Im trying to setup peer system between CA and VA. In my VA, I already deploy with set web.reqcertindb=false, then I enrolled VA SSL cert from CA, then copy to /opt/wildfly/standalone/configuration/keystore/keystore.p12, scp trustore from CA to VA /opt/wildfly/standalone/configuration/keystore/trustrore.p12. Import CA cert to VA cer.
But then when I try to peer Im getting error as below(deleting the IP address for safety purpose):
2023-08-14 09:58:29,741 INFO [org.cesecore.util.provider.EkuPKIXCertPathChecker] (EJB default - 1) Validation of certificate with subject CN=vaprimary,O=CIMB Group,L=KL,C=MY failed critical EKU validation. The missing EKUs were: [1.3.6.1.5.5.7.3.1]
2023-08-14 09:58:29,743 ERROR [org.ejbca.peerconnector.client.PeerConnectorPool] (EJB default - 1) Failed connection to https://:8443/ejbca/peer/v1: Certificate with serial number '0x4ADF35BB32A79EC9F6EF13D6A7D9417CD0B236B' and SAN 'dNSName=localhost, dNSName=vaprimary, iPAddress=' issued by 'CN=Management CA,O=EJBCA Sample,C=MY' is NOT trusted. Ensure the certificate is a TLS server certificate issued by a CA known to EJBCA, and permitted by your authentication key binding.
Hi All,
Im trying to setup peer system between CA and VA. In my VA, I already deploy with set web.reqcertindb=false, then I enrolled VA SSL cert from CA, then copy to /opt/wildfly/standalone/configuration/keystore/keystore.p12, scp trustore from CA to VA /opt/wildfly/standalone/configuration/keystore/trustrore.p12. Import CA cert to VA cer.
But then when I try to peer Im getting error as below(deleting the IP address for safety purpose):
2023-08-14 09:58:29,741 INFO [org.cesecore.util.provider.EkuPKIXCertPathChecker] (EJB default - 1) Validation of certificate with subject CN=vaprimary,O=CIMB Group,L=KL,C=MY failed critical EKU validation. The missing EKUs were: [1.3.6.1.5.5.7.3.1]
2023-08-14 09:58:29,743 ERROR [org.ejbca.peerconnector.client.PeerConnectorPool] (EJB default - 1) Failed connection to https://:8443/ejbca/peer/v1: Certificate with serial number '0x4ADF35BB32A79EC9F6EF13D6A7D9417CD0B236B' and SAN 'dNSName=localhost, dNSName=vaprimary, iPAddress=' issued by 'CN=Management CA,O=EJBCA Sample,C=MY' is NOT trusted. Ensure the certificate is a TLS server certificate issued by a CA known to EJBCA, and permitted by your authentication key binding.
Anyone knows?
The error message above is from the CA. The error from VA Im getting as below:
Administrator Certificate is issued by external CA and not present in the database.;remoteip=1;forwardedip=
Hi PeerConnectors is an Enterprise feature. You will get much better responses by contacting Keyfactor support. https://support.keyfactor.com/
Cheers,
Tomas