From: PenguinXC <pen...@gm...> - 2010-01-28 09:53:18
|
Thanks for reply! The external CA uses Microsoft CS as software. Yes, I suppose it can generate a new certificate according to a profile with the correct extensions. But unfortunately for us, it is not the way the problem should be solved :( I will try to convert the keys and report you about results. Best regards, Vu Tomas Gustavsson wrote: > > > Hi, > > The EJBCA cli can currently not generate PKCS#10 requests with > extensions in it. In my opinion the issuing CA should be able to > generate a certificate according to a profile, with the correct > extensions. May I ask wich CA siftware the extenral CA uses? > > Anyhow, nCipher has this strange feature of using different > "applications" so keys generated by native programs, or java, can not be > used from PKCS#11. The keys can however be converted. You can read the > "Keon CA migration guide" in the howto section at EJBCA.org for detailed > instructions how to migrate the keys from a "native" application to > PKCS#11. > > http://ejbca.org/howto.html#Migrating%20RSA%20Keon%20CA%20with%20nCipher > > Regards, > Tomas > ----- > > PrimeKey Solutions offers a commercial EJBCA support subscription and > training for EJBCA. Please see www.primekey.se or contact in...@pr... > for more information. > http://www.primekey.se/Services/Support/ > http://www.primekey.se/Services/Training/ > > -- View this message in context: http://old.nabble.com/Generating-pkcs10-request-for-CA-to-be-signed-by-External-CA-with-keys-in-nCipher-netHSM-tp27334069p27353433.html Sent from the EjbCA - Dev mailing list archive at Nabble.com. |