ACME Enrollment with EJBCA
433 views
Skip to first unread message
Sven Rajala
May 26, 2020, 4:43:51 PM5/26/20
to WildFly
I'm trying to test ACME enrollment with Wildfly 19, and receive an error from Wildfly that I haven't been able to resolve. EJBCA successfully issues the certificate that is requested, but Wildfly throws error:
2020-05-26 15:21:35,275 ERROR [org.jboss.as.controller.management-operation] (management-handler-thread - 2) WFLYCTL0013: Operation ("obtain-certificate") failed - address: ([
("subsystem" => "elytron"),
("key-store" => "serverKS")
]) - failure description: "ELY10035: No account location URL provided by ACME server"
I added the CA trust chain to the Java cacerts file for wildfly to trust the CA chain of the EJBCA server. The commands I used to enroll for a cert are:
/subsystem=elytron/key-store=serverKS:add(path=server.keystore.jks, relative-to=jboss.server.config.dir, credential-reference={clear-text=secret}, type=JKS)
/subsystem=elytron/key-store=accountsKS:add(path=accounts.keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
/subsystem=elytron/certificate-authority=SolitudeG1:add(url="https://ra01.solitude.skyrim/ejbca/acme/directory",staging-url="https://ra01.solitude.skyrim/ejbca/acme/directory")
/subsystem=elytron/certificate-authority-account=va01.solitude.skyrim:add(certificate-authority=SolitudeG1,alias=va01.solitude.skyrim,key-store=accountsKS,contact-urls=[mailto:sven....@primekey.com])
/subsystem=elytron/key-store=serverKS:obtain-certificate(alias=server,domain-names=[va01.solitude.skyrim],certificate-authority-account=va01.solitude.skyrim,agree-to-terms-of-service,credential-reference={clear-text=secret})
I also followed the steps from: https://developer.jboss.org/people/fjuma/blog/2018/08/31/obtaining-certificates-from-lets-encrypt-using-the-wildfly-cli
/subsystem=elytron/key-store=accountsKS:add(path=accounts.keystore.jks,relative-to=jboss.server.config.dir,credential-reference={clear-text=secret},type=JKS)
/subsystem=elytron/certificate-authority=SolitudeG1:add(url="https://ra01.solitude.skyrim/ejbca/acme/directory",staging-url="https://ra01.solitude.skyrim/ejbca/acme/directory")
/subsystem=elytron/certificate-authority-account=va01.solitude.skyrim:add(certificate-authority=SolitudeG1,alias=va01.solitude.skyrim,key-store=accountsKS,contact-urls=[mailto:sven....@primekey.com])
/subsystem=elytron/key-store=serverKS:obtain-certificate(alias=server,domain-names=[va01.solitude.skyrim],certificate-authority-account=va01.solitude.skyrim,agree-to-terms-of-service,credential-reference={clear-text=secret})
I also followed the steps from: https://developer.jboss.org/people/fjuma/blog/2018/08/31/obtaining-certificates-from-lets-encrypt-using-the-wildfly-cli
I have enabled all logging for org.jboss, but all I get is the error above. Any idea on why Wildfly throws this error, and/or how to resolve it?
dvilkola
May 27, 2020, 4:13:48 AM5/27/20
to WildFly
Is your WildFly server instance publicly accessible using the domain name you are obtaining a certificate for, in your case "va01.solitude.skyrim"?
Sven Rajala
May 27, 2020, 9:21:27 AM5/27/20
to WildFly
This isn't a public instance, I'm using private names in a lab. I have tested certbot against EJBCA and this works fine. I moved on to testing Wildfly, and have not had any luck. EJBCA and web server logs shows that EJBCA can successfully connect to Wildfly to validate the acme challenge. EJBCA even issues a certificate, but Wildfly fails with the message and doesn't take the cert.
Farah Juma
May 27, 2020, 5:41:08 PM5/27/20
to WildFly
I suspect that EJBCA might not be including the Location header in the response to finalizing an order (although the Location header is present in the ACME protocol specification). Are you able to capture the HTTP traffic using something like Wireshark? It would be good to know if the response to POST /ejbca/acme/acct/{accountId}/orders/{orderId}/finalize is indeed missing the Location header.
If that is the case, then since certbot does work successfully, it must not be relying on the Location header from the response. I can take a closer look at our WildFly ACME client so that we do something similar.
Farah Juma
May 27, 2020, 7:02:16 PM5/27/20
to WildFly
I've created ELY-1975 to track this and submitted the following PR:
Sven Rajala
May 27, 2020, 7:49:59 PM5/27/20
to WildFly
I got the header output from an enrollment with Wildfly:
19:34:50,791 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) GET https://ca01.solitude.skyrim/ejbca/acme/directory from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
Connection: keep-alive
User-Agent: Elytron ACME Client/1.11.2.Final
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Request data:
Response status: 200
ContentType: application/json;charset=UTF-8
CharacterEncoding: UTF-8
(Not yet final) Response headers:
Replay-Nonce ->
Replay-Nonce: AAABclh9EFMAAAAAAAAAAQk_P0-ctUIGcECInWQSk9BTL_2OLPi4h_DxoeMIfRVxLpgcxlVl6RQfVtOTnPtbwg
Content-Language ->
Content-Language: en
Content-Type ->
Content-Type: application/json;charset=UTF-8
Response data:
{
"newNonce":"https://ca01.solitude.skyrim/ejbca/acme/newNonce",
"newAccount":"https://ca01.solitude.skyrim/ejbca/acme/newAccount",
"newOrder":"https://ca01.solitude.skyrim/ejbca/acme/newOrder",
"revokeCert":"https://ca01.solitude.skyrim/ejbca/acme/revokeCert",
"keyChange":"https://ca01.solitude.skyrim/ejbca/acme/keyChange",
"meta":{
"termsOfService":"https://enroll.solitude.skyrim/acme/terms",
"website":"https://enroll.solitude.skyrim/",
"caaIdentities":[],
"externalAccountRequired":false
}
}
19:34:50,815 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) HEAD https://ca01.solitude.skyrim/ejbca/acme/newNonce from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
Connection: keep-alive
User-Agent: Elytron ACME Client/1.11.2.Final
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Request data:
Response status: 200
ContentType: null
CharacterEncoding: ISO-8859-1
(Not yet final) Response headers:
Cache-Control ->
Cache-Control: no-store
Replay-Nonce ->
Replay-Nonce: AAABclh9EL8AAAAAAAAAAwk_P0-ctUIGcECInWQSk9AsZ5VNz30_pKXuGIN3nyobYqruwoCxPw07VtkgIQadZw
Content-Language ->
Content-Language: en
Response data:
19:34:50,938 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) POST https://ca01.solitude.skyrim/ejbca/acme/newAccount from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
User-Agent: Elytron ACME Client/1.11.2.Final
Connection: keep-alive
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Content-Length: 1221
Content-Type: application/jose+json
Request data:
{"protected":"eyJhbGciOiJSUzI1NiIsImp3ayI6eyJlIjoiQVFBQiIsImt0eSI6IlJTQSIsIm4iOiJoczk4NUpsX2xDNXh1X0ludDNrTXdGd2UySVpncFJTV2NCNFV6djY2VF9vR29KTG5wQU9BVWhlWks4eWFTdEdUc3plUUtkaXI0U2ppT2pNMVhfR1FVT2NHdDhzNVBfWDVMTVJuX0pSZ0dteE84cmFSMjNENEc3SS1yVlVZMks3NVZudXM2NzZON0phRzhQT3hkQ2hIU2ZVbVNRcGxwS29ZWlZBTVY4aDVEb3lCamxIZVluR2ZhUUxVejV0UjRPVHpMeDh3OFdSc0NsTkFKVUJkTWN3akNBakp3SW9QTWwwV2JfZ1RmTWpQZmFDQjVpRWFpQ0xET3NuQmxBRWV5d2xPcndwUVNYdE9xSzIwOTFMZFk2V1ozQVBuRHhYaE55Um5SbC1tN1EwREg2N3ZIQjRnMHlUcjRWOVNMT0JJakRqUWUzcU00cHM2MjIxSHlHRUFKQzlUVVEifSwibm9uY2UiOiJBQUFCY2xoOUVMOEFBQUFBQUFBQUF3a19QMC1jdFVJR2NFQ0luV1FTazlBc1o1Vk56MzBfcEtYdUdJTjNueW9iWXFydXdvQ3hQdzA3VnRrZ0lRYWRadyIsInVybCI6Imh0dHBzOi8vY2EwMS5zb2xpdHVkZS5za3lyaW0vZWpiY2EvYWNtZS9uZXdBY2NvdW50In0","payload":"eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZSwiY29udGFjdCI6WyJtYWlsdG86c3Zlbi5yYWphbGFAcHJpbWVrZXkuY29tIl19","signature":"bOJ5AFseo-v98gAiuyCBkJxKm3R8XqfNI_Gk2swktC-U8DH4AngPjwJx9EPxbHG2_UQ2BVzxzFQ2Qms5vXAnXJRFQJHuu59tLFczBPTn_9Qo9yTdnp9uCykcHa6ZAyg7YVXo_0fe0tgr2LCYZxQVRW308k09mkdix3C_BFE6drBq7Ml9ccSZRKt5H6l5Da--qJVA6nwoNzv_Fpd8ODEy3FAO0DpgeEnUPuty6FAZ28LUzlXR-HS0RC736MfiNe-PLqv681R0ZcTtoSxCOPSO7fxaLgrRUD2BxKGx0Tr5Pmzsi0---JR56YFcefM4_U_VSVpHUSu1emM891Irhwv8nw"}
Base64 decoded request data:
protected: {"alg":"RS256","jwk":{"e":"AQAB","kty":"RSA","n":"hs985Jl_lC5xu_Int3kMwFwe2IZgpRSWcB4Uzv66T_oGoJLnpAOAUheZK8yaStGTszeQKdir4SjiOjM1X_GQUOcGt8s5P_X5LMRn_JRgGmxO8raR23D4G7I-rVUY2K75Vnus676N7JaG8POxdChHSfUmSQplpKoYZVAMV8h5DoyBjlHeYnGfaQLUz5tR4OTzLx8w8WRsClNAJUBdMcwjCAjJwIoPMl0Wb_gTfMjPfaCB5iEaiCLDOsnBlAEeywlOrwpQSXtOqK2091LdY6WZ3APnDxXhNyRnRl-m7Q0DH67vHB4g0yTr4V9SLOBIjDjQe3qM4ps6221HyGEAJC9TUQ"},"nonce":"AAABclh9EL8AAAAAAAAAAwk_P0-ctUIGcECInWQSk9AsZ5VNz30_pKXuGIN3nyobYqruwoCxPw07VtkgIQadZw","url":"https://ca01.solitude.skyrim/ejbca/acme/newAccount"}
payload: {"termsOfServiceAgreed":true,"contact":["mailto:sven....@primekey.com"]}
Response status: 200
ContentType: application/json;charset=UTF-8
CharacterEncoding: UTF-8
(Not yet final) Response headers:
Replay-Nonce ->
Replay-Nonce: AAABclh9ETgAAAAAAAAABQk_P0-ctUIGcECInWQSk9BaYCp2ps-aGaqVzYO_F11oTtHMs39L8gY7AxXvNHd7dg
Content-Language ->
Content-Language: en
Location ->
Location: https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w
Content-Type ->
Content-Type: application/json;charset=UTF-8
Response data:
{
"status":"valid",
"contact":["mailto:sven....@primekey.com"],
"termsOfServiceAgreed":true,
"orders":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/orders"
}
19:34:51,078 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) POST https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
User-Agent: Elytron ACME Client/1.11.2.Final
Connection: keep-alive
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Content-Length: 838
Content-Type: application/jose+json
Request data:
{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vY2EwMS5zb2xpdHVkZS5za3lyaW0vZWpiY2EvYWNtZS9hY2N0LzE5R2UtamNjQzlydDNtWFV4S1haN3ciLCJub25jZSI6IkFBQUJjbGg5RVRnQUFBQUFBQUFBQlFrX1AwLWN0VUlHY0VDSW5XUVNrOUJhWUNwMnBzLWFHYXFWellPX0YxMW9UdEhNczM5TDhnWTdBeFh2TkhkN2RnIiwidXJsIjoiaHR0cHM6Ly9jYTAxLnNvbGl0dWRlLnNreXJpbS9lamJjYS9hY21lL2FjY3QvMTlHZS1qY2NDOXJ0M21YVXhLWFo3dyJ9","payload":"eyJ0ZXJtc09mU2VydmljZUFncmVlZCI6dHJ1ZSwiY29udGFjdCI6WyJtYWlsdG86c3Zlbi5yYWphbGFAcHJpbWVrZXkuY29tIl19","signature":"Nexz3MYARX1Cz1mmzY7U_QRKDBJtLJdydBV5lkKEpariNDXltdzSEzz5tK6VirRTNM-Mu-FooCpwsgASih0M1msxn9KutAKVD4numdAWg1lHbsCagCwhKR7NOXpTrs6QN8uURiM4LWwiwx9t8itsHYRdbD9prr6nzCYVYlQ_D3ecLye5dShX2ByfN3mK6OhOVCr4BL-nm4N0O9dXx1u3EnNNZPZX6lV4Di9cUx3b3VxlSKefMbhkfdwDV-kWXW2Af62ELGW1mGeepcCOFYladiyULcFknajmELxUDzmwQmi--CNzHNzNrjeQ1fVKlZyo9tpMTRsGDBNQZF02PKOfRQ"}
Base64 decoded request data:
protected: {"alg":"RS256","kid":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w","nonce":"AAABclh9ETgAAAAAAAAABQk_P0-ctUIGcECInWQSk9BaYCp2ps-aGaqVzYO_F11oTtHMs39L8gY7AxXvNHd7dg","url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w"}
payload: {"termsOfServiceAgreed":true,"contact":["mailto:sven....@primekey.com"]}
Response status: 200
ContentType: application/json;charset=UTF-8
CharacterEncoding: UTF-8
(Not yet final) Response headers:
Replay-Nonce ->
Replay-Nonce: AAABclh9EcUAAAAAAAAABwk_P0-ctUIGcECInWQSk9CvITjBuEuxQ8PuANEnEBwFjMCVsASZY3xkseA6ZsElFQ
Content-Language ->
Content-Language: en
Location ->
Location: https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w
Content-Type ->
Content-Type: application/json;charset=UTF-8
Response data:
{
"status":"valid",
"contact":["mailto:sven....@primekey.com"],
"termsOfServiceAgreed":true,
"orders":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/orders"
}
19:34:51,190 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) POST https://ca01.solitude.skyrim/ejbca/acme/newOrder from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
User-Agent: Elytron ACME Client/1.11.2.Final
Connection: keep-alive
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Content-Length: 797
Content-Type: application/jose+json
Request data:
{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vY2EwMS5zb2xpdHVkZS5za3lyaW0vZWpiY2EvYWNtZS9hY2N0LzE5R2UtamNjQzlydDNtWFV4S1haN3ciLCJub25jZSI6IkFBQUJjbGg5RWNVQUFBQUFBQUFBQndrX1AwLWN0VUlHY0VDSW5XUVNrOUN2SVRqQnVFdXhROFB1QU5FbkVCd0ZqTUNWc0FTWlkzeGtzZUE2WnNFbEZRIiwidXJsIjoiaHR0cHM6Ly9jYTAxLnNvbGl0dWRlLnNreXJpbS9lamJjYS9hY21lL25ld09yZGVyIn0","payload":"eyJpZGVudGlmaWVycyI6W3sidHlwZSI6ImRucyIsInZhbHVlIjoidmEwMS5zb2xpdHVkZS5za3lyaW0ifV19","signature":"OjlPExpJPGN7FrbJp_oF8-QhrSj1qIRnWqpms_WCY1piQduj-uJmEFpl6LVXsZrdJHp5LCvLcBkxdLFCjaZi4Fj6kCm8em_X2xyla43TkZUjfg4Wpmvi22C3IkvAj5Y5nkxeEDb4-GYlhanDkhGARMldXuFvJQWAwr5xWIfPB62QAP4dCRG80i22c680JNN96WmBXLKe5phwi2bJZj8RQ_hnHmuWsEH95vuiM8yqQZHIituyVo7ZPCZ8E3y-ejy-BExu_VVGD7Ap07mj1eyCTfABcVXICl4i5o31FwdvTci37IbewbPGC_GZbspzhpEv_ufNy5TzXgy99kusWNq4fQ"}
Base64 decoded request data:
protected: {"alg":"RS256","kid":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w","nonce":"AAABclh9EcUAAAAAAAAABwk_P0-ctUIGcECInWQSk9CvITjBuEuxQ8PuANEnEBwFjMCVsASZY3xkseA6ZsElFQ","url":"https://ca01.solitude.skyrim/ejbca/acme/newOrder"}
payload: {"identifiers":[{"type":"dns","value":"va01.solitude.skyrim"}]}
Response status: 201
ContentType: application/json;charset=UTF-8
CharacterEncoding: UTF-8
(Not yet final) Response headers:
Replay-Nonce ->
Replay-Nonce: AAABclh9EjMAAAAAAAAACQk_P0-ctUIGcECInWQSk9AjFNhHqk5IiPZZumiZy5JMlGyErHBA-y5KPqTMj2G9NQ
Content-Language ->
Content-Language: en
Location ->
Location: https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/orders/Rk2o4KCd-B3A7VGk8EXLtgaYMGxIpZZzkPWqSe7tLtY
Content-Type ->
Content-Type: application/json;charset=UTF-8
Response data:
{
"status":"pending",
"expires":"2020-05-28T00:34:51Z",
"identifiers":[{
"type":"dns",
"value":"va01.solitude.skyrim"
}],
"notBefore":"2020-05-27T23:24:51Z",
"notAfter":"2020-08-25T23:24:51Z",
"authorizations":["https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/authz/bccfe3cf24474c79e368b6b204f3ad22904f469fe9e03481325ee6488bd9346a"],
"finalize":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/orders/Rk2o4KCd-B3A7VGk8EXLtgaYMGxIpZZzkPWqSe7tLtY/finalize"
}
19:34:51,241 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) POST https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/authz/bccfe3cf24474c79e368b6b204f3ad22904f469fe9e03481325ee6488bd9346a from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
User-Agent: Elytron ACME Client/1.11.2.Final
Connection: keep-alive
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Content-Length: 833
Content-Type: application/jose+json
Request data:
{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vY2EwMS5zb2xpdHVkZS5za3lyaW0vZWpiY2EvYWNtZS9hY2N0LzE5R2UtamNjQzlydDNtWFV4S1haN3ciLCJub25jZSI6IkFBQUJjbGg5RWpNQUFBQUFBQUFBQ1FrX1AwLWN0VUlHY0VDSW5XUVNrOUFqRk5oSHFrNUlpUFpadW1pWnk1Sk1sR3lFckhCQS15NUtQcVRNajJHOU5RIiwidXJsIjoiaHR0cHM6Ly9jYTAxLnNvbGl0dWRlLnNreXJpbS9lamJjYS9hY21lL2FjY3QvMTlHZS1qY2NDOXJ0M21YVXhLWFo3dy9hdXRoei9iY2NmZTNjZjI0NDc0Yzc5ZTM2OGI2YjIwNGYzYWQyMjkwNGY0NjlmZTllMDM0ODEzMjVlZTY0ODhiZDkzNDZhIn0","payload":"","signature":"hXo88cG8OPKzDdO9H_EXHZaUJAwePDWoRRWPnWsizn7Rgm6zkIUwLyjLNbM5-9TQ1-_9kskhK6jaduMDpFfBuQII4mRCcVDGRx9y4zZxWV3ZbcTv_IjRhGZVmFaG-UG01hLVGkKd7cQPMSf9xlvaUeW_dnDCWhPyhVFWcjPUhw_84TzrFM8cm_oguMlmW7NtRxbNZwDkSpCwe--39bELItXGma-ftR1CrBPxYM_dBwTnT4xrr64wTENmkeNCV6rZfEI0sR5iBl_h7IdawjNL2j1pxJrC8cTyF8sB1BbYkeLWEDaT7i5v6CrBeLGHbLeelGiXUTDf5CFyJyGc3kFhTQ"}
Base64 decoded request data:
protected: {"alg":"RS256","kid":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w","nonce":"AAABclh9EjMAAAAAAAAACQk_P0-ctUIGcECInWQSk9AjFNhHqk5IiPZZumiZy5JMlGyErHBA-y5KPqTMj2G9NQ","url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/authz/bccfe3cf24474c79e368b6b204f3ad22904f469fe9e03481325ee6488bd9346a"}
payload:
Response status: 200
ContentType: application/json;charset=UTF-8
CharacterEncoding: UTF-8
(Not yet final) Response headers:
Replay-Nonce ->
Replay-Nonce: AAABclh9EmUAAAAAAAAACwk_P0-ctUIGcECInWQSk9D0n2YGUPqqL_p2WPZX_KRzNZdCyXCPcLrR3fM3f7_5Sw
Link ->
Link: <https://ca01.solitude.skyrim/ejbca/acme/directory>; rel="index"
Content-Type ->
Content-Type: application/json;charset=UTF-8
Response data:
{
"identifier":{
"type":"dns",
"value":"va01.solitude.skyrim"
},
"status":"pending",
"expires":"2020-05-28T00:34:51Z",
"challenges":[{
"type":"dns-01",
"url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/chall/XfGO4JrZQBt9LstD00065Q",
"status":"pending",
"token":"IW0Orql9BV2iS22SbYiaZg"
},
{
"type":"http-01",
"url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/chall/wWtM5KcYXxEhkHs-Cf1U_g",
"status":"pending",
"token":"IW0Orql9BV2iS22SbYiaZg"
}],
"wildcard":false
}
19:34:56,595 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) POST https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/chall/wWtM5KcYXxEhkHs-Cf1U_g from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
User-Agent: Elytron ACME Client/1.11.2.Final
Connection: keep-alive
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Content-Length: 780
Content-Type: application/jose+json
Request data:
{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vY2EwMS5zb2xpdHVkZS5za3lyaW0vZWpiY2EvYWNtZS9hY2N0LzE5R2UtamNjQzlydDNtWFV4S1haN3ciLCJub25jZSI6IkFBQUJjbGg5RW1VQUFBQUFBQUFBQ3drX1AwLWN0VUlHY0VDSW5XUVNrOUQwbjJZR1VQcXFMX3AyV1BaWF9LUnpOWmRDeVhDUGNMclIzZk0zZjdfNVN3IiwidXJsIjoiaHR0cHM6Ly9jYTAxLnNvbGl0dWRlLnNreXJpbS9lamJjYS9hY21lL2FjY3QvMTlHZS1qY2NDOXJ0M21YVXhLWFo3dy9jaGFsbC93V3RNNUtjWVh4RWhrSHMtQ2YxVV9nIn0","payload":"e30","signature":"HHj7cVli0UkRqf8tVYMLVxaW-W0zQpG9FcAPcfeKwlDA7rE27Iv-5YZu5-aRpQsRQ4fVN4QtkPgcQLHX3RsddWEjRSzBB3MeS_0ObiPbEffRdXdfu_6tRzpJCXPX5z_oNMOIv7z-ACJFQwMPKGinc9uu6poJcu-lisOrwRg7iU_VkdJqGr5kO8XWvlhfCflT4U0RdcT2tpWAbqQiHgvscdG9AFlwp7DoKKRuLzAmGaIRpT3diWKfR05PC1dFNfotbVVPqhcBBz13BoAjSYCRdtEo5Pydp1RD_QEijxWjnq0nC20_nRt6zEs8T1zGT_yW3P1SIcrwLZGktws5iGx68g"}
Base64 decoded request data:
protected: {"alg":"RS256","kid":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w","nonce":"AAABclh9EmUAAAAAAAAACwk_P0-ctUIGcECInWQSk9D0n2YGUPqqL_p2WPZX_KRzNZdCyXCPcLrR3fM3f7_5Sw","url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/chall/wWtM5KcYXxEhkHs-Cf1U_g"}
payload: {}
Response status: 200
ContentType: application/json;charset=UTF-8
CharacterEncoding: UTF-8
(Not yet final) Response headers:
Replay-Nonce ->
Replay-Nonce: AAABclh9J1MAAAAAAAAADQk_P0-ctUIGcECInWQSk9AQGDYSIQvo1COXe6kK-TfV6CHJH1RMySSf1lnDE4-fww
Link ->
Link: <https://ca01.solitude.skyrim/ejbca/acme/directory>; rel="index"
Link: <https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/authz/bccfe3cf24474c79e368b6b204f3ad22904f469fe9e03481325ee6488bd9346a>; rel="up"
Content-Type ->
Content-Type: application/json;charset=UTF-8
Response data:
{
"type":"http-01",
"url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/chall/wWtM5KcYXxEhkHs-Cf1U_g",
"status":"valid",
"token":"IW0Orql9BV2iS22SbYiaZg"
}
19:34:56,630 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) POST https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/authz/bccfe3cf24474c79e368b6b204f3ad22904f469fe9e03481325ee6488bd9346a from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
User-Agent: Elytron ACME Client/1.11.2.Final
Connection: keep-alive
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Content-Length: 833
Content-Type: application/jose+json
Request data:
{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vY2EwMS5zb2xpdHVkZS5za3lyaW0vZWpiY2EvYWNtZS9hY2N0LzE5R2UtamNjQzlydDNtWFV4S1haN3ciLCJub25jZSI6IkFBQUJjbGg5SjFNQUFBQUFBQUFBRFFrX1AwLWN0VUlHY0VDSW5XUVNrOUFRR0RZU0lRdm8xQ09YZTZrSy1UZlY2Q0hKSDFSTXlTU2YxbG5ERTQtZnd3IiwidXJsIjoiaHR0cHM6Ly9jYTAxLnNvbGl0dWRlLnNreXJpbS9lamJjYS9hY21lL2FjY3QvMTlHZS1qY2NDOXJ0M21YVXhLWFo3dy9hdXRoei9iY2NmZTNjZjI0NDc0Yzc5ZTM2OGI2YjIwNGYzYWQyMjkwNGY0NjlmZTllMDM0ODEzMjVlZTY0ODhiZDkzNDZhIn0","payload":"","signature":"gBREofpWmo4YU4V5I5r0YAdopbEHeQDecEWHItB10aJpYyH0fH6jy9Trx-7CncWfmJmqykf-9rAyTIizeRfElq2d2Mja8czqS6hdBBqI83JPVyC7qLs-K5oPEDSRjVLj50OsRPdT8wU0Bq6O3S3OIbNJ_OP37pe-L3ONn59v0rwZSnri9HUGMGlMdXhuQd89yXyjZpxXPwmjLDhAX7lgrRaJfUvmGy9unzaO7to7Xt1dfmqYCONQNJmLP877QjdGHWm9Ie0LA-_CYgDsWhxoXdYyk5r6DdoMy3KmndSQ5pQ3E-x0lf7-QhWiUNY91HsccU67pya8PsdZb3rRCkpRWQ"}
Base64 decoded request data:
protected: {"alg":"RS256","kid":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w","nonce":"AAABclh9J1MAAAAAAAAADQk_P0-ctUIGcECInWQSk9AQGDYSIQvo1COXe6kK-TfV6CHJH1RMySSf1lnDE4-fww","url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/authz/bccfe3cf24474c79e368b6b204f3ad22904f469fe9e03481325ee6488bd9346a"}
payload:
Response status: 200
ContentType: application/json;charset=UTF-8
CharacterEncoding: UTF-8
(Not yet final) Response headers:
Replay-Nonce ->
Replay-Nonce: AAABclh9J3UAAAAAAAAADwk_P0-ctUIGcECInWQSk9ANJV9ksIPRrAZM5W9t7V1CWUL7ZKtCclOYQJwp50W1AQ
Link ->
Link: <https://ca01.solitude.skyrim/ejbca/acme/directory>; rel="index"
Content-Type ->
Content-Type: application/json;charset=UTF-8
Response data:
{
"identifier":{
"type":"dns",
"value":"va01.solitude.skyrim"
},
"status":"valid",
"expires":"2020-05-28T00:34:51Z",
"challenges":[{
"type":"dns-01",
"url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/chall/XfGO4JrZQBt9LstD00065Q",
"status":"pending",
"token":"IW0Orql9BV2iS22SbYiaZg"
},
{
"type":"http-01",
"url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/chall/wWtM5KcYXxEhkHs-Cf1U_g",
"status":"valid",
"token":"IW0Orql9BV2iS22SbYiaZg"
}],
"wildcard":false
}
19:34:57,571 DEBUG [org.ejbca.ui.web.protocol.acme.web.AcmeLoggingFilter] (default task-2) POST https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/orders/Rk2o4KCd-B3A7VGk8EXLtgaYMGxIpZZzkPWqSe7tLtY/finalize from 172.16.170.128
Request headers:
Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2
Cache-Control: no-cache
SSL_CLIENT_CERT: (null)
User-Agent: Elytron ACME Client/1.11.2.Final
Connection: keep-alive
Host: ca01.solitude.skyrim
Accept-Language: en-US
Pragma: no-cache
Content-Length: 2072
Content-Type: application/jose+json
Request data:
{"protected":"eyJhbGciOiJSUzI1NiIsImtpZCI6Imh0dHBzOi8vY2EwMS5zb2xpdHVkZS5za3lyaW0vZWpiY2EvYWNtZS9hY2N0LzE5R2UtamNjQzlydDNtWFV4S1haN3ciLCJub25jZSI6IkFBQUJjbGg5SjNVQUFBQUFBQUFBRHdrX1AwLWN0VUlHY0VDSW5XUVNrOUFOSlY5a3NJUFJyQVpNNVc5dDdWMUNXVUw3Wkt0Q2NsT1lRSndwNTBXMUFRIiwidXJsIjoiaHR0cHM6Ly9jYTAxLnNvbGl0dWRlLnNreXJpbS9lamJjYS9hY21lL2FjY3QvMTlHZS1qY2NDOXJ0M21YVXhLWFo3dy9vcmRlcnMvUmsybzRLQ2QtQjNBN1ZHazhFWEx0Z2FZTUd4SXBaWnprUFdxU2U3dEx0WS9maW5hbGl6ZSJ9","payload":"eyJjc3IiOiJNSUlDdFRDQ0FaMENBUUF3SHpFZE1Cc0dBMVVFQXd3VWRtRXdNUzV6YjJ4cGRIVmtaUzV6YTNseWFXMHdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFDaVJvdUFld2lsUG9pMmxaMHgxSmV3TmdVSWxmVnNWSkRwa2dYWFlOSDBNWENsYTVKUkowbVlkaDNQVTIyYzNnODNhWEQ1bElhaWdiSktyRkhUQTJ6T0IyNktkeUtPN08wMHVUaFJNYnpXdTlHNTN5TkpEWThCZXRIY3VkT3ZWalltQXJxVnZKdVV4RmFaYkZaU0taWVNLTU8zb3lXS3VTQ3BrZEN4NDFQN3NvWUJUbmtiTDliNHdNM1RlY29vQzQ5Vy1VZm5kZE5vc1BDMXNuTUhfa0RNckZyYWpmd01tN2JJN2tOTDN3bHNuTzNtQld6LXQ4cVVtaDNnV1FldjNtZ0l5YlVHZUNFSGk2NEg3TG1SUmN0cFdRRjRvYlQ3R0x4ZnhjaWdYWVNGMGk4Y29qRUo2Nmx4TlpVUnBxNzFwX0tQaXU2Q0w1bHMydHlWUkR4V3Z0MVRBZ01CQUFHZ1VUQlBCZ2txaGtpRzl3MEJDUTR4UWpCQU1COEdBMVVkRVFRWU1CYUNGSFpoTURFdWMyOXNhWFIxWkdVdWMydDVjbWx0TUIwR0ExVWREZ1FXQkJUX3hhRmdzM1hzaUotanhvZlU1T1JjMVRieEhEQU5CZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFOMlh4Q3FvQ0s1SXBla25EUTliaDFwcmZrMlY2bnViREFBNDRNdWNyYVJ5Y20wY1M5MmZtc2htTkhjeG5WT0tOdEtLSjhEZkhRc1JYamR2NGNFeUpsYUx4TnFBemV3ZXQ0VElDM3dWMzlBMGdFam5mSEdzUmtZRnN5OC1nNkRPX3k5aDUxQWRfRC1uMVVwNmttV2Vkb2FjZGFHZXZfenRwTElFLXZyLXFmS2I1eWxya2owWWFTdF9wX2VzOFdYVmM3a1ZtX2IwWC1xbEllQkcyMGRVTkp2Y2V1eXlUOWc4eE1YT002WHJyRDNCU1ZoZlVENXpBR2ZUYlJUbzV2UEgtbTAxei1YbkF1VEpOVFJaTFM3SW95RTIzbE5rNGdvTGM2cU4xNXZNUEtSdXI4cGxsZFk2aWNtMDIxLURQNFpWSVBEcXBRRExiN3hpcmp1U2ZkaG1ZSXcifQ","signature":"LMKk9v_uaf_j1hRGrRQgPa0NpfuTmKOBLT1ZnVV08_qiKB961QcdjWh95J61ZrLyuYBx8ZTO6y8JiYao9pGUaAIkWdyldzQjrua0uXOjnc4OQ0O5Lmx8tsMQJNEmhbrl0sG-WjWxRh61wHMKf2ki-VO9Mx-d8-k-b2myaU-H1QjJ5pzRPzWKmgn99N4Kqmjb4ZIVbNnekEDRyyech37aAcAg0yLLxBMgyIdtYa1wLLUHRfxWSwqf-eeKKBpLZl21sqsaVRonwp9aUxl_nh-fi4aSGWZ-8Qz0mnA1jPVgVpqeVFjL14MhoYpINWPwW9WPziIAhvW9R_uAk-IJk6B0rQ"}
Base64 decoded request data:
protected: {"alg":"RS256","kid":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w","nonce":"AAABclh9J3UAAAAAAAAADwk_P0-ctUIGcECInWQSk9ANJV9ksIPRrAZM5W9t7V1CWUL7ZKtCclOYQJwp50W1AQ","url":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/orders/Rk2o4KCd-B3A7VGk8EXLtgaYMGxIpZZzkPWqSe7tLtY/finalize"}
payload: {"csr":"MIICtTCCAZ0CAQAwHzEdMBsGA1UEAwwUdmEwMS5zb2xpdHVkZS5za3lyaW0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCiRouAewilPoi2lZ0x1JewNgUIlfVsVJDpkgXXYNH0MXCla5JRJ0mYdh3PU22c3g83aXD5lIaigbJKrFHTA2zOB26KdyKO7O00uThRMbzWu9G53yNJDY8BetHcudOvVjYmArqVvJuUxFaZbFZSKZYSKMO3oyWKuSCpkdCx41P7soYBTnkbL9b4wM3TecooC49W-UfnddNosPC1snMH_kDMrFrajfwMm7bI7kNL3wlsnO3mBWz-t8qUmh3gWQev3mgIybUGeCEHi64H7LmRRctpWQF4obT7GLxfxcigXYSF0i8cojEJ66lxNZURpq71p_KPiu6CL5ls2tyVRDxWvt1TAgMBAAGgUTBPBgkqhkiG9w0BCQ4xQjBAMB8GA1UdEQQYMBaCFHZhMDEuc29saXR1ZGUuc2t5cmltMB0GA1UdDgQWBBT_xaFgs3XsiJ-jxofU5ORc1TbxHDANBgkqhkiG9w0BAQsFAAOCAQEAN2XxCqoCK5IpeknDQ9bh1prfk2V6nubDAA44MucraRycm0cS92fmshmNHcxnVOKNtKKJ8DfHQsRXjdv4cEyJlaLxNqAzewet4TIC3wV39A0gEjnfHGsRkYFsy8-g6DO_y9h51Ad_D-n1Up6kmWedoacdaGev_ztpLIE-vr-qfKb5ylrkj0YaSt_p_es8WXVc7kVm_b0X-qlIeBG20dUNJvceuyyT9g8xMXOM6XrrD3BSVhfUD5zAGfTbRTo5vPH-m01z-XnAuTJNTRZLS7IoyE23lNk4goLc6qN15vMPKRur8plldY6icm021-DP4ZVIPDqpQDLb7xirjuSfdhmYIw"}
Response status: 200
ContentType: application/json;charset=UTF-8
CharacterEncoding: UTF-8
(Not yet final) Response headers:
Replay-Nonce ->
Replay-Nonce: AAABclh9KyIAAAAAAAAAEQk_P0-ctUIGcECInWQSk9BmqoCNRCu9X1-AHzH02XnOlm7EXXJnS8oyQw2X4_gUeg
Link ->
Link: <https://ca01.solitude.skyrim/ejbca/acme/directory>; rel="index"
Content-Type ->
Content-Type: application/json;charset=UTF-8
Response data:
{
"status":"valid",
"expires":"2020-05-28T00:34:51Z",
"identifiers":[{
"type":"dns",
"value":"va01.solitude.skyrim"
}],
"notBefore":"2020-05-27T23:24:51Z",
"notAfter":"2020-08-25T23:24:51Z",
"authorizations":["https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/authz/bccfe3cf24474c79e368b6b204f3ad22904f469fe9e03481325ee6488bd9346a"],
"finalize":"https://ca01.solitude.skyrim/ejbca/acme/acct/19Ge-jccC9rt3mXUxKXZ7w/orders/Rk2o4KCd-B3A7VGk8EXLtgaYMGxIpZZzkPWqSe7tLtY/finalize",
"certificate":"https://ca01.solitude.skyrim/ejbca/acme/cert/9157c47d0c460d5de3ddf8cf359472d7eb349cdc"
}
Farah Juma
May 27, 2020, 9:14:27 PM5/27/20
to WildFly
Perfect, thanks! The PR I've submitted should fix this problem.
"contact":["mailto:sven.raj...@primekey.com"],
"contact":["mailto:sven.raj...@primekey.com"],
Farah Juma
Oct 20, 2020, 2:49:18 PM10/20/20
to WildFly
Just FYI, the fix for this issue has been included in WildFly 21.
Reply all
Reply to author
Forward
0 new messages