Search code examples
javawildflywildfly-10ejbca

Missing JKS truststorestore file in 'c:\ejbca\p12\truststore.jks' while installing Ejbca on Windows

I am installing EJBCA on a Windows .
OS version: Windows Server 2016
Java: OpenJDK 8.0.242.08 Ant: ant 1.9.14
Database: MariaDB 10.4.12
Server: Wildfly 10.1.0
EJBCA Version: 6.15.2

Installation proceeded using this https://doc.primekey.com/ejbca6152/ejbca-installations/ejbca-main-installation manual.

Unfortunately on the command ant deploy-keystore provides this error:

jee:deploytruststore:

BUILD FAILED
c:\ejbca\build.xml:844: The following error occurred while executing this line:
c:\ejbca\bin\jboss.xml:310: The following error occurred while executing this line:
c:\ejbca\bin\jboss.xml:294: Missing JKS truststorestore file in 'c:\ejbca/p12/truststore.jks'

It has a corresponding error (I think they are related):

ejbca:javatruststore:
    [input] skipping input as property ca.name has already been set.
     [echo] Getting root certificate in DER format...
     [echo] ca getcacert "ManagementCA" C:\Users\tsaForFN\AppData\Local\Temp\2\/rootca.der -der
     [java] Wrote CA certificate to 'C:\Users\tsaForFN\AppData\Local\Temp\2\/rootca.der' using DER encoding.
     [echo] Adding to or creating keystore: c:\ejbca/p12/truststore.jks

ejbca:javatruststore-removeold:
     [exec] keytool error: java.lang.Exception: Input not an X.509 certificate
     [exec] java.lang.Exception: Input not an X.509 certificate
     [exec]     at sun.security.tools.keytool.Main.addTrustedCert(Main.java:2861)
     [exec]     at sun.security.tools.keytool.Main.doCommands(Main.java:1050)
     [exec]     at sun.security.tools.keytool.Main.run(Main.java:366)
     [exec]     at sun.security.tools.keytool.Main.main(Main.java:359)

     [exec] Result: 1
   [delete] Deleting: C:\Users\tsaForFN\AppData\Local\Temp\2\rootca.der

I tried to change slashes but it still didn't worked.

This is the log of Wildfly server https://controlc.com/bb5d54f4
This is the log of EJBCA installation https://controlc.com/f6f062d2

properties are default except database which is configured, working and not relevant right now.

Solution

  • Your issue is this: "Input not an X.509 certificate"

    This is due to your usage of "implicitlyCA" in "install.properties", creating a CA certificate that is not useable by normal clients.

    Initializing CA with 'ManagementCA' 'CN=ManagementCA,O=EJBCA Sample,C=SE' 'soft' '<ca.tokenpassword hidden>' 'implicitlyCA' 'ECDSA' '3650' 'null' 'SHA256withECDSA' -superadmincn 'SuperAdmin'...

    You have configured the Management CA to use "implicitlyCA" ECDSA, which is not something that Java, Windows or any web servers and browsers support.

    You need to use keys (in the ca.keyspec setting) that can be used for TLS connections, such as RSA 2048 or ECDSA prime256v1.

    ImplicitlyCA can only be used if you are really really really sure what you are doing, and you use specific customer client software.