Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

Importing certificate of External CA with serial number 0

Help
Roman
2013-10-25
2013-11-07
  • Roman
    Roman
    2013-10-25

    Is it possible to import certificate of External CA with serial number 0?
    I'm using EJBCA 4.0.16.

    I tried to import the certificate but the transaction is always rolled back and I can't figure out where is the problem.

     
  • Roman
    Roman
    2013-10-25

    Also, when I import a certificate PKCS#12 file into EJCBA with RSA keys with length 8196 bits, then I see in the "Certification Authorities -> Edit CA" that value of "RSA key size" is 2048...

    Is it just a display bug?
    How can I verify that the imported keys is really 8196 bits long?

     
  • cyberuser
    cyberuser
    2013-11-05

    I have also the same problem with the wrong key size.

     
    Last edit: cyberuser 2013-11-05
  • I do not know what import a certificate PKCS#12 file means. You need to specify more details of exactly what you are doing. What buttons are you pressing, and what files are you uploading where?

     
  • Roman
    Roman
    2013-11-05

    The certificate with private key is in the PKCS#12 archive file (usually .p12 files).
    I am importing it through admin GUI, excatly "Certification Authorities -> Import CA keystore".

     
  • So I'm not sure you are doing what you are epxecting. Import CA keystore is for importing a CA, it's not for importing a CA certificate (creating an "External CA".
    You can typically export a keystore from an existing CA, and create a new CA importing the keystore on another system.

    If you only want to import the CA certificate you need to export the certificate from the p12 and use "import CA Certificate".

    Cheers,
    Tomas


    PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact info@primekey.se for more information.
    http://www.primekey.se/Services/Support/
    http://www.primekey.se/Services/Training/

     
  • cyberuser
    cyberuser
    2013-11-06

    I wanted to import external sub-cas which were created with openssl (admin gui--> Certification Authorities --> Import CA keystore). For that I created a p12 file which include the private key and the certificate with the public key. After the import the key size was wrong in the admin gui.

    At the end I created the sub-cas in ejbca (csr) and signed it with the root-ca which is not in ejbca.

     
  • great. That should be the best option. Importing a p12 should work as well, we'll have to look into that sometime. Perhaps you can attach a p12 that fails to import then I can easily test it,