Does EJBCA enable to use one user for creating certificates? Since my previous CA is going to expire, I'd like to use EJBCA for the new CA. Since 1000+ certificates have been given out with the expiring CA, all of them need to be regenerated.
Short answer yes. You can use a single user (end entity in EJBCA) for all certificates, one end entity per certificate, or a combination. You can do almost anything you want.
Ok, but how can I configure EJBCA so that I can use only one user to generate certificates?
At the moment I have the following configuration:
End Entity Profile: ssl_server
Batch generation: checked
Subject DN Attributes:
O: Test company
OU: Test company
Certificate profile: ssl_server
The first certificate has CN field test1 and the second certificate has CN field test2. I could add the first certificate successfully but when I tried to add the second certificate, the following error occurred: "End entity already exists, choose another Username."
Entityprofile is added as an attachment.
You just edit the end-entity for each new certificate
Anders, what do you mean by "You just edit the end-entity for each new certificate"?. I'm trying to create a lot of certificates with just ONE user and password and just generate them with the bin/ejbca.sh batch command.
You need to something like
but also perform edituser commands to change CN
Does this mean that I always need to change the user status to NEW before I can create another certificate with the same user and password?
Yes, it does
I tried this:
Generating keys in directory /opt/ejbca/p12.
Loading configuration from defaults.
Generating RSA keys of size 2048 for test.
Created Keystore for 'test'.
New user generated successfully - test.
If I search test user status, then I get status NEW for this user.
Found end entity:
DN: "CN=test cert1,OU=Test unit,O=Test company,L=City,C=EE"
Alt Name: "null"
Directory Attributes: ""
Token Type: 4
End Entity Profile ID: 503291280
Certificate Profile ID: 163070057
Hard Token Issuer ID: 0
Created: Mon Apr 21 12:51:11 GMT+00:00 2014
Modified: Mon Apr 21 12:56:16 GMT+00:00 2014
I don't get where or what did I do wrong.
Search end entities
select for edit
I think you can do this from the CLI as well
Log in to post a comment.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.