Does EJBCA enable to use one user for creating certificates?

Help
aloeee
2014-04-17
2014-04-21
  • aloeee

    aloeee - 2014-04-17

    Does EJBCA enable to use one user for creating certificates? Since my previous CA is going to expire, I'd like to use EJBCA for the new CA. Since 1000+ certificates have been given out with the expiring CA, all of them need to be regenerated.

    Br,

    Alo

     
  • Tomas Gustavsson

    Short answer yes. You can use a single user (end entity in EJBCA) for all certificates, one end entity per certificate, or a combination. You can do almost anything you want.

    Cheers,
    Tomas

     
    • aloeee

      aloeee - 2014-04-21

      Ok, but how can I configure EJBCA so that I can use only one user to generate certificates?
      At the moment I have the following configuration:

      RA Functions->Add End Entity:

      End Entity Profile: ssl_server
      Username: test
      Password: test
      Batch generation: checked
      Subject DN Attributes:
      =====================
      C: EE
      L: City
      O: Test company
      OU: Test company
      Certificate profile: ssl_server
      CA: TestCA
      Token: PEM

      The first certificate has CN field test1 and the second certificate has CN field test2. I could add the first certificate successfully but when I tried to add the second certificate, the following error occurred: "End entity already exists, choose another Username."

      Entityprofile is added as an attachment.

      Br,

      Alo

       
      Last edit: aloeee 2014-04-21
  • Anders Rundgren

    Anders Rundgren - 2014-04-21

    You just edit the end-entity for each new certificate

    Cheers
    Anders

     
    • aloeee

      aloeee - 2014-04-21

      Anders, what do you mean by "You just edit the end-entity for each new certificate"?. I'm trying to create a lot of certificates with just ONE user and password and just generate them with the bin/ejbca.sh batch command.

       
  • aloeee

    aloeee - 2014-04-21

    Does this mean that I always need to change the user status to NEW before I can create another certificate with the same user and password?

     
  • Anders Rundgren

    Anders Rundgren - 2014-04-21

    Yes, it does

    Anders

     
  • aloeee

    aloeee - 2014-04-21

    I tried this:

    1. Created a new end-entity with the username test and password test (CN: test cert1)
      on the command line I ran the following command:

    bin/ejbca.sh batch test

    Generating keys in directory /opt/ejbca/p12.
    Loading configuration from defaults.
    Generating RSA keys of size 2048 for test.
    Created Keystore for 'test'.
    New user generated successfully - test.

    If I search test user status, then I get status NEW for this user.

    bin/ejbca.sh ra findendentity test

    Found end entity:
    Username: test
    Password: test
    DN: "CN=test cert1,OU=Test unit,O=Test company,L=City,C=EE"
    Alt Name: "null"
    Directory Attributes: ""
    E-Mail: null
    Status: 10
    Type: 1
    Token Type: 4
    End Entity Profile ID: 503291280
    Certificate Profile ID: 163070057
    Hard Token Issuer ID: 0
    Created: Mon Apr 21 12:51:11 GMT+00:00 2014
    Modified: Mon Apr 21 12:56:16 GMT+00:00 2014

    1. Tried to create another certificate with the same username and the same password but with a different CN (test cert2).
      When I hit Add from GUI, then I got this "End entity already exists, choose another Username." error.

    I don't get where or what did I do wrong.

     
  • Anders Rundgren

    Anders Rundgren - 2014-04-21

    Search end entities
    select for edit
    change CN
    save

    I think you can do this from the CLI as well

    Good luck
    Anders

     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks