Yes, that should be easy to fix, simply use something not empty, or
temporarily remove the "autogenerated" feature from the profile.
> Tomas Gustavsson ha scritto:
>> Andrea wrote:
>>> Tomas Gustavsson ha scritto:
>>>> Aha. The certificates, and revocation information, are stored in the
>>>> table CertificateData. The user information is stored in the table
>>>> If you did not use KeyRecovery, where the private key is generated and
>>>> kept by the CA, this is all you need.
>>>> You can even search for the users in the GUI, download the certificate
>>>> and not down the username and revocation information, and then import
>>>> the certificates using the 'bin/ejbca.sh ca importcert' command.
>>> ...You mean download the user-cert in PEM format from the GUI and then
>>> re-import it in the new CA as is ??
>> Yes. This way has been used to migrate from other CA products to EJBCA,
>> so it should work for migration from another EJBCA as well :-)
>>>> This command does not need much information:
>>>> $ bin/ejbca.sh ca importcert
>>>> Description: Imports a certificate file to the database
>>>> Usage: ca importcert <username> <password> <caname> <status> <email>
>>>> <certificate file> <endentityprofile> [<certificateprofile>]
>>> using importcert do i need to provide all the above parameters ?? ( i.e.
>>> <passwd> <caname> <status> etc etc ?? ).
>>> If yes, which is the pasword ??
>>> Is the one-time password used to crypt the .p12 file created when
>>> "adding" a new end-entity ??
>>> If yes, where can i find it ??
>> The password is simply any password you want to set. It can be a random
>> string, or a fixed password.
> Hi Tomas,
> i made some tests using your tips in this way:
> 1) Download from the GUI the user-cert in PEM format
> 2) copied it to the server which is running the new ejbca install ( with
> postgresql )
> 3) tried to import the cert with the corresponding CA
> i used this command
> ./ejbca.sh ca importcert arussos "" OvpnCA ACTIVE
> arussos@... arussos.pem "Ovpn Client Generator NG" "OpenVPNNG"
> As you can see, i used an empty password and issued also End Entity
> Profile ( Ovpn Client Generator NG ) and the Certificate Profile (
> OpenVPNNG ).
> Unfortunately it exit with this error:
> "Error: Autogenerated password must have password==null"
> I think it complains about the fact that i set up the "End Entity
> Profile" with the "Autogenerated Pasword" selected, is it true ???
> Also, if i import the cert without the "End Entity Profile" and the
> "Autogenerated Pasword", it successfully import it; but, obviously, when
> i look at the user "End Entity Profile" from the GUI it sees it as "EMPTY".
> Is there a way to solve this problem ???
> Thanks a lot,