Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.
Is it possible to import certificate of External CA with serial number 0?
I'm using EJBCA 4.0.16.
I tried to import the certificate but the transaction is always rolled back and I can't figure out where is the problem.
Also, when I import a certificate PKCS#12 file into EJCBA with RSA keys with length 8196 bits, then I see in the "Certification Authorities -> Edit CA" that value of "RSA key size" is 2048...
Is it just a display bug?
How can I verify that the imported keys is really 8196 bits long?
I have also the same problem with the wrong key size.
I do not know what import a certificate PKCS#12 file means. You need to specify more details of exactly what you are doing. What buttons are you pressing, and what files are you uploading where?
The certificate with private key is in the PKCS#12 archive file (usually .p12 files).
I am importing it through admin GUI, excatly "Certification Authorities -> Import CA keystore".
So I'm not sure you are doing what you are epxecting. Import CA keystore is for importing a CA, it's not for importing a CA certificate (creating an "External CA".
You can typically export a keystore from an existing CA, and create a new CA importing the keystore on another system.
If you only want to import the CA certificate you need to export the certificate from the p12 and use "import CA Certificate".
PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact email@example.com for more information.
I wanted to import external sub-cas which were created with openssl (admin gui--> Certification Authorities --> Import CA keystore). For that I created a p12 file which include the private key and the certificate with the public key. After the import the key size was wrong in the admin gui.
At the end I created the sub-cas in ejbca (csr) and signed it with the root-ca which is not in ejbca.
great. That should be the best option. Importing a p12 should work as well, we'll have to look into that sometime. Perhaps you can attach a p12 that fails to import then I can easily test it,