Cannot access to Signserver AdminWeb by Client Certificate got from EJBCA

[huongdang0208]

Hi, I recently work with signserver and I know that I need client certificate to access to adminweb then I follow this guide ([https://www.youtube.com/watch?v=wMD1GgSF-JE]) to obtain these certs from EJBCA. After all, I have 2 files which is ManagementCA.pem file and I use this to start up signserver by command:
sudo docker run -it --rm --name signserver \ -p 8083:8080 -p 445:8443 \ -v $(pwd)/ManagementCA.pem:/mnt/external/secrets/tls/cas/ManagementCA.crt \ -h localhost\ keyfactor/signserver-ce:5.10.0
And these log info are:
2024-06-06 10:31:39,476+0000 INFO [org.jboss.as] (MSC service thread 1-1) WFLYSRV0049: WildFly Full 26.1.3.Final (WildFly Core 18.1.2.Final) starting
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.wildfly.extension.elytron.SSLDefinitions (jar:file:/opt/keyfactor/wildfly-26.1.3.Final/modules/system/layers/base/org/wildfly/extension/elytron/main/wildfly-elytron-integration-18.1.2.Final.jar!/) to method com.sun.net.ssl.internal.ssl.Provider.isFIPS()
WARNING: Please consider reporting this to the maintainers of org.wildfly.extension.elytron.SSLDefinitions
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
2024-06-06 10:31:40,292+0000 WARN [org.jboss.as.server.deployment.scanner] (ServerService Thread Pool -- 15) WFLYDS0006: Reliable deployment behaviour is not possible when auto-deployment of exploded content is enabled (i.e. deployment without use of ".dodeploy"' marker files). Configuration of auto-deployment of exploded content is not recommended in any situation where reliability is desired. Configuring the deployment scanner's auto-deploy-exploded setting to "false" is recommended.
2024-06-06 10:31:40,350+0000 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0039: Creating http management service using socket-binding (management-http)
2024-06-06 10:31:40,394+0000 INFO [org.wildfly.extension.health] (ServerService Thread Pool -- 42) WFLYHEALTH0001: Activating Base Health Subsystem
2024-06-06 10:31:40,403+0000 INFO [org.wildfly.extension.microprofile.openapi.smallrye] (ServerService Thread Pool -- 54) WFLYMPOAI0001: Activating MicroProfile OpenAPI Subsystem
2024-06-06 10:31:40,409+0000 INFO [org.wildfly.extension.microprofile.config.smallrye] (ServerService Thread Pool -- 51) WFLYCONF0001: Activating MicroProfile Config Subsystem
2024-06-06 10:31:40,413+0000 INFO [org.wildfly.extension.microprofile.health.smallrye] (ServerService Thread Pool -- 52) WFLYMPHEALTH0001: Activating MicroProfile Health Subsystem
2024-06-06 10:31:40,419+0000 INFO [org.wildfly.extension.metrics] (ServerService Thread Pool -- 50) WFLYMETRICS0001: Activating Base Metrics Subsystem
2024-06-06 10:31:40,461+0000 INFO [org.wildfly.extension.microprofile.metrics.smallrye] (ServerService Thread Pool -- 53) WFLYMPMETRICS0001: Activating MicroProfile Metrics Subsystem
2024-06-06 10:31:40,513+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-8) WFLYUT0003: Undertow 2.2.19.Final starting
2024-06-06 10:31:40,587+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0012: Started server default-server.
2024-06-06 10:31:40,589+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-7) Queuing requests.
2024-06-06 10:31:40,590+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-7) WFLYUT0018: Host default-host starting
2024-06-06 10:31:40,619+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-6) WFLYUT0006: Undertow HTTP listener remoting listening on 127.0.0.1:4447
2024-06-06 10:31:40,621+0000 INFO [org.wildfly.extension.undertow] (MSC service thread 1-5) WFLYUT0006: Undertow HTTP listener observation listening on 127.0.0.1:8090
2024-06-06 10:31:40,803+0000 INFO [org.jboss.as.server.deployment.scanner] (MSC service thread 1-1) WFLYDS0013: Started FileSystemDeploymentService for directory /opt/keyfactor/wildfly-26.1.3.Final/standalone/deployments
2024-06-06 10:31:42,870+0000 WARN [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0059: Class Path entry xml-apis.jar in /opt/keyfactor/wildfly-26.1.3.Final/standalone/deployments/signserver.ear/lib/serializer-2.7.2.jar does not point to a valid jar for a Class-Path reference.
2024-06-06 10:31:42,871+0000 WARN [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0059: Class Path entry xercesImpl.jar in /opt/keyfactor/wildfly-26.1.3.Final/standalone/deployments/signserver.ear/lib/xalan-2.7.2.jar does not point to a valid jar for a Class-Path reference.
2024-06-06 10:31:42,871+0000 WARN [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0059: Class Path entry xml-apis.jar in /opt/keyfactor/wildfly-26.1.3.Final/standalone/deployments/signserver.ear/lib/xalan-2.7.2.jar does not point to a valid jar for a Class-Path reference.
2024-06-06 10:31:42,871+0000 WARN [org.jboss.as.server.deployment] (MSC service thread 1-1) WFLYSRV0059: Class Path entry serializer.jar in /opt/keyfactor/wildfly-26.1.3.Final/standalone/deployments/signserver.ear/lib/xalan-2.7.2.jar does not point to a valid jar for a Class-Path reference.
2024-06-06 10:31:42,992+0000 INFO [org.jboss.as.jpa] (MSC service thread 1-8) WFLYJPA0002: Read persistence.xml for SignServerJPA
2024-06-06 10:31:42,993+0000 INFO [org.jboss.as.jpa] (MSC service thread 1-8) WFLYJPA0002: Read persistence.xml for ejbca
2024-06-06 10:31:43,023+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-5) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AuthorizationSessionRemote' for Jakarta Enterprise Beans 'AuthorizationSessionBean' will be ignored.
2024-06-06 10:31:43,025+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-5) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/SecurityEventsLoggerSessionRemote' for Jakarta Enterprise Beans 'SecurityEventsLoggerSessionBean' will be ignored.
2024-06-06 10:31:43,025+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-5) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/SecurityEventsAuditorSessionRemote' for Jakarta Enterprise Beans 'SecurityEventsAuditorSessionBean' will be ignored.
2024-06-06 10:31:43,025+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-4) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/RoleMemberDataSessionRemote' for Jakarta Enterprise Beans 'RoleMemberDataMockSessionBean' will be ignored.
2024-06-06 10:31:43,026+0000 WARN [org.jboss.as.ejb3] (MSC service thread 1-4) WFLYEJB0525: The 'mappedName' in Jakarta Enterprise Beans annotations is not supported. Value of 'ejbca/AccessTreeUpdateSessionLocal' for Jakarta Enterprise Beans 'AccessTreeUpdateMockSessionBean' will be ignored.
2024-06-06 10:31:43,457+0000 INFO [org.jboss.as.jpa] (ServerService Thread Pool -- 64) WFLYJPA0010: Starting Persistence Unit (phase 1 of 2) Service 'signserver.ear#SignServerJPA'
2024-06-06 10:31:43,458+0000 INFO [org.jboss.as.jpa] (ServerService Thread Pool -- 65) WFLYJPA0010: Starting Persistence Unit (phase 1 of 2) Service 'signserver.ear#ejbca'
2024-06-06 10:31:44,434+0000 WARN [org.wildfly.extension.undertow] (MSC service thread 1-3) WFLYUT0005: Secure listener for protocol: 'HTTP/1.1' not found! Using non secure port!
2024-06-06 10:31:44,492+0000 INFO [org.cesecore.config.ConfigurationHolder] (MSC service thread 1-8) Allow external re-configuration: false
2024-06-06 10:31:44,616+0000 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 65) ISPN000128: Infinispan version: Infinispan 'Triskaidekaphobia' 13.0.10.Final
2024-06-06 10:31:44,626+0000 INFO [org.jboss.as.jpa] (ServerService Thread Pool -- 64) WFLYJPA0010: Starting Persistence Unit (phase 2 of 2) Service 'signserver.ear#ejbca'
2024-06-06 10:31:44,626+0000 INFO [org.jboss.as.jpa] (ServerService Thread Pool -- 66) WFLYJPA0010: Starting Persistence Unit (phase 2 of 2) Service 'signserver.ear#SignServerJPA'
2024-06-06 10:31:44,725+0000 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 65) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.spi.marshalling.InfinispanProtoStreamMarshaller'
2024-06-06 10:31:45,632+0000 INFO [org.infinispan.CONFIG] (MSC service thread 1-7) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
2024-06-06 10:31:45,636+0000 INFO [org.infinispan.CONFIG] (MSC service thread 1-7) ISPN000152: Passivation configured without an eviction policy being selected. Only manually evicted entities will be passivated.
2024-06-06 10:31:45,650+0000 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 65) ISPN000025: wakeUpInterval is <= 0, not starting expired purge thread
2024-06-06 10:31:46,103+0000 INFO [io.smallrye.metrics] (MSC service thread 1-6) SRMET01001: MicroProfile: Metrics activated (SmallRye Metrics version: 3.0.3)
2024-06-06 10:31:46,371+0000 SEVERE [javax.enterprise.resource.webcontainer.jsf.application.view] (MSC service thread 1-6) Unable to obtain CDI 1.1 utilities for Mojarra
2024-06-06 10:31:46,375+0000 SEVERE [javax.enterprise.resource.webcontainer.jsf.flow] (MSC service thread 1-6) Unable to obtain CDI 1.1 utilities for Mojarra
2024-06-06 10:31:46,562+0000 INFO [org.signserver.ejb.StartupSingletonBean] (ServerService Thread Pool -- 78) Init, SignServer CE 5.11.1.Final startup.
2024-06-06 10:31:46,562+0000 INFO [org.signserver.ejb.StartupSingletonBean] (ServerService Thread Pool -- 78) Previous transformer property: null
2024-06-06 10:31:46,562+0000 INFO [org.signserver.ejb.StartupSingletonBean] (ServerService Thread Pool -- 78) Current transformer property: com.sun.org.apache.xalan.internal.xsltc.trax.TransformerFactoryImpl
2024-06-06 10:31:46,562+0000 INFO [org.signserver.ejb.StartupSingletonBean] (ServerService Thread Pool -- 78) Previous schema property: null
2024-06-06 10:31:46,563+0000 INFO [org.signserver.ejb.StartupSingletonBean] (ServerService Thread Pool -- 78) Current schema property: com.sun.org.apache.xerces.internal.jaxp.validation.XMLSchemaFactory
2024-06-06 10:31:46,608+0000 INFO [org.cesecore.audit.AuditDevicesConfig] (ServerService Thread Pool -- 78) Registered audit device using implementation: org.signserver.server.log.SignServerLog4jDevice
2024-06-06 10:31:46,609+0000 INFO [org.cesecore.audit.AuditDevicesConfig] (ServerService Thread Pool -- 78) Configured exporter AuditExporterDummy for device SignServerLog4jDevice
2024-06-06 10:31:46,611+0000 INFO [org.signserver.server.log.SignServerLog4jDevice] (ServerService Thread Pool -- 78) EVENT: SIGNSERVER_STARTUP; OUTCOME: SUCCESS; MODULE: SERVICE; ADMINISTRATOR: StartServicesServlet.init; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; msg: start services startup msg; VERSION: SignServer CE 5.11.1.Final; REPLY_TIME:1717669906611
2024-06-06 10:31:46,639+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 79) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-06-06 10:31:46,641+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 66) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-06-06 10:31:46,640+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 70) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-06-06 10:31:46,780+0000 INFO [org.signserver.ejb.StartupSingletonBean] (ServerService Thread Pool -- 78) Found 0 worker types to upgrade
2024-06-06 10:31:46,800+0000 INFO [org.signserver.server.log.SignServerLog4jDevice] (ServerService Thread Pool -- 78) EVENT: SET_STATUS_PROPERTY; OUTCOME: SUCCESS; MODULE: STATUS_REPOSITORY; ADMINISTRATOR: StatusRepositorySessionBean.auditLog; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; STATUSREPO_PROPERTY: SERVER_STARTED; STATUSREPO_VALUE: 1717669906798; STATUSREPO_EXPIRATION: 0; REPLY_TIME:1717669906800
2024-06-06 10:31:47,383+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 69) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-06-06 10:31:47,387+0000 WARN [io.undertow.servlet] (ServerService Thread Pool -- 68) UT015020: Path /* is secured for some HTTP methods, however it is not secured for [HEAD, POST, GET]
2024-06-06 10:31:47,432+0000 INFO [org.jboss.as.server] (ServerService Thread Pool -- 37) WFLYSRV0010: Deployed "signserver.ear" (runtime-name : "signserver.ear")
2024-06-06 10:31:47,455+0000 INFO [org.jboss.as.server] (Controller Boot Thread) WFLYSRV0212: Resuming server
2024-06-06 10:31:47,458+0000 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0025: WildFly Full 26.1.3.Final (WildFly Core 18.1.2.Final) started in 8513ms - Started 2018 of 2137 services (256 services are lazy, passive or on-demand) - Server configuration file in use: standalone.xml
2024-06-06 10:31:47,460+0000 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0060: Http management interface listening on http://127.0.0.1:9990/management
2024-06-06 10:31:47,460+0000 INFO [org.jboss.as] (Controller Boot Thread) WFLYSRV0054: Admin console is not enabled
2024-06-06 10:31:47,641+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Application /opt/keyfactor/appserver/standalone/deployments/signserver.ear.deployed successfully started.
2024-06-06 10:31:47,650+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Setting up in-bound connectivity...
2024-06-06 10:31:47,668+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) No keystore and/or password file were detected at '/opt/keyfactor/secrets/external/tls/ks/server.[jks|storepasswd]'. Check mount points and file permissions if this is not what you expected.
2024-06-06 10:31:56,395+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Certificate stored in file </opt/keyfactor/tmp/tmp.VskfoPdlp5/keystore.der>
2024-06-06 10:31:56,654+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Generated TLS certificate with fingerprint 67334e9ad4b9791a305c2f4a0dfc6cdc6531e96df8f5d7e531ffd906d5b09537.
2024-06-06 10:31:56,656+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) ********************************************************************************************
2024-06-06 10:31:56,658+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Keystore password found at /opt/keyfactor/secrets/persistent/tls/localhost/server.storepasswd
2024-06-06 10:31:56,660+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) We recommend using 'APPSERVER_KEYSTORE_SECRET' env variable to set the TLS keystore password.
2024-06-06 10:31:56,662+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) ********************************************************************************************
2024-06-06 10:31:56,664+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) No key password file were detected at '/opt/keyfactor/secrets/persistent/tls/localhost/server.keypasswd'. Keystore password will also be used to access private key.
2024-06-06 10:31:56,666+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Importing keystore /opt/keyfactor/secrets/persistent/tls/localhost/server.jks to /opt/keyfactor/tmp/tmp.VskfoPdlp5/keystore.jks...
2024-06-06 10:31:56,666+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Entry for alias localhost successfully imported.
2024-06-06 10:31:56,666+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Import command completed: 1 entries successfully imported, 0 entries failed or cancelled
2024-06-06 10:32:13,379+0000 WARN [/opt/keyfactor/bin/start.sh] (process:1) Will use self-signed server side TLS keystore.
2024-06-06 10:32:13,388+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) No truststore and/or password file were detected at '/opt/keyfactor/secrets/external/tls/ts/truststore.[jks|storepasswd]'. Check mount points and file permissions if this is not what you expected.
Certificate was added to keystore
2024-06-06 10:32:23,103+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Enabling HTTPS listener on 0.0.0.0:8443 with optional client certificate authentication.
2024-06-06 10:32:25,823+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Enabling HTTP listener on 0.0.0.0:8080.
2024-06-06 10:32:27,076+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Enabling HSTS
2024-06-06 10:32:29,444+0000 INFO [org.signserver.server.log.SignServerLog4jDevice] (default task-1) EVENT: SET_GLOBAL_PROPERTY; OUTCOME: SUCCESS; MODULE: GLOBAL_CONFIG; ADMINISTRATOR: CLI user; ISSUER: null; SERIAL_NUMBER: null; WORKER_ID: null; GLOBALCONFIG_PROPERTY: GLOB.ALLOWANYWSADMIN; GLOBALCONFIG_VALUE: true; REPLY_TIME:1717669949444
Set to allow any WS admin
2024-06-06 10:32:29,808+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Health check now reports application status at signserver/healthcheck/signserverhealth
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) #######################################################################################################
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # Whenever you are ready for production: #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # Try out the commercially supported SignServer Enterprise Cloud on AWS or Azure, fully featured #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # with: #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Sign code: MS Authenticode, Java including Android APK and Generic. #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Sign documents: PDF, XML, XAdES (BES and T) #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Time Stamping: RFC 3161 and MS authenticode time stamps, ETSI compliant #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Hardware Security Module support #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - Application updates #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # - ...and more! #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # Feel free to contact us directly for a cloud, on-prem, embedded or hybrid solution that fits your #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # specific needs. #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # https://aws.amazon.com/marketplace/seller-profile?id=7edf9048-58e6-4086-9d98-b8e0c1d78fce #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # https://azuremarketplace.microsoft.com/en-us/marketplace/apps/primekey.signserver_enterprise_cloud #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # https://www.keyfactor.com #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # [email protected] #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) # #
2024-06-06 10:32:29,812+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) #######################################################################################################
2024-06-06 10:37:29,880+0000 INFO [org.signserver.web.common.filters.ExtensionFilter] (default task-1) No extension filter loaded

1. I think I set up signserver is successfully then I access to http://localhost:8083/signserver/adminweb ( I already import my p12 file into my browser to import my client cert) but I still got error: "Your connection is not secure and your cert is not valid
2. Does anyone here can solve this problem?

[ClaudioSousa14]

Did you enable OCSP Revocation check? Try to disable it.

[AkshayD20]

You have issue certificate from Management ca that you have provided
ManagementCA
->Client TLS certificate issued from ManagementCA

Then you have to import that certificate into browser
then we you try to access admin web you will prompt to select TLS certificate issue from ManagementCA

below command:

docker run -it --rm --name signserver -p 8080:8080 -p 8443:8443
-v C:\EJBCA_Signserver\managementca_test.cer:/mnt/external/secrets/tls/cas/ManagementCA.crt
-h localhost
--user root keyfactor/signserver-ce:6.3.0

docker run -it --rm --name signserver -p 8080:8080 -p 8443:8443
-v (ManagementCA certificate Path(truststore certificate path)):(Docker secrets tls ca certificate path)
-h localhost
--user root keyfactor/signserver-ce:6.3.0

[sekuraRJ24]

I too can't login to signserver admin console. I have followed the tutorials to a tee and the certificates are installed in firefox. When I click on 'Use TLS client certificate' it seems to refresh but does not ask for my certificate. There is also nothing under authentication decisions so I have not declined. I have tried on a fresh install of Unbuntu desktop both 24.04 and 22.04.4. I am at a standstill and would really like to use this for code signing. Thank you in advance.

[ClaudioSousa14]

If the certificate is not requested probably your truststore is not defined properly. Also check if you insert the trusted CA on your keystore.

[HarimbolaSantatra]

Maybe this discussion on EJBCA can help! Installation are nearly the same with EJBCA and signserver