Skip to main content
Skip table of contents

Command Line Interface

The following provides information for troubleshooting CLI issues. To view general troubleshooting tips and search for troubleshooting topics, see EJBCA Troubleshooting.

Problem: Cannot Access the EJBCA CLI

When accessing EJBCA's CLI by running ${EJBCA_HOME}/bin/ejbca.sh you get the following error message:

CODE
> /opt/ejbca/bin/ejbca.sh 
Error: CLI could not contact EJBCA instance. Either your application server is not up and running, EJBCA has not been deployed successfully, or some firewall rule is blocking the CLI from the application server.

Cause

Under the hood, this is caused by an IllegalStateException with the error message "No EJB receiver available for handling".

Troubleshooting Steps

It is assumed you are using JBoss as the application server and RHEL as the operating system. The steps for troubleshooting will be very similar if you are using for example Wildfly instead of JBoss, or another Linux distribution such as Debian.

  1. Make sure JBoss is up and running:

    CODE
    ps aux | grep ${JBOSS_HOME}/bin/standalone.sh

    If JBoss is not running, start it.

  2. Make sure EJBCA has been deployed correctly:

    CODE
    ls ${JBOSS_HOME}/standalone/deployments | grep ejbca.ear.deployed

    If EJBCA has not been deployed correctly, check the JBoss log file to find out why:

    CODE
    cat ${JBOSS_HOME}/standalone/log/server.log | grep ERROR -C 10 | less

    Fix the problem and the redeploy EJBCA by running the following:

    CODE
    cd ${EJBCA_HOME}
    ant -q clean deployear
  3. Make sure the application server is listening to the port configured in dist/ejbca-ejb-cli/jboss-ejb-client.properties (unless you have edited the configuration, it should be port 4447) .

    CODE
    sudo lsof -i:4447

    If connecting remotely this port must be open in the firewall. Inspect your firewall rules and open this port for incoming TCP traffic if necessary.

    CODE
    sudo firewall-cmd --zone=public --list-ports | grep 4447/tcp
  4. Make sure the user running the application server has read and execute access to relevant authentication files:

    1. If using local authentication, the user needs access to files in ${JBOSS_HOME}/domain/tmp/auth

    2. If using remote authentication, the user needs access to files in ${JBOSS_HOME}/standalone/tmp/auth

    The easiest way to achieve this is to run the application server as jboss user and ensure ${JBOSS_HOME} is owned by this user:

    CODE
    sudo chown -R jboss:jboss ${JBOSS_HOME}
    sudo chmod -R 'g=u' ${JBOSS_HOME}
    sudo find ${JBOSS_HOME} -type d -exec sudo chmod g+s {} \;


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.