I am using EJBCA 6.1.1 with JBoss 7.1.1.Final.
I configured SCEP and EJBCA to issue certificates. If the user is not registered in EJBCA it creates new End Entity and issue new certificate.
CA has unchecked Finish user option.
Everythink works fine and SCEP client received issued certificate.
The problem, is that every End Entity has status INPROCESS.
According documentation and my previous implementation on EJBCA 4.0.16 I assumed that this should be always NEW when I have unchecked Finish user.
Is it normal behaviour or not? I am asking because I don't want to be surprised in the future that something will be messed up.
Thank you for your responses.
Tell us your SCEP configuration?
I am attaching SCEP properties file.
Would this be using an External RA, or directly towards the CA?
The EJBCA and SCEP External RA is deployed on the same application server JBoss.
EJBCA and SCEP has different databases and datasources.
So its one instance and SCEP is deployed through externalra-scep-deploy.
The model is using EJBCA external RA polling messages from SCEP database.
Ok, then that is probably a bug in External RA SCEP processing (not direct CA SCEP mode). It was not designed to with without "finish user" :-)
Oh, and when using the External RA there is no point in not having "finish user" selected, since this makes no difference for the SCEP processing. I would recommend to have finish user enabled at all times.
But when I select "finish user" every end entity created would be able to issue only one certificate, right?
Then status of end entity will be GENERATED and the same end entity wouldn't be able to issue another certificate independent of what interface is using until someone change its status.
The way you have configured it:
"If the user is not registered in EJBCA it creates new End Entity and issue new certificate." This meant that the RA will add/edit users in order to be able to issue certificates.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.