I am trying to run the ciphertool.bat script to encrypt strings in my WSO2 server. I am running the script with the -Dconfigure flag and receiving a InvalidPathException
I have not edited the ciphertool.bat script, the cipher-text.properties or the ciper-tool.properties files.
I am running version 5.7.0 of WSO2 Identity Server on a Windows machine.
Command I am running and the console output
C:\Program Files\WSO2\Identity Server\5.7.0\bin>ciphertool.bat -Dconfigure
BUILD SUCCESSFUL
Total time: 7 seconds
Using CARBON_HOME: C:\Program Files\WSO2\Identity Server\5.7.0
Using JAVA_HOME: C:\Program Files\Java\jdk1.8.0_181
Exception in thread "main" java.nio.file.InvalidPathException: Illegal char
<:> at index 45: C:\Program Files\WSO2\Identity Server\5.7.0\C:\Program
Files\WSO2\Identity Server\5.7.0\/repository/resources/security/wso2carbon.jks
at sun.nio.fs.WindowsPathParser.normalize(WindowsPathParser.java:182)
at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:153)
at sun.nio.fs.WindowsPathParser.parse(WindowsPathParser.java:77)
at sun.nio.fs.WindowsPath.parse(WindowsPath.java:94)
at sun.nio.fs.WindowsFileSystem.getPath(WindowsFileSystem.java:255)
at java.nio.file.Paths.get(Paths.java:84)
at org.wso2.ciphertool.utils.Utils.getConfigFilePath(Utils.java:98)
at org.wso2.ciphertool.utils.Utils.setSystemProperties(Utils.java:289)
at org.wso2.ciphertool.CipherTool.initialize(CipherTool.java:93)
at org.wso2.ciphertool.CipherTool.main(CipherTool.java:52)
I expect that script would run without errors, especially if I haven't edited anything, but it's throwing this exception. Any thoughts?
This issue has been identified and a PR has been sent here. Unfortunately, it's not merged yet.
As a quick fix, you can follow the steps below.
clone the repo
checkout to the branch "v1.0.0-wso2v8"
locally make the suggested fix in the PR
build the JAR
overwrite the <IS_HOME>/lib/org.wso2.ciphertool-1.0.0-wso2v8.jar with new JAR
try the ciphertool command
You can give the location of the keystore file as below in <PRODUCT_HOME>/repository/conf/carbon.xml file
<Location>${carbon.home}\repository\resources\security\wso2carbon.jks</Location>
(Please note the backslashes)
<KeyStore>
<!-- Keystore file location-->
<Location>${carbon.home}\repository\resources\security\wso2carbon.jks</Location>
<!-- Keystore type (JKS/PKCS12 etc.)-->
<Type>JKS</Type>
<!-- Keystore password-->
<Password svns:secretAlias="Carbon.Security.KeyStore.Password">password</Password>
<!-- Private Key alias-->
<KeyAlias>wso2carbon</KeyAlias>
<!-- Private Key password-->
<KeyPassword svns:secretAlias="Carbon.Security.KeyStore.KeyPassword">password</KeyPassword>
</KeyStore>
Related
I am using WSO2 Integration Studio 8.1.0 on Windows 10 and I have Ant installed (Apache Ant 1.10.12) and added the ANT bin directory (ANT_HOME) to the path system variable.
In my deployment.toml file which is located in Integration_Studio_Home\runtime\microesb\conf.
I added the following under the secrets header
[secrets]
admin_password = "adminUserPassword"
Then opened cmd and navigated to Integration_Studio_Home\runtime\microesb\bin.
Then executed ciphertool.bat -Dconfigure
Result :
.\wso2\lib\Saxon-HE-9.5.1-8.jar
Using CARBON_HOME: C:\WSO2\INTEGR~1\runtime\microesb\bin\..
Using JAVA_HOME: C:\Program Files\Java\jdk-11.0.12
Encrypting using Internal KeyStore.
{type: JKS, alias: wso2carbon, path: repository/resources/security/wso2carbon.jks}
[Please Enter Internal KeyStore Password of Carbon Server : ]
Internal KeyStore of Carbon Server is initialized Successfully
Secret Configurations are written to the property file successfully
But when I open deployment.toml I find that the password under the secrets section is not encrypted!
You need to define the secret value between square brackets []. In your case, it should be as follows,
[secrets]
admin_password = "[adminUserPassword]"
Furthermore, if you are using the embedded MI runtime, you can use the Integration Studio itself to encrypt the secrets. Have a look at Encrypt static (embedded) server secrets
For more info check,
Defining secrets - https://apim.docs.wso2.com/en/latest/install-and-setup/setup/mi-setup/security/encrypting_plain_text/#static-secrets
I've installed Wso2 Api Manager a few days ago follow this intructions:
1. I've downloaded https://wso2.com/api-management/install.
2. I've installed using the wizard in C:\Program Files\WSO2\API Manager directory.
3. I've initialize Api Manger console, then created some apis from https://localhost:9443/publisher .
Now, I want to see some statistics (https://192.168.138.117:9443/publisher/site/pages/all-statistics.jag?page=api-usage-user&stat=all-stat). I've read that API Analytics has to be configured, so I carried out the following steps (https://docs.wso2.com/display/AM260/Configuring+APIM+Analytics#ConfiguringAPIMAnalytics-Step1-DownloadandinstallWSO2API-M).
I download it (https://wso2.com/api-management/install/analytics).
Unzip file in C:\WSO2\wso2am-analytics-2.6.0.
I've created and Environment Variables called JAVA_HOME. In value field, I typed the installation path of the Java Development Kit, C:\Program Files\Java\jdk1.8.0_191.
I edited the tag true in the file "C:\Program Files\WSO2\API Manager\2.6.0\repository\conf\api-manager.xml".
I exec this command in cmd windows: "C:\WSO2\wso2am-analytics-2.6.0>worker.bat -run". It excecuted some process and aparentely everything was ok.
Finally, I run another windows console and exec: "C:\Program Files\WSO2\API Manager\2.6.0\bin>wso2server.bat -run".
Now, when I try to log in https://localhost:9443/publisher, /store o /carbon, I'm getting this error:
Problem accessing: /. Reason: Not Found
If I only lunch the Api Manager, it works perfectly but I can't get the statistics.
Did you follow Quick setup?
To access Analytics you need to carry out Standard Setup which includes:
Creating Analytics DB with the "am_usage_uploaded_files" table in addition
Configuring /conf/dashboard/deployment.yaml --> APIM_ANALYTICS_DB
Configuring /conf/worker/deployment.yaml --> APIM_ANALYTICS_DB
Configure /conf/worker/deployment.yaml --> WSO2AM_MGW_ANALYTICS_DB
And then starting the worker which creates the rest tables for analytics.
When setting in the sample app: Travelocity.properties
#Specify if SAM LAssertion element is encrypted
SAML.EnableAssertionEncryption=true
And also tick the Identity server configuration option:
Enable Assertion Encryption [ticked]
Certificate Alias: wso2carbon
I receive the following error at the server log:
Error at Log: 2015-05-05 15:56:10,282 Error encrypting XMLObject
Without the encryption feature enabled, the SAML authentication flow with the Travelocity sample code starts working.
Hints are welcome how to fix this issue.
Regards,
Claude
It seems like you are working on the installed java runtime for the first time. I am using ubuntu 14. The same problem came to me. For me it worked in the following way.
1. Download the respective files according to your runtime from here.
http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html
http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html
http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html
2. Extract the folder you downloaded. There will be two .jar files.
3. For ubuntu you can run echo $JAVA_HOME to find the java home. Copy above jar files into {JAVA_HOME}/jre/lib/security. You may need sudo access depending on you JAVA_HOME location. If so run the following from the location you extracted the zip file.
cp local_policy.jar /{JAVA_HOME}/jre/lib/security
cp US_export_policy.jar /{JAVA_HOME}/jre/lib/security
There should be only one slash (/) at /{JAVA_HOME}.
4. Restart wso2 identity server again and retry the procedure to login to travelocity.com
Hope this will fix your issue.
I got a problem when I try to deploy the WSO2 EMM server.
In the doc https://docs.wso2.org/display/EMM101/iOS+Server+Configurations, step 7.b, when I try to execute this command:
keytool -importkeystore -srckeystore ca.p12 -srcstoretype PKCS12 -destkeystore wso2mobilemdm.jks
I got this error message:
"keytool error: java.io.IOException: Invalid keystore format"
looks like the wso2mobilemdm.jks is corrupt? I copy the wso2mobilemdm.jks from the binary package
"wso2mobileserver-1.0.1\repository\resources\security\wso2mobilemdm.jks"
Anything wrong?
This problem happened with me also. Reason in my case was "Keystore" was created using different jdk i.e. oracle jdk, And I was trying to open it with keytool command available in IBM's jdk. Once I tried with oracle jdk it worked.
That is because you are entering a wrong password. Just delete that file and execute this command again. It will create a new wso2mobilemdm.jks. Enter your passwords there. Also import the ra.p12 to the same keystore file you just created. There is no harm doing this since wso2mobilemdm.jks only will contain ca and ra entries.
For my ColdFusion 8 server, I can see the cacerts file in the
following path: C:\ColdFusion8\runtime\jre\bin
However, the cacert file is not present on my ColdFusion 9 server at the same location.
I am trying to install a cert into the ColdFusion truststore by following the
following steps:
1) Run the command prompt as administrator on the ColdFusion server
2) Make a backup of the original cacerts file in case you run into issues
3) Change the directory to your truststore’s location (where cacerts file is located).
In our case: C:\ColdFusion8\runtime\jre\bin
4) Type this command (use current JVM and use current JVM’s keytool):
C:\ColdFusion8\runtime\jre\bin>keytool -import -v -alias exported -file C:\ColdF
usion8\runtime\jre\lib\security\exported.cer -keystore cacerts -storepass changeit
5) Type yes at the prompt to “Trust this certificate?”
6) Restart the ColdFusion service It will not read the updated cacerts file until you do this.
Is there something new for ColdFusion 9? I have successfully installed the certificate for ColdFusion 8 following the above steps? Please advise
The default truststore is the JRE's cacerts file. This file is typically located in the following places:
Server Configuration:
cf_root/runtime/jre/lib/security/cacerts
Multiserver/J2EE on JRun 4 Configuration:
jrun_root/jre/lib/security/cacerts
Sun JDK installation:
jdk_root/jre/lib/security/cacerts
You can verify the JRE that ColdFusion is using from the administrator under the 'System Information' page. Look for the Java Home line.