Authentication pkcs12 problem (first clean install)

[jpertuz-19]

Debian 12
Java 17
Ejbca 9.1.1 (git clone https://github.com/Keyfactor/ejbca-ce)
MariaDB
WildFly 32

I performed a fresh install to keep up to date with the new versions. After several attempts, I was able to install without any issues.

I just have one problem: It seems my pkcs12 superadmin.p12 certificate is unrelated to the Wildfly SSL certificates /opt/wildfly-32.0.0.Final/standalone/configuration/keystore/*

Error Firefox: Authorization Denied No client certificate was presented If you did not get prompted to select a client certificate, please check that you have the correct certificate.

Maybe I made a mistake in the procedure? But I've checked and don't see the error.

Or is there a way via CLI to recreate a pkcs12 so I can authenticate to the adminweb?

[primetomas]

If you followed the installation instructions there is only one CA set up in EJBCA and both the keystore.p12 and superadmin.p12 is issued from this CA. Did you issue these certificates from different CAs?

[primetomas]

Do you access to admin web on port 8443?

[primetomas]

And yes, you can do almost anything with the CLI.

[jpertuz-19]

Hi.

the same AC
yes, port 8443 admin (install ejbca with 2 port, 8443 and 8080)
tomorrow I'll calmly go back and perform the procedure again. This time I'll go with Wildfly 35.

[primetomas]

Try to use the three port separation. It's the one I use personally. Not saying that the two port one would not work, but I don't have a lot of experience with it.

[jpertuz-19]

Solved. The mistake was my carelessness. The P12 certificate was valid from 9 PM, and when I tested my PC and server time, it was 4 PM.
However, I repeat the procedure from scratch. Clean. But this time:

Debian 12, Mysql, Wildfly 35, Java 17 Ejbca 9.1.1 (git clone), and 3 Ports. All work FINE. (ajust time pc today HAHA).

However, I have some observations from the DOC that did not work for me:

1. with Wildfly 35 I must start the wildfly service manually: "/opt/wildfly/bin/standalone.sh &" the doc did not work for me with Wildfly35, however the doc with wildfly 32 and the startup level works when restarting the server.

2. After ant deploy-keystore, the certificate permissions must be corrected.
   chown wildfly:wildfly truststore.p12 and keystore.p12

[primetomas]

1. Do you mean you tried to configure starting wildfly as a service? The start wildfly as a service documentation has recently been updated. Did you use the latest version in docs for 9.2.3? https://docs.keyfactor.com/ejbca/latest/wildfly-35#id-(9.2.3)WildFly35-ConfigureWildFlyasaService. Starting it manually always work of course, that's what I do...
2. I added a note about this, if you run the ant command as another OS user than the one running wildfly.