nordic-institute / x-road-development Goto Github PK
View Code? Open in Web Editor NEWThis repository contains X-Road development model description, development practices and guidelines.
This repository contains X-Road development model description, development practices and guidelines.
Hello @petkivim,
I'm trying to configure the certification services and the timestamping services flowing 11. Managing the Approved Certification Services.
But I'm not sure how to flow this instruction, 2. Locate the certification service CA certificate file and click Next
on 11.1 Adding an Approved Certification Service.
Where the CA certificate file is located in?
Probably, I initialized a new test-CA server automatically with Ansible, according to instructions in ansible/README.md and Test-CA with TSA and OCSP
Best Regards,
Yamato
P/S: My OS: Ubuntu 16.04.5 LTS
Hi everybody,
Are there any way to install Security Server without internet?
Best regards,
Hai.
I get a generic error on https://jira.niis.org/secure/Signup.jspa after submission:
You can't sign up right now
An error occurred while trying to set up your user account. You could let the administrator know you can't sign up right now or try again later.
Hi,
Hi can you please confirm if I can install more than 2 security servers on the virtual X-Road instance. I have successfully install two, but failing to install the third one. I get the following error message:
[ok: demos1] fatal: [demo-ss3]: FAILED! => {"changed": false, "msg": "No package matching 'xroad-securityserver' is available"}
ok: [demo-ss2]
Hi there!
On develop branch (7.0.0), the Auth and Sign CSR generated from Security Server have a different structure that CSR generated from for example Security Server version 6.24.1.
As you can see bleow, in develop version, field SN isn't present and the order of the other fields is not the same.
In the next scenario, xroadcentral is the Central Server based on develop version 7.0:
Can this be an issue regarding just to the develop enviroment or can be related to a misconfiguration during SS install?
Auth CSR from X-Road 6.24.1
Certificate Request:
Data:
Version: 0 (0x0)
Subject: SN=1234567, CN=Some Common Name
Auth CSR from X-Road develop
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=AR, O=xroadcentral, CN=xroadcentral/GOB/GOB0000002/SECURITYSERVER_HOSTNAME
Sign CSR from X-Road 6.24.1
Certificate Request:
Data:
Version: 0 (0x0)
Subject: SN=1234567, CN=Some Common Name
Sign CSR from X-Road develop
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=AR, O=xroadcentral, OU=GOB, CN=GOB0000002/serialNumber=xroadcentral/GOB/GOB0000002/SECURITYSERVER_HOSTNAME
Regards,
Hi,
We rebuilt the latest source code version to add support for C=AR.
Central Server was succefully installed and is runnig right, but on the Security Server installation we get "xroad-proxy-ui-api breaks xroad-jetty9".
I attached our install script, can you take a look and give a feedback?
Hello,
I installed Security Server, successfully import test signing certificate from SK ID Solutions (SK). However, I could not use the signed certificates that were sent from the Security Server to SK ID Solutions (SK) for signing, for import to SS. When I try to import certificate, I get an error
2020-01-14T14: 54: 42 + 03: 00 s2e24db13 INFO [X-Road Proxy User Interface] 2020-01-14 14: 54: 42 + 0300 - {"event": "Error importing certificate from file", "user": "ss", "reason": "Certificate is not valid", "data": {"certFileName": "cert.crt", "certHash": "7D: A2: 78: 4E: F9: 5B: BA : 3B: 3C: 86: F8: B4: A1: A3: 50: A1: 09: 10: D0: B1 "," certHashAlgorithm ":" SHA-1 "," keyUsage ":" AUTHENTICATION "}}
SK support confirmed that the certificate is valid.
In what situations can this error occur?
Hello @petkivim,
I'm trying to create X-Road data service and client based on WSDL (on Java platform) for the test of security servers on Training materials for developers of X-Road interfaces: https://moodle.ria.ee/mod/page/view.php?id=571.
But the generated service hasn't been activated and it didn't respond on the address:
http://localhost:8080/person_register/services
I checked:
the source code has been generated on the src folder;
a new Java package has been created: ee.x_road.persons_register (the name depends on WSDL);
the data service endpoint and the WSDL.
This is displayed:
Best Regards,
Yamato
P/S: My OS: Ubuntu 16.04.5 LTS
Software: Java (JDK 8), Apache Tomcat 8.0, Apache CXF (ver 2.7.18), Eclipse Neon (Eclipse IDE for Java EE Developers) and SoapUI.
Hi,
We rebuilt the latest source code verson to add support for C=AR.
Central Server wass succefull installed and is runnig right, but in the Security Server installation we get "xroad-proxy-ui-api breaks xroad-jetty9".
I attached our install script, can you take a look and give a feedback?
Dear XRoad,
May I ask you how to install the XRoad and using the Ejbca Server (CA, OCSP) and SignServer (TSA)?
Could you share me any resources about it?
Best Regards,
Dara Penhchet
Dear NIIS,
We have set up a local Ubuntu repository and have mirrored NIIS repository to install 6.19.0 in one of the Ubuntu 14.0. We are facing issue with 6 deb files with the error "Hash Sum mismatch". While mirroring/downloading the debs from NIIS repo the connection got terminated intermittently. After many tries, we copied the debs to our local repository, but we are getting the above hash error while installing the security server.
Below is the screen shot of the error
Thank you,
Saro
This is my first time using X-ROAD so this may be a just config error
I'm trying to set up an X-ROAD security server to form part of a larger network which I don't manage. I gone through the installation steps that appear in the installation guide, registered a REST endpoint and gave permissions to access it to a registered client. The set up is thus:
When I try to query this test API internally and through the VPN I get the responses from the private server. Problem starts when I try to query through X-ROAD which just returns connection refused.
I've already troubleshooted the firewall in both the security and private servers
(Output of sudo ufw status verbose
)
Security server:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip
To Action From
-- ------ ----
22 ALLOW IN Anywhere
2222 ALLOW IN Anywhere
4000 ALLOW IN Anywhere
5577 ALLOW IN Anywhere
4001 ALLOW IN Anywhere
5500 ALLOW IN Anywhere
8000 ALLOW IN Anywhere
51825/udp ALLOW IN Anywhere
Anywhere on wg0 ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
80/udp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
22 (v6) ALLOW IN Anywhere (v6)
2222 (v6) ALLOW IN Anywhere (v6)
4000 (v6) ALLOW IN Anywhere (v6)
5577 (v6) ALLOW IN Anywhere (v6)
4001 (v6) ALLOW IN Anywhere (v6)
5500 (v6) ALLOW IN Anywhere (v6)
8000 (v6) ALLOW IN Anywhere (v6)
51825/udp (v6) ALLOW IN Anywhere (v6)
Anywhere (v6) on wg0 ALLOW IN Anywhere (v6)
Anywhere (v6) on eno1 ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
80/udp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
Private Server:
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
To Action From
-- ------ ----
22/tcp ALLOW IN Anywhere
3000/tcp ALLOW IN Anywhere
3306 ALLOW IN 172.16.11.82
3306 ALLOW IN Anywhere
3000 ALLOW IN Anywhere
80 ALLOW IN Anywhere
3306 ALLOW IN 0.0.0.0
22/tcp ALLOW IN 170.210.83.114
51821/udp ALLOW IN Anywhere
Anywhere on wg0 ALLOW IN Anywhere
51822/udp ALLOW IN Anywhere
60000/tcp ALLOW IN Anywhere
60000/udp ALLOW IN Anywhere
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
22/tcp (v6) ALLOW IN Anywhere (v6)
3000/tcp (v6) ALLOW IN Anywhere (v6)
3306 (v6) ALLOW IN Anywhere (v6)
3000 (v6) ALLOW IN Anywhere (v6)
80 (v6) ALLOW IN Anywhere (v6)
51821/udp (v6) ALLOW IN Anywhere (v6)
Anywhere (v6) on wg0 ALLOW IN Anywhere (v6)
51822/udp (v6) ALLOW IN Anywhere (v6)
60000/tcp (v6) ALLOW IN Anywhere (v6)
60000/udp (v6) ALLOW IN Anywhere (v6)
80/tcp (v6) ALLOW IN Anywhere (v6)
443/tcp (v6) ALLOW IN Anywhere (v6)
(Output of sudo netstat -nlpt
)
Security Server:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 7554/cupsd
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 593/systemd-resolve
tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN 826/postgres
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 773/sshd: /usr/sbin
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 21498/sshd: dptsvr@
tcp 0 0 0.0.0.0:7070 0.0.0.0:* LISTEN 745/anydesk
tcp6 0 0 127.0.0.1:2552 :::* LISTEN 1124/java
tcp6 0 0 :::5500 :::* LISTEN 1127/java
tcp6 0 0 127.0.0.1:443 :::* LISTEN 1127/java
tcp6 0 0 127.0.0.1:45455 :::* LISTEN 1125/java
tcp6 0 0 :::5577 :::* LISTEN 1127/java
tcp6 0 0 127.0.0.1:80 :::* LISTEN 1127/java
tcp6 0 0 127.0.0.1:2081 :::* LISTEN 1125/java
tcp6 0 0 127.0.0.1:2080 :::* LISTEN 1125/java
tcp6 0 0 127.0.0.1:39713 :::* LISTEN 1126/java
tcp6 0 0 :::4000 :::* LISTEN 1126/java
tcp6 0 0 ::1:6010 :::* LISTEN 21498/sshd: dptsvr@
tcp6 0 0 127.0.0.1:5567 :::* LISTEN 1127/java
tcp6 0 0 127.0.0.1:5566 :::* LISTEN 1127/java
tcp6 0 0 127.0.0.1:5559 :::* LISTEN 1128/java
tcp6 0 0 127.0.0.1:5558 :::* LISTEN 1128/java
tcp6 0 0 :::22 :::* LISTEN 773/sshd: /usr/sbin
tcp6 0 0 ::1:631 :::* LISTEN 7554/cupsd
tcp6 0 0 127.0.0.1:5675 :::* LISTEN 1123/java
Private Server:
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:7071 0.0.0.0:* LISTEN 867/anydesk
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN 1673/docker-proxy
tcp 0 0 0.0.0.0:60000 0.0.0.0:* LISTEN 18762/target/debug/
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 12407/cupsd
tcp 0 0 127.0.0.1:6010 0.0.0.0:* LISTEN 17544/sshd: eureadm
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 699/systemd-resolve
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1120/mysqld
tcp 0 0 0.0.0.0:33060 0.0.0.0:* LISTEN 1120/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 903/sshd: /usr/sbin
tcp6 0 0 :::3000 :::* LISTEN 1682/docker-proxy
tcp6 0 0 ::1:6010 :::* LISTEN 17544/sshd: eureadm
tcp6 0 0 ::1:631 :::* LISTEN 12407/cupsd
tcp6 0 0 :::22 :::* LISTEN 903/sshd: /usr/sbin
tcp6 0 0 :::80 :::* LISTEN 962/apache2
When using the iptables log on port 443 for example I get a log entry for the connection but the firewall doesn't register it and the xroad/proxy.log file doesn't update either.
How can I troubleshoot this?
I am newbie in xroad. Getting following error while trying to install xroad security server in Ubuntu14.04LTS system. Please scroll down to see the error and help me to resolve this issue. Thanks.
$ apt-get install xroad-securityserver
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
authbind crudini libnginx-mod-http-echo libopts25 nginx-common nginx-light
ntp postgresql python-iniparse rlwrap xroad-addon-messagelog
xroad-addon-metaservices xroad-addon-opmonitoring xroad-addon-proxymonitor
xroad-addon-wsdlvalidator xroad-common xroad-jetty9 xroad-monitor
xroad-opmonitor xroad-proxy
Suggested packages:
fcgiwrap nginx-doc ntp-doc
The following NEW packages will be installed:
authbind crudini libnginx-mod-http-echo libopts25 nginx-common nginx-light
ntp postgresql python-iniparse rlwrap xroad-addon-messagelog
xroad-addon-metaservices xroad-addon-opmonitoring xroad-addon-proxymonitor
xroad-addon-wsdlvalidator xroad-common xroad-jetty9 xroad-monitor
xroad-opmonitor xroad-proxy xroad-securityserver
0 upgraded, 21 newly installed, 0 to remove and 403 not upgraded.
Need to get 0 B/317 MB of archives.
After this operation, 347 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
WARNING: The following packages cannot be authenticated!
ntp postgresql nginx-common libnginx-mod-http-echo nginx-light xroad-common
xroad-opmonitor xroad-jetty9 xroad-proxy xroad-addon-messagelog
xroad-addon-metaservices xroad-addon-opmonitoring xroad-monitor
xroad-addon-proxymonitor xroad-addon-wsdlvalidator xroad-securityserver
Install these packages without verification? [y/N] y
Preconfiguring packages ...
Selecting previously unselected package libopts25:amd64.
(Reading database ... 175065 files and directories currently installed.)
Preparing to unpack .../libopts25_1%3a5.18-2ubuntu2_amd64.deb ...
Unpacking libopts25:amd64 (1:5.18-2ubuntu2) ...
Selecting previously unselected package ntp.
Preparing to unpack .../ntp_1%3a4.2.6.p5+dfsg-3ubuntu2.14.04.13_amd64.deb ...
Unpacking ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.13) ...
Selecting previously unselected package postgresql.
Preparing to unpack .../postgresql_9.3+154ubuntu1.1_all.deb ...
Unpacking postgresql (9.3+154ubuntu1.1) ...
Selecting previously unselected package rlwrap.
Preparing to unpack .../rlwrap_0.37-5_amd64.deb ...
Unpacking rlwrap (0.37-5) ...
Selecting previously unselected package nginx-common.
Preparing to unpack .../nginx-common_1.12.2-0+trusty0_all.deb ...
Unpacking nginx-common (1.12.2-0+trusty0) ...
Selecting previously unselected package libnginx-mod-http-echo.
Preparing to unpack .../libnginx-mod-http-echo_1.12.2-0+trusty0_amd64.deb ...
Unpacking libnginx-mod-http-echo (1.12.2-0+trusty0) ...
Selecting previously unselected package nginx-light.
Preparing to unpack .../nginx-light_1.12.2-0+trusty0_amd64.deb ...
Unpacking nginx-light (1.12.2-0+trusty0) ...
Selecting previously unselected package python-iniparse.
Preparing to unpack .../python-iniparse_0.4-2.1build1_all.deb ...
Unpacking python-iniparse (0.4-2.1build1) ...
Selecting previously unselected package crudini.
Preparing to unpack .../crudini_0.3-1_amd64.deb ...
Unpacking crudini (0.3-1) ...
Selecting previously unselected package xroad-common.
Preparing to unpack .../xroad-common_6.16.0-0.20171128173309git05cf71f_amd64.deb ...
system locale set to UTF-8 compatible.
Unpacking xroad-common (6.16.0-0.20171128173309git05cf71f) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Processing triggers for ureadahead (0.100.0-16) ...
ureadahead will be reprofiled on next reboot
Processing triggers for ufw (0.34~rc-0ubuntu2) ...
Processing triggers for doc-base (0.10.5) ...
Processing 1 added doc-base file...
Setting up postgresql (9.3+154ubuntu1.1) ...
Selecting previously unselected package xroad-opmonitor.
(Reading database ... 175295 files and directories currently installed.)
Preparing to unpack .../xroad-opmonitor_6.16.0-0.20171128173309git05cf71f_all.deb ...
Unpacking xroad-opmonitor (6.16.0-0.20171128173309git05cf71f) ...
Selecting previously unselected package xroad-jetty9.
Preparing to unpack .../xroad-jetty9_6.16.0-0.20171128173309git05cf71f_all.deb ...
Unpacking xroad-jetty9 (6.16.0-0.20171128173309git05cf71f) ...
Selecting previously unselected package authbind.
Preparing to unpack .../authbind_2.1.1_amd64.deb ...
Unpacking authbind (2.1.1) ...
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for man-db (2.6.7.1-1ubuntu1) ...
Setting up rlwrap (0.37-5) ...
update-alternatives: using /usr/bin/rlwrap to provide /usr/bin/readline-editor (readline-editor) in auto mode
Setting up nginx-common (1.12.2-0+trusty0) ...
Setting up libopts25:amd64 (1:5.18-2ubuntu2) ...
Setting up ntp (1:4.2.6.p5+dfsg-3ubuntu2.14.04.13) ...
xroad' is already a member of
shadow'.xroadx' is already a member of
xroad-security-officer'.xroadx' is already a member of
xroad-registration-officer'.xroadx' is already a member of
xroad-service-administrator'.xroadx' is already a member of
xroad-system-administrator'.xroadx' is already a member of
xroad-securityserver-observer'.dpkg: error processing package xroad-addon-messagelog (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xroad-addon-metaservices:
xroad-addon-metaservices depends on xroad-proxy (>= 6.16.0); however:
Package xroad-proxy is not configured yet.
dpkg: error processing package xroad-addon-metaservices (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xroad-addon-opmonitoring:
xroad-addon-opmonitoring depends on xroad-proxy (>= 6.16.0); however:
Package xroad-proxy is not configured yet.
dpkg: error processing package xroad-addon-opmonitoring (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xroad-addon-proxymonitor:
xroad-addon-proxymonitor depends on xroad-proxy (>= 6.16.0); however:
PackageNo apport report written because the error message indicates its a followup error from a previous failure.
No apport report written because the error message indicates its a followup error from a previous failure.
No apport report written because MaxReports is reached already
No apport report written because MaxReports is reached already
No apport report written because MaxReports is reached already
No apport report written because MaxReports is reached already
xroad-proxy is not configured yet.
dpkg: error processing package xroad-addon-proxymonitor (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xroad-addon-wsdlvalidator:
xroad-addon-wsdlvalidator depends on xroad-proxy (>= 6.16.0); however:
Package xroad-proxy is not configured yet.
dpkg: error processing package xroad-addon-wsdlvalidator (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of xroad-securityserver:
xroad-securityserver depends on xroad-proxy (>= 6.16.0); however:
Package xroad-proxy is not configured yet.
xroad-securityserver depends on xroad-addon-metaservices (>= 6.16.0); however:
Package xroad-addon-metaservices is not configured yet.
xroad-securityserver depends on xroad-addon-messagelog (>= 6.16.0); however:
Package xroad-addon-messagelog is not configured yet.
xroad-securityserver depends on xroad-addon-proxymonitor (>= 6.16.0); however:
Package xroad-addon-proxymonitor is not configured yet.
xroad-securityserver depends on xroad-addon-wsdlvalidator (>= 6.16.0); however:
Package xroad-addon-wsdlvalidator is not configured yet.
xroad-securityserver depends on xroad-addon-opmonitoring (>= 6.16.0); however:
Package xroad-addon-opmonitoring is not configured yet.
dpkg: error processing package xroad-securityserver (--configure):
dependency problems - leaving unconfigured
Processing triggers for ureadahead (0.100.0-16) ...
Processing triggers for xroad-common (6.16.0-0.20171128173309git05cf71f) ...
Errors were encountered while processing:
xroad-proxy
xroad-addon-messagelog
xroad-addon-metaservices
xroad-addon-opmonitoring
xroad-addon-proxymonitor
xroad-addon-wsdlvalidator
xroad-securityserver
E: Sub-process /usr/bin/dpkg returned an error code (1)
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.