https://sourceforge.net/p/ejbca/discussion/Recent posts to DiscussionenTue, 14 Apr 2026 08:01:20 -0000https://sourceforge.net/p/ejbca/discussion/123123/thread/8b1bef47a0/?limit=50#6cc0<div class="markdown_content"><p>Discussions moved here. <a href="https://github.com/Keyfactor/ejbca-ce/discussions" rel="nofollow">https://github.com/Keyfactor/ejbca-ce/discussions</a></p></div>Tomas GustavssonTue, 14 Apr 2026 08:01:20 -0000https://sourceforge.netd9833dae482c0bb9c1895cdde61a8a1287a382b7https://sourceforge.net/p/ejbca/discussion/123123/thread/8b1bef47a0/?limit=25#ad77<div class="markdown_content"><p>Hello, I am attempting to restore EJBCA CE 7.11.0 on an EC2 instance running Ubuntu. I am using WildFly version 25.0.0. The issue I am encountering is that, once I have completed the entire setup process, I am able to access the web interface via port 8442; however, when attempting to access it via port 8443, the browser (Chrome on Windows 10) prompts me to select a certificate. When I select the correct certificate, the authentication appears to fail, and the system switches to an alternative authentication method, asking me to enter a username and password instead. An important detail: if I provide an incorrect certificate, the connection is denied—as expected—so the problem specifically lies with the correct certificate. I suspect this issue may be related to the WildFly version, as I followed the exact same steps I previously used with version 24.0.1, and it worked correctly back then. Here are other troubleshooting steps I have tried, all of which resulted in the same behavior:</p> <ol> <li>I generated a new <code>superAdmin.p12</code> file.</li> <li>I reviewed the logs and did not find anything unusual.</li> <li>I updated my web browser.</li> </ol></div>Erlis PaulaMon, 13 Apr 2026 20:13:49 -0000https://sourceforge.netbca75d5835e16b641d1930457961c0ba7b0430d9https://sourceforge.net/p/ejbca/discussion/123123/thread/0fcf0bc34b/?limit=50#35a0<div class="markdown_content"><p>We're using the discussion forum at GitHub now. <a href="https://github.com/Keyfactor/ejbca-ce/" rel="nofollow">https://github.com/Keyfactor/ejbca-ce/</a></p></div>Tomas GustavssonTue, 18 Nov 2025 08:09:55 -0000https://sourceforge.net1cccd19c2a3a1e77e97ad3a00027c34abc6b1e1ehttps://sourceforge.net/p/ejbca/discussion/123123/thread/0fcf0bc34b/?limit=25#f8b3<div class="markdown_content"><p>I have EJBCA 8.3.2 Community installed. I can create certificates using the REST API: v1/certificate/pkcs10enroll, and it works without problems. However, when I try to revoke a certificate with: /v1/certificate/{issuer_dn}/{certificate_serial_number}/revoke, as specified here: <a href="https://docs.keyfactor.com/ejbca/latest/open-api-specification" rel="nofollow">https://docs.keyfactor.com/ejbca/latest/open-api-specification</a>, the revocation doesn't work, and the EJBCA logs don't show any errors. But when I make the request, it generates a 400 error. What else do I need to do to make the revocation work? Any help would be appreciated.</p></div>Ruben CortesMon, 17 Nov 2025 19:19:05 -0000https://sourceforge.netbc6b67b5829cc8b616485c8a2aeb3a4f4a994bc0https://sourceforge.net/p/ejbca/discussion/123122/thread/17e8f4a129/?limit=50#4bd4<div class="markdown_content"><p>The question on GitHub was the correct place to ask questions </p></div>Tomas GustavssonTue, 08 Jul 2025 15:57:49 -0000https://sourceforge.netb23c40512cb1329ea5c3483eb653a60cdcaf5e34https://sourceforge.net/p/ejbca/discussion/123123/thread/7033e7b585/?limit=25#e637<div class="markdown_content"><p>I have the same problem. How did u fix it? </p></div>Muhamed KThu, 03 Jul 2025 12:49:40 -0000https://sourceforge.net23830354e3c9dafaf58a684f579519a643fd429ehttps://sourceforge.net/p/ejbca/discussion/123123/thread/0623fc22ec/?limit=25#db8a<div class="markdown_content"><p>Hi<br/> This may no longer be required, but I thought I would post it here in case there is someone that can use this and save many hours of frustration.<br/> If you use 3 port separation, port 8442 is for public web and 8443 is for private web. Yes I know this may be obvious, but....<br/> In setting up EJBCA-CE I assumed that all commands need to b e run as root. This is not the case. I, after trying the docs as is, decided to install EJBCA-CE as follows:<br/> I created a system user called wildfly on linux with a homedir as /opt/pki<br/> Assigned sudo privs to the user and then sudoed to that user and performed the installation. Apart from one or 2 commands that require sudo privs most commands do not and the installation in general runs all the way through with no issues.</p> <p>Have a great day<br/> Kobus</p></div>Kobus BenschWed, 25 Jun 2025 16:24:01 -0000https://sourceforge.netc4d1d5e74cf61c668e3337641eb7edc20bff5e0ahttps://sourceforge.net/p/ejbca/discussion/132019/thread/091d8eb9a6/?limit=50#bdf0<div class="markdown_content"><p>Hi Omar,</p> <p>That sounds like a question you should ask in the forum. For the benefit of the whole Community.<br/> Unless you are a support customer, and have access to the Enterprise support system of course.</p> <p>Cheers,<br/> Tomas</p></div>Tomas GustavssonMon, 07 Apr 2025 08:29:52 -0000https://sourceforge.netdf7aea53bdb13f4bab4a6946e2b24d6974cf102ahttps://sourceforge.net/p/ejbca/discussion/132019/thread/091d8eb9a6/?limit=25#688a/79c5<div class="markdown_content"><p>Hi Tomas,</p> <p>Thank you for your response.</p> <p>i found the same bug on Github :</p> <p><a href="https://github.com/Keyfactor/ejbca-ce/issues/821" rel="nofollow">https://github.com/Keyfactor/ejbca-ce/issues/821</a></p> <p>we’d like to confirm if any of the following approaches are valid or recommended. Your input would be greatly appreciated:</p> <p><strong>Option 1 – Exclude Log4j API using Kubernetes ConfigMap</strong><br/> We’re deploying EJBCA in a Kubernetes environment. One idea is to mount a volume with a custom META-INF/jboss-deployment-structure.xml file that includes:</p> <p>xml<br/> Copier<br/> Modifier<br/> &lt;exclusions&gt;<br/> &lt;module name="org.apache.logging.log4j.api"&gt;<br/> &lt;/module&gt;&lt;/exclusions&gt;<br/> This allows us to exclude the Log4j 2 API temporarily to bypass the conflict. After the upgrade, we could remove the exclusion to restore full logging functionality.<br/> Would this approach be safe, or could it cause instability or log loss during the upgrade process?</p> <p><strong>Option 2 – Upgrade in Two Steps (via 8.3.2)</strong><br/> Would it be possible to first upgrade to an intermediate version like EJBCA 8.3.2, and then proceed to 9.0.0?<br/> If so, does this path avoid the Log4j issue, and is it a supported upgrade method?</p> <p><strong>Option 3 – Wait for a Future Release</strong><br/> We noticed that EJBCA Community 9.1.1 has been released recently.<br/> Do you know if this version addresses the Log4j conflict? If not, will an upcoming release (e.g., 9.2 or 9.3) include a permanent fix?</p> <p>Thanks again for your time and help. Looking forward to your feedback so we can move forward safely with the upgrade.</p> <p>Best regards,<br/> Omar Salek</p></div>omar salekSat, 05 Apr 2025 11:31:04 -0000https://sourceforge.net93b409642365c3d194e0eb3c8194ec84a500b460https://sourceforge.net/p/ejbca/discussion/132019/thread/091d8eb9a6/?limit=50#688a<div class="markdown_content"><p>You can find information about this at GitHub there the forum is now located. You can find a link to GitHub Discussions on the web page. <a href="https://www.ejbca.org/engage/" rel="nofollow">https://www.ejbca.org/engage/</a></p></div>Tomas GustavssonFri, 04 Apr 2025 18:39:23 -0000https://sourceforge.netfcdef2ddcb83f18a0d591c2b29499067782d2f1d