org.wildfly.extension.metrics] (ServerService Thread Pool -- 50) WFLYMETRICS0001: Activating Base Metrics Subsystem
2024-03-22 13:25:59,482+0000 INFO [org.wildfly.extension.microprofile.config.smallrye] (ServerService Thread Pool -- 51) WFLYCONF0001: Activating MicroProfile Config Subsystem
2024-03-22 13:25:59,483+0000 INFO [org.wildfly.extension.microprofile.health.smallrye] (ServerService Thread Pool -- 52) WFLYMPHEALTH0001: Activating MicroProfile Health Subsystem
2024-03-22 13:25:59,497+0000 INFO [org.wildfly.extension.microprofile.metrics.smallrye] (ServerService Thread Pool -- 53) WFLYMPMETRICS0001: Activating MicroProfile Metrics Subsystem
2024-03-22 13:25:59,560+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-1) WFLYUT0003: Undertow 2.2.19.Final starting
2024-03-22 13:25:59,853+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0012: Started server default-server.
2024-03-22 13:25:59,857+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) Queuing requests.
2024-03-22 13:25:59,858+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0018: Host default-host starting
2024-03-22 13:25:59,937+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-4) WFLYUT0006: Undertow HTTP listener remoting listening on 127.0.0.1:4447
2024-03-22 13:25:59,962+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-6) WFLYUT0006: Undertow HTTP listener observation listening on [0:0:0:0:0:0:0:0]:8090
2024-03-22 13:26:00,322+0000 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-5) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/keyfactor/wildfly-26.1.3.Final/standalone/deployments
2024-03-22 13:26:01,793+0000 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 64) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.10.Final
2024-03-22 13:26:01,901+0000 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 64) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
2024-03-22 13:26:02,595+0000 INFO [org.infinispan.CONFIG] (MSC service thread 1-2) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
2024-03-22 13:26:02,604+0000 INFO [org.infinispan.CONFIG] (MSC service thread 1-2) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
2024-03-22 13:26:02,647+0000 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 64) ISPN000025: wakeUpInterval is <= 0, not starting expired purge thread
2024-03-22 13:26:05,815+0000 INFO [org.jboss.as.jpa] (MSC service thread 1-6) WFLYJPA0002: Read persistence.xml for ejbca
2024-03-22 13:26:05,840+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AcmeAccountDataSessionRemote' for Jakarta Enterprise Beans 'AcmeAccountDataSessionBean' will be ignored.
2024-03-22 13:26:05,842+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/SctDataSession' for Jakarta Enterprise Beans 'SctDataSessionBean' will be ignored.
2024-03-22 13:26:05,844+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/EstOperationsSessionRemote' for Jakarta Enterprise Beans 'EstOperationsSessionBean' will be ignored.
2024-03-22 13:26:05,845+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/EtsiEcaOperationsSessionRemote' for Jakarta Enterprise Beans 'EtsiEcaOperationsSessionBean' will be ignored.
2024-03-22 13:26:05,847+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AcmeAuthorizationDataSessionRemote' for Jakarta Enterprise Beans 'AcmeAuthorizationDataSessionBean' will be ignored.
2024-03-22 13:26:05,849+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AcmeOrderDataSessionRemote' for Jakarta Enterprise Beans 'AcmeOrderDataSessionBean' will be ignored.
2024-03-22 13:26:05,850+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AcmeChallengeDataSessionRemote' for Jakarta Enterprise Beans 'AcmeChallengeDataSessionBean' will be ignored.
2024-03-22 13:26:06,053+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CmpMessageDispatcherSessionRemote' for Jakarta Enterprise Beans 'CmpMessageDispatcherSessionBean' will be ignored.
2024-03-22 13:26:06,053+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/ScepMessageDispatcherSessionRemote' for Jakarta Enterprise Beans 'ScepMessageDispatcherSessionBean' will be ignored.
2024-03-22 13:26:06,058+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/EjbcaRestHelperSessionRemote' for Jakarta Enterprise Beans 'EjbcaRestHelperSessionBean' will be ignored.
2024-03-22 13:26:06,058+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/OcspResponseGeneratorSessionRemote' for Jakarta Enterprise Beans 'OcspResponseGeneratorSessionBean' will be ignored.
2024-03-22 13:26:06,059+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/OcspDataSessionRemote' for Jakarta Enterprise Beans 'OcspDataSessionBean' will be ignored.
2024-03-22 13:26:06,059+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/OcspResponseCleanupSessionRemote' for Jakarta Enterprise Beans 'OcspResponseCleanupSessionBean' will be ignored.
2024-03-22 13:26:06,059+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/OcspKeyRenewalSessionRemote' for Jakarta Enterprise Beans 'OcspKeyRenewalSessionBean' will be ignored.
2024-03-22 13:26:06,059+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/UpgradeSessionRemote' for Jakarta Enterprise Beans 'UpgradeSessionBean' will be ignored.
2024-03-22 13:26:06,059+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/ApprovalExecutionSessionRemote' for Jakarta Enterprise Beans 'ApprovalExecutionSessionBean' will be ignored.
2024-03-22 13:26:06,059+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/ApprovalProfileSessionRemote' for Jakarta Enterprise Beans 'ApprovalProfileSessionBean' will be ignored.
2024-03-22 13:26:06,060+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/ApprovalSessionRemote' for Jakarta Enterprise Beans 'ApprovalSessionBean' will be ignored.
2024-03-22 13:26:06,060+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/ServiceSessionRemote' for Jakarta Enterprise Beans 'ServiceSessionBean' will be ignored.
2024-03-22 13:26:06,069+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/ServiceDataSessionRemote' for Jakarta Enterprise Beans 'ServiceDataSessionBean' will be ignored.
2024-03-22 13:26:06,069+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CertificateRequestSessionRemote' for Jakarta Enterprise Beans 'CertificateRequestSessionBean' will be ignored.
2024-03-22 13:26:06,070+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/KeyStoreCreateSessionRemote' for Jakarta Enterprise Beans 'KeyStoreCreateSessionBean' will be ignored.
2024-03-22 13:26:06,070+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/EndEntityManagementSessionRemote' for Jakarta Enterprise Beans 'EndEntityManagementSessionBean' will be ignored.
2024-03-22 13:26:06,070+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/UserDataSourceSessionRemote' for Jakarta Enterprise Beans 'UserDataSourceSessionBean' will be ignored.
2024-03-22 13:26:06,070+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/EndEntityAccessSessionRemote' for Jakarta Enterprise Beans 'EndEntityAccessSessionBean' will be ignored.
2024-03-22 13:26:06,070+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AdminPreferenceSessionRemote' for Jakarta Enterprise Beans 'AdminPreferenceSessionBean' will be ignored.
2024-03-22 13:26:06,070+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/EndEntityProfileSessionRemote' for Jakarta Enterprise Beans 'EndEntityProfileSessionBean' will be ignored.
2024-03-22 13:26:06,070+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AuthorizationSystemSessionRemote' for Jakarta Enterprise Beans 'AuthorizationSystemSessionBean' will be ignored.
2024-03-22 13:26:06,071+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/KeyRecoverySessionRemote' for Jakarta Enterprise Beans 'KeyRecoverySessionBean' will be ignored.
2024-03-22 13:26:06,071+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/ImportCrlSessionRemote' for Jakarta Enterprise Beans 'ImportCrlSessionBean' will be ignored.
2024-03-22 13:26:06,071+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/PublishingCrlSessionRemote' for Jakarta Enterprise Beans 'PublishingCrlSessionBean' will be ignored.
2024-03-22 13:26:06,071+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/EjbcaWSHelperSessionRemote' for Jakarta Enterprise Beans 'EjbcaWSHelperSessionBean' will be ignored.
2024-03-22 13:26:06,071+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/HealthCheckSessionRemote' for Jakarta Enterprise Beans 'HealthCheckSessionBean' will be ignored.
2024-03-22 13:26:06,071+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CAAdminSessionRemote' for Jakarta Enterprise Beans 'CAAdminSessionBean' will be ignored.
2024-03-22 13:26:06,072+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/EndEntityAuthenticationSessionRemote' for Jakarta Enterprise Beans 'EndEntityAuthenticationSessionBean' will be ignored.
2024-03-22 13:26:06,072+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/SignSessionRemote' for Jakarta Enterprise Beans 'SignSessionBean' will be ignored.
2024-03-22 13:26:06,072+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/PublisherQueueSessionRemote' for Jakarta Enterprise Beans 'PublisherQueueSessionBean' will be ignored.
2024-03-22 13:26:06,072+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/PublisherSessionRemote' for Jakarta Enterprise Beans 'PublisherSessionBean' will be ignored.
2024-03-22 13:26:06,072+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/RevocationSessionRemote' for Jakarta Enterprise Beans 'RevocationSessionBean' will be ignored.
2024-03-22 13:26:06,072+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CertReqHistorySessionRemote' for Jakarta Enterprise Beans 'CertReqHistorySessionBean' will be ignored.
2024-03-22 13:26:06,072+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/BlacklistSessionRemote' for Jakarta Enterprise Beans 'BlacklistSessionBean' will be ignored.
2024-03-22 13:26:06,073+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CliAuthenticationProviderSessionRemote' for Jakarta Enterprise Beans 'CliAuthenticationProviderSessionBean' will be ignored.
2024-03-22 13:26:06,073+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-6) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/WebAuthenticationProviderSessionLocal' for Jakarta Enterprise Beans 'WebAuthenticationProviderSessionBean' will be ignored.
2024-03-22 13:26:06,300+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AuthorizationSessionRemote' for Jakarta Enterprise Beans 'AuthorizationSessionBean' will be ignored.
2024-03-22 13:26:06,313+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CertificateProfileSessionRemote' for Jakarta Enterprise Beans 'CertificateProfileSessionBean' will be ignored.
2024-03-22 13:26:06,314+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CertificateStoreSessionRemote' for Jakarta Enterprise Beans 'CertificateStoreSessionBean' will be ignored.
2024-03-22 13:26:06,314+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CertificateCreateSessionRemote' for Jakarta Enterprise Beans 'CertificateCreateSessionBean' will be ignored.
2024-03-22 13:26:06,314+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/NoConflictCertificateStoreSessionRemote' for Jakarta Enterprise Beans 'NoConflictCertificateStoreSessionBean' will be ignored.
2024-03-22 13:26:06,315+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CrlCreateSessionRemote' for Jakarta Enterprise Beans 'CrlCreateSessionBean' will be ignored.
2024-03-22 13:26:06,315+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CrlStoreSessionRemote' for Jakarta Enterprise Beans 'CrlStoreSessionBean' will be ignored.
2024-03-22 13:26:06,315+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CaSessionRemote' for Jakarta Enterprise Beans 'CaSessionBean' will be ignored.
2024-03-22 13:26:06,316+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/GlobalConfigurationSessionRemote' for Jakarta Enterprise Beans 'GlobalConfigurationSessionBean' will be ignored.
2024-03-22 13:26:06,316+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/SecurityEventsLoggerSessionRemote' for Jakarta Enterprise Beans 'SecurityEventsLoggerSessionBean' will be ignored.
2024-03-22 13:26:06,316+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/SecurityEventsAuditorSessionRemote' for Jakarta Enterprise Beans 'SecurityEventsAuditorSessionBean' will be ignored.
2024-03-22 13:26:06,317+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/KeyValidatorSessionRemote' for Jakarta Enterprise Beans 'KeyValidatorSessionBean' will be ignored.
2024-03-22 13:26:06,317+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CryptoTokenSessionRemote' for Jakarta Enterprise Beans 'CryptoTokenSessionBean' will be ignored.
2024-03-22 13:26:06,317+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/CryptoTokenManagementSessionRemote' for Jakarta Enterprise Beans 'CryptoTokenManagementSessionBean' will be ignored.
2024-03-22 13:26:06,318+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/InternalKeyBindingMgmtSessionRemote' for Jakarta Enterprise Beans 'InternalKeyBindingMgmtSessionBean' will be ignored.
2024-03-22 13:26:06,318+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/RoleDataSessionRemote' for Jakarta Enterprise Beans 'RoleDataSessionBean' will be ignored.
2024-03-22 13:26:06,321+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/RoleSessionRemote' for Jakarta Enterprise Beans 'RoleSessionBean' will be ignored.
2024-03-22 13:26:06,321+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/RoleMemberDataSessionRemote' for Jakarta Enterprise Beans 'RoleMemberDataSessionBean' will be ignored.
2024-03-22 13:26:06,322+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-7) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/RoleMemberSessionRemote' for Jakarta Enterprise Beans 'RoleMemberSessionBean' will be ignored.
2024-03-22 13:26:07,663+0000 INFO [org.jboss.as.jpa] (ServerService Thread Pool -- 64) WFLYJPA0010: Starting Persistence Unit (phase 1 of 2) Service 'ejbca.ear#ejbca'
2024-03-22 13:26:10,718+0000 INFO [org.apache.commons.beanutils.FluentPropertyBeanIntrospector] (MSC service thread 1-4) Error when creating PropertyDescriptor for public final void org.apache.commons.configuration2.AbstractConfiguration.setProperty(java.lang.String,java.lang.Object)! Ignoring this property.
2024-03-22 13:26:10,976+0000 WARN [org.jboss.as.jaxrs] (MSC service thread 1-1) WFLYRS0018: Explicit usage of Jackson annotation in a Jakarta RESTful Web Services deployment; the system will disable Jakarta JSON Binding processing for the current deployment. Consider setting the 'resteasy.preferJacksonOverJsonB' property to 'false' to restore Jakarta JSON Binding.
2024-03-22 13:26:11,473+0000 INFO [org.jboss.as.jpa] (ServerService Thread Pool -- 64) WFLYJPA0010: Starting Persistence Unit (phase 2 of 2) Service 'ejbca.ear#ejbca'
2024-03-22 13:26:14,956+0000 INFO [io.smallrye.metrics] (MSC service thread 1-1) SRMET01001: MicroProfile: Metrics activated (SmallRye Metrics version: 3.0.3)
2024-03-22 13:26:16,414+0000 SEVERE [javax.enterprise.resource.webcontainer.jsf.flow] (MSC service thread 1-1) Unable to obtain CDI 1.1 utilities for Mojarra
2024-03-22 13:26:16,419+0000 SEVERE [javax.enterprise.resource.webcontainer.jsf.application.view] (MSC service thread 1-1) Unable to obtain CDI 1.1 utilities for Mojarra
2024-03-22 13:26:17,357+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 71) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-03-22 13:26:17,358+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 80) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-03-22 13:26:17,359+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 70) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, GET]
2024-03-22 13:26:17,359+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 83) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-03-22 13:26:17,359+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 66) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-03-22 13:26:17,371+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 64) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, GET]
2024-03-22 13:26:17,374+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 67) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-03-22 13:26:17,375+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 82) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-03-22 13:26:17,411+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 75) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET, PUT]
2024-03-22 13:26:17,425+0000 INFO [org.ejbca.core.ejb.StartupSingletonBean] (ServerService Thread Pool -- 77) Init, EJBCA 8.2.0.1 Community (39b6c93b944edfc654aa90ecfeba3c7986ff224d) startup.
2024-03-22 13:26:17,899+0000 WARN [io.smallrye.openapi.runtime.scanner] (MSC service thread 1-2) SROAP04005: Could not find schema class in index: java.io.File
2024-03-22 13:26:18,090+0000 INFO [org.wildfly.extension.microprofile.openapi.smallrye] (MSC service thread 1-1) WFLYMPOAI0004: Registered MicroProfile OpenAPI endpoint '/openapi' for host 'default-host'
2024-03-22 13:26:18,122+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002225: Deploying javax.ws.rs.core.Application: class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,159+0000 INFO [org.ejbca.core.ejb.StartupSingletonBean] (ServerService Thread Pool -- 77) BouncyCastle provider is from our ejbca.ear classloader.
2024-03-22 13:26:18,164+0000 INFO [org.ejbca.core.ejb.StartupSingletonBean] (ServerService Thread Pool -- 77) Registered AuthenticationTokens [OAuth2AuthenticationToken, PublicAccessAuthenticationToken, CertificateAuthenticationToken, CliAuthenticationToken, AlwaysAllowLocalAuthenticationToken]
2024-03-22 13:26:18,166+0000 INFO [org.cesecore.keys.token.CryptoTokenFactory] (ServerService Thread Pool -- 77) Class not found: se.primeKey.caToken.card.PrimeCAToken.
2024-03-22 13:26:18,166+0000 INFO [org.cesecore.keys.token.CryptoTokenFactory] (ServerService Thread Pool -- 77) Can not register se.primeKey.caToken.card.PrimeCAToken. This is normally not an error.
2024-03-22 13:26:18,215+0000 INFO [org.cesecore.keys.token.CryptoTokenFactory] (ServerService Thread Pool -- 77) Class not found: org.ejbca.keys.token.FortanixCryptoToken.
2024-03-22 13:26:18,216+0000 INFO [org.reflections.Reflections] (ServerService Thread Pool -- 75) Reflections took 25 ms to scan 1 urls, producing 9 keys and 22 values
2024-03-22 13:26:18,215+0000 INFO [org.cesecore.keys.token.CryptoTokenFactory] (ServerService Thread Pool -- 77) Can not register org.ejbca.keys.token.FortanixCryptoToken. This is normally not an error.
2024-03-22 13:26:18,221+0000 INFO [org.cesecore.keys.token.CryptoTokenFactory] (ServerService Thread Pool -- 77) Class not found: org.ejbca.keys.token.AWSKMSCryptoToken.
2024-03-22 13:26:18,221+0000 INFO [org.cesecore.keys.token.CryptoTokenFactory] (ServerService Thread Pool -- 77) Can not register org.ejbca.keys.token.AWSKMSCryptoToken. This is normally not an error.
2024-03-22 13:26:18,222+0000 INFO [org.cesecore.keys.token.CryptoTokenFactory] (ServerService Thread Pool -- 77) Class not found: org.cesecore.keys.token.p11ng.cryptotoken.Pkcs11NgCryptoToken.
2024-03-22 13:26:18,222+0000 INFO [org.cesecore.keys.token.CryptoTokenFactory] (ServerService Thread Pool -- 77) Can not register org.cesecore.keys.token.p11ng.cryptotoken.Pkcs11NgCryptoToken. This is normally not an error.
2024-03-22 13:26:18,249+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002200: Adding class resource org.ejbca.ui.web.rest.api.resource.swagger.CertificateRestResourceV2Swagger from Application class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,249+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002205: Adding provider class org.ejbca.ui.web.rest.api.exception.ValidationExceptionMapper from Application class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,261+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002205: Adding provider class org.ejbca.ui.web.rest.api.config.ExceptionHandler from Application class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,261+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002200: Adding class resource org.ejbca.ui.web.rest.api.resource.swagger.SystemRestResourceSwagger from Application class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,262+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002200: Adding class resource org.ejbca.ui.web.rest.api.resource.swagger.CertificateRestResourceSwagger from Application class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,261+0000 INFO [org.cesecore.audit.AuditDevicesConfig] (ServerService Thread Pool -- 77) Registered audit device using implementation: org.cesecore.audit.impl.log4j.Log4jDevice
2024-03-22 13:26:18,262+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002205: Adding provider class org.ejbca.ui.web.rest.api.exception.IllegalWildCardSyntaxExceptionWrapper from Application class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,262+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002200: Adding class resource org.ejbca.ui.web.rest.api.resource.swagger.CaRestResourceSwagger from Application class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,263+0000 INFO [org.jboss.resteasy.resteasy_jaxrs.i18n] (ServerService Thread Pool -- 75) RESTEASY002205: Adding provider class org.ejbca.ui.web.rest.api.config.ObjectMapperContextResolver from Application class org.ejbca.ui.web.rest.api.RestApiApplication
2024-03-22 13:26:18,273+0000 INFO [org.cesecore.audit.AuditDevicesConfig] (ServerService Thread Pool -- 77) Configured exporter AuditExporterDummy for device Log4jDevice
2024-03-22 13:26:18,284+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;EJBCA_STARTING;SUCCESS;SERVICE;EJBCA;Application internal;;keyfactor-ejbca-community-helm-5c8f986bc5-k9vb9;;msg=Init, EJBCA 8.2.0.1 Community (39b6c93b944edfc654aa90ecfeba3c7986ff224d) startup.
2024-03-22 13:26:18,292+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;LOG_MANAGEMENT_CHANGE;VOID;SECURITY_AUDIT;CORE;Application internal;;;;msg=No integrity protected security audit logger devices configured.
2024-03-22 13:26:18,309+0000 INFO [org.ejbca.core.ejb.authorization.AuthorizationSystemSessionBean] (ServerService Thread Pool -- 77) No roles or CAs exist, initializing Super Administrator Role with default CLI user.
2024-03-22 13:26:18,322+0000 INFO [org.cesecore.dbprotection.ProtectedData] (ServerService Thread Pool -- 77) No database integrity protection available in this version of EJBCA.
2024-03-22 13:26:18,559+0000 INFO [org.ejbca.core.ejb.authorization.AuthorizationSystemSessionBean] (ServerService Thread Pool -- 77) Initialising public access role with confidential role member.
2024-03-22 13:26:18,774+0000 INFO [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (ServerService Thread Pool -- 77) Setting isUniqueCertificateSerialNumberIndex to: true
2024-03-22 13:26:18,806+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;Internal upgrade;;;;resource0=/system_functionality/edit_systemconfiguration
2024-03-22 13:26:18,830+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;SYSTEMCONF_CREATE;SUCCESS;GLOBALCONF;CORE;Internal upgrade;;;;msg=Global configuration with id 0 created.
2024-03-22 13:26:18,856+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;Internal upgrade;;;;resource0=/system_functionality/edit_systemconfiguration
2024-03-22 13:26:18,860+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;SYSTEMCONF_CREATE;SUCCESS;GLOBALCONF;CORE;Internal upgrade;;;;msg=Global configuration with id UPGRADE created.
2024-03-22 13:26:18,873+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;Internal upgrade;;;;resource0=/system_functionality/edit_systemconfiguration
2024-03-22 13:26:18,884+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;SYSTEMCONF_EDIT;SUCCESS;GLOBALCONF;CORE;Internal upgrade;;;;msg=Saved global configuration with id UPGRADE.;added:validityWithSecondsGranularity=true
2024-03-22 13:26:18,906+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;Internal upgrade;;;;resource0=/system_functionality/edit_systemconfiguration
2024-03-22 13:26:18,916+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;SYSTEMCONF_EDIT;SUCCESS;GLOBALCONF;CORE;Internal upgrade;;;;msg=Saved global configuration with id UPGRADE.;added:upgradedFromVersion=8.2.0.1;added:upgradedToVersion=8.2.0.1
2024-03-22 13:26:18,924+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;ACCESS_CONTROL;SUCCESS;ACCESSCONTROL;CORE;Internal upgrade;;;;resource0=/system_functionality/edit_systemconfiguration
2024-03-22 13:26:18,931+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (ServerService Thread Pool -- 77) 2024-03-22 13:26:18+00:00;SYSTEMCONF_EDIT;SUCCESS;GLOBALCONF;CORE;Internal upgrade;;;;msg=Saved global configuration with id UPGRADE.;added:postUpgradedToVersion=7.11.0
2024-03-22 13:26:18,941+0000 INFO [org.ejbca.core.ejb.upgrade.UpgradeSessionBean] (ServerService Thread Pool -- 77) Database content version: 8.2.0.1, current application version: 8.2.0.1 -> Upgrade is not needed.
2024-03-22 13:26:18,964+0000 INFO [org.cesecore.certificates.ocsp.cache.OcspSigningCache] (ServerService Thread Pool -- 77) No default responder was defined. OCSP requests for certificates issued by unknown CAs will return "unauthorized" as per RFC6960, Section 2.3
2024-03-22 13:26:18,968+0000 INFO [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (ServerService Thread Pool -- 77) Reloading CA certificate cache.
2024-03-22 13:26:19,000+0000 INFO [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (ServerService Thread Pool -- 77) Reloaded CA certificate cache with 0 certificates
2024-03-22 13:26:19,010+0000 INFO [org.ejbca.core.ejb.ocsp.OcspResponseCleanupSessionBean] (ServerService Thread Pool -- 77) OCSP clean up job is disabled.
2024-03-22 13:26:19,098+0000 INFO [org.owasp.csrfguard.config.properties.PropertyUtils] (ServerService Thread Pool -- 69) The 'org.owasp.csrfguard.PRNG.Provider' property was not defined, using 'SUN' as default value. %n
2024-03-22 13:26:19,104+0000 INFO [org.owasp.csrfguard.config.properties.PropertyUtils] (ServerService Thread Pool -- 69) The 'org.owasp.csrfguard.TokenHolder' property was not defined, using 'org.owasp.csrfguard.token.storage.impl.InMemoryTokenHolder' as default value. %n
2024-03-22 13:26:19,551+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 85) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-03-22 13:26:21,159+0000 INFO [org.primefaces.webapp.PostConstructApplicationEventListener] (ServerService Thread Pool -- 69) Running on PrimeFaces 12.0.0
2024-03-22 13:26:21,165+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 69) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-03-22 13:26:21,430+0000 INFO [org.jboss.as.server] (ServerService Thread Pool -- 37) WFLYSRV0010: Deployed "ejbca.ear" (runtime-name : "ejbca.ear")
2024-03-22 13:26:21,430+0000 INFO [org.jboss.as.server] (ServerService Thread Pool -- 37) WFLYSRV0010: Deployed "jdbc-driver.jar" (runtime-name : "jdbc-driver.jar")
2024-03-22 13:26:21,480+0000 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
2024-03-22 13:26:21,486+0000 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Full 26.1.3.Final (WildFly Core 18.1.2.Final) started in 25108ms - Started 5315 of 5440 services (278 services are lazy, passive or on-demand) - Server configuration file in use: standalone.xml
2024-03-22 13:26:21,490+0000 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
2024-03-22 13:26:21,491+0000 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0054: Admin console is not enabled
2024-03-22 13:26:22,729+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Application /opt/keyfactor/appserver/standalone/deployments/ejbca.ear.deployed successfully started.
2024-03-22 13:26:22,741+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Setting up in-bound connectivity...
2024-03-22 13:26:27,588+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Configuration import automation tool is not present in this build. /opt/keyfactor/configdump/{stage.d|initialize.d}/*/*.yaml will be ignored.
2024-03-22 13:26:27,603+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Enabling HTTP proxy listeners on 0.0.0.0:8081 and 0.0.0.0:8082.
2024-03-22 13:26:39,408+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Adding initial application RoleMember ("").
2024-03-22 13:26:39,417+0000 WARN [/opt/keyfactor/bin/start.sh] (process:1) Environment variable INITIAL_ADMIN ("") is not properly formatted and has 1 parts.
2024-03-22 13:26:43,559+0000 INFO [org.cesecore.audit.impl.log4j.Log4jDevice] (default task-1) 2024-03-22 13:26:43+00:00;ROLE_ACCESS_USER_ADDITION;SUCCESS;ROLES;CORE;ejbca;;;;msg=Added administrator aspect(s) to role Super Administrator Role.;id=1960631928;tokenType=PublicAccessAuthenticationToken;tokenIssuerId=0;tokenProviderId=0;tokenMatchKey=TRANSPORT_CONFIDENTIAL (2);tokenMatchOperator=TYPE_UNUSED (0);tokenMatchValue=;roleId=1;nameSpace=;roleName=Super Administrator Role;description=Initial RoleMember.
2024-03-22 13:26:43,576+0000 INFO [org.ejbca.ui.cli.roles.AddRoleMemberCommand] (main) Role member was successfully added.
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) #######################################################################################################
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # Whenever you are ready for production: #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # Try out the commercially supported EJBCA Enterprise Cloud on AWS or Azure, fully featured with: #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Additional enrollment APIs such as a complete REST API, EST, ACME and more. #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Support for external Registration Authority and OCSP responders #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Hardware Security Module support #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Application updates #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - ...and more! #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # Feel free to contact us directly for a cloud, on-prem, SaaS, embedded or hybrid solution that fits #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # your specific needs. #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # https://aws.amazon.com/marketplace/seller-profile?id=7edf9048-58e6-4086-9d98-b8e0c1d78fce #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # https://azuremarketplace.microsoft.com/en-us/marketplace/apps/primekey.ejbca_enterprise_cloud_2 #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # https://www.keyfactor.com #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # sales@keyfactor.com #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-03-22 13:26:48,311+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) #######################################################################################################
2024-03-22 13:26:48,330+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Waiting 5 seconds before signaling application readiness to ensure proper handling of PublicAccessAuthenticationToken.
2024-03-22 13:26:53,346+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Health check now reports application status at /ejbca/publicweb/healthcheck/ejbcahealth
chuegel commented
Maybe this is the reason?
2024-03-22 16:06:46,175+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Configuration import automation tool is not present in this build. /opt/keyfactor/configdump/{stage.d|initialize.d}/*/*.yaml will be ignored.
svenska-primekey commented
Maybe this is the reason?
2024-03-22 16:06:46,175+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Configuration import automation tool is not present in this build. /opt/keyfactor/configdump/{stage.d|initialize.d}/*/*.yaml will be ignored.
No that is for configdump an enterprise feature. I think the CA is getting skipped due to providing the Initial Admin variable.
chuegel commented
@svenska-primekey Looking into the provied helm values, I do not see any inital admin variable. Which variable do you mean?
svenska-primekey commented
INITIAL_ADMIN description here: https://github.com/Keyfactor/ejbca-community-helm?tab=readme-ov-file#ejbca-environment-variables
chuegel commented
I didn't set the INITAL_ADMIN var in the chart values:
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: ejbca
namespace: apps
spec:
releaseName: keyfactor
chart:
spec:
chart: ejbca-community-helm
sourceRef:
kind: HelmRepository
name: ejbca
namespace: flux-system
interval: 60m
values:
replicaCount: 1
image:
tag: 8.2.0.1
ejbca:
useEphemeralH2Database: false
env:
TLS_SETUP_ENABLED: "true"
METRICS_ENABLED: "true"
OBSERVABLE_BIND: 0.0.0.0
LOG_LEVEL_APP: INFO
HTTPSERVER_HOSTNAME: "pki.example.com"
SMTP_DESTINATION: "10.83.43.122"
SMTP_PORT: '25'
SMTP_FROM: "noreply@pki.example.com"
SMTP_TLS_ENABLED: "false"
SMTP_SSL_ENABLED: "false"
DATABASE_JDBC_URL: "jdbc:postgresql://10.83.200.11:5000/ejbcadb"
envRaw:
- name: DATABASE_PASSWORD
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: DATABASE_PASSWORD
- name: DATABASE_USER
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: DATABASE_USER
- name: PASSWORD_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: PASSWORD_ENCRYPTION_KEY
- name: CA_KEYSTOREPASS
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: CA_KEYSTOREPASS
- name: EJBCA_CLI_DEFAULT_PASSWORD
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: EJBCA_CLI_DEFAULT_PASSWORD
- name: APPSERVER_KEYSTORE_SECRET
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: APPSERVER_KEYSTORE_SECRET
- name: APPSERVER_TRUSTSTORE_SECRET
valueFrom:
secretKeyRef:
name: ejbca-credentials
key: APPSERVER_TRUSTSTORE_SECRET
services:
directHttp:
enabled: false
proxyAJP:
enabled: false
type: ClusterIP
bindIP: 0.0.0.0
port: 8009
proxyHttp:
enabled: true
type: ClusterIP
bindIP: 0.0.0.0
httpPort: 8081
httpsPort: 8082
ingress:
enabled: false
svenska-primekey commented
You have to add it to the values.yaml file, example:
ejbca:
env:
INITIAL_ADMIN: "ManagementCA;CertificateAuthenticationToken:WITH_COMMONNAME;SuperAdmin"chuegel commented
I understand, thanks
ecmrauh commented
Sorry for commenting a closed issue. But I have exactly the same problem. I have the settings like shown above and I set INITIAL_ADMIN: "ManagementCA;CertificateAuthenticationToken:WITH_COMMONNAME;SuperAdmin". Here are the logs:
INFO [/opt/keyfactor/bin/start.sh] (process:1) Enabling HTTP proxy listeners on 0.0.0.0:8081 and 0.0.0.0:8082.
INFO [/opt/keyfactor/bin/start.sh] (process:1) Adding initial application RoleMember ("ManagementCA;CertificateAuthenticationToken:WITH_COMMONNAME;SuperAdmin").
INFO [org.cesecore.certificates.ca.CaSessionBean] (default task-2) CA with name ManagementCA does not exist.
ERROR [org.ejbca.ui.cli.roles.AddRoleMemberCommand] (main) No such CA 'ManagementCA'.
ERROR [/opt/keyfactor/bin/start.sh] (process:1) Failed to add initial RoleMember.
Is there anything I'm missing?
@chuegel Did that work for you in the end or did you create the ManagementCA manually?
chuegel commented
@ecmrauh I created the ManagementCA manually. Be sure to download the superadmin certificate in that process and change the Super Administrator Role to accept only client cert auth. For that you have to create a secret with the CA certificate (see below)
Here is my ingress (I also use a oauth2 proxy in front of the webadmin)
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: letsencrypt-production
nginx.ingress.kubernetes.io/affinity: cookie
nginx.ingress.kubernetes.io/auth-tls-pass-certificate-to-upstream: "true"
nginx.ingress.kubernetes.io/auth-tls-secret: apps/managementca.crt
nginx.ingress.kubernetes.io/auth-tls-verify-client: "optional"
nginx.ingress.kubernetes.io/backend-protocol: HTTP
nginx.ingress.kubernetes.io/configuration-snippet: |
proxy_set_header SSL_CLIENT_CERT $ssl_client_cert;
nginx.ingress.kubernetes.io/proxy-buffer-size: 16k
nginx.ingress.kubernetes.io/session-cookie-name: pki
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/auth-signin: https://oauth2.example/oauth2/start?rd=$scheme://$best_http_host$request_uri
nginx.ingress.kubernetes.io/auth-url: https://oauth2.example.tech/oauth2/auth
name: ejbca-admin-ingress
namespace: apps
spec:
ingressClassName: nginx
rules:
- host: pki.example.tech
http:
paths:
- backend:
service:
name: keyfactor-ejbca-community-helm
port:
number: 8082
path: /ejbca
pathType: Prefix
tls:
- hosts:
- pki.example.tech
secretName: pki-example-certBut as pointed by @svenska-primekey the initial bootstraping of the ManagamentCA should work with:
ejbca:
env:
INITIAL_ADMIN: "ManagementCA;CertificateAuthenticationToken:WITH_COMMONNAME;SuperAdmin"ecmrauh commented
Thanks for your quick reply and the ingress example! I will see if I can make it work somehow.
But as pointed by @svenska-primekey the initial bootstraping of the ManagamentCA should work
Yes, it probably should, but it doesn't (in my case). I used exactly these values. 😕