Menu
▾
▴
Re: [Ejbca-develop] Generating pkcs10 request for CA to be signed by External CA with keys in nCipher netHSM
|
From: Tomas G. <to...@pr...> - 2010-01-28 10:50:42
|
Of course, it is not hard either to write the code to add extensions to the PKCS#10 request. Regards, Tomas ----- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 01/28/2010 10:53 AM, PenguinXC wrote: > Thanks for reply! > > The external CA uses Microsoft CS as software. Yes, I suppose it can > generate a new certificate according to a profile with the correct > extensions. But unfortunately for us, it is not the way the problem should > be solved :( > > I will try to convert the keys and report you about results. > > Best regards, > Vu > > > > Tomas Gustavsson wrote: > >> >> Hi, >> >> The EJBCA cli can currently not generate PKCS#10 requests with >> extensions in it. In my opinion the issuing CA should be able to >> generate a certificate according to a profile, with the correct >> extensions. May I ask wich CA siftware the extenral CA uses? >> >> Anyhow, nCipher has this strange feature of using different >> "applications" so keys generated by native programs, or java, can not be >> used from PKCS#11. The keys can however be converted. You can read the >> "Keon CA migration guide" in the howto section at EJBCA.org for detailed >> instructions how to migrate the keys from a "native" application to >> PKCS#11. >> >> http://ejbca.org/howto.html#Migrating%20RSA%20Keon%20CA%20with%20nCipher >> >> Regards, >> Tomas >> ----- >> >> PrimeKey Solutions offers a commercial EJBCA support subscription and >> training for EJBCA. Please see www.primekey.se or contact in...@pr... >> for more information. >> http://www.primekey.se/Services/Support/ >> http://www.primekey.se/Services/Training/ >> >> >> > |