I have created an EJBCA community Standalone Instance for signserver community use case. I have a few questions on how to make the use case more efficient.
As I generate p12 key stores for signserver and pem for authorization, how to generate both of them in ejbca instead of converting a p12 to a pem with openssl. I have tried configuring the number of allowed request on the end entity profile, but i can only do 1 request on the raweb, while if i add an entity on the administration web I can only pick one type of token (p12/jks/pem) to be generated even though I can do multiple requests.
As the private key on the p12 is installed to the signer's device, how to distribute the public keys to the receiver?
Thanks in advanced
Best regards,
Adrian Rose
edit: sorry for the title forgot to update it
Last edit: Adrian Rose Jayanto 2021-08-26
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
For two different purposes I would create two different end entities in EJBCA and issue two keystores from it. You can set one to issue a p12 and the other to issue a PEM keystore.
This is the dilemma of any signing application and is application dependent. Most document signing formats include the signing certificate in the document so it's distributed together with the documents, you only have to distribute the trusted root. But it depends on your application again...
Cheers,
Tomas
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi,
I have created an EJBCA community Standalone Instance for signserver community use case. I have a few questions on how to make the use case more efficient.
Thanks in advanced
Best regards,
Adrian Rose
edit: sorry for the title forgot to update it
Last edit: Adrian Rose Jayanto 2021-08-26
For two different purposes I would create two different end entities in EJBCA and issue two keystores from it. You can set one to issue a p12 and the other to issue a PEM keystore.
This is the dilemma of any signing application and is application dependent. Most document signing formats include the signing certificate in the document so it's distributed together with the documents, you only have to distribute the trusted root. But it depends on your application again...
Cheers,
Tomas
Dear Tomas,
Thank you very much for your reply it is very much noted. My inquires have been solved
Kind regards,
Adrian Rose
Last edit: Adrian Rose Jayanto 2021-09-07
Awesome!
Cheers,
Tomas