Menu
▾
▴
ejbca-develop — Development discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(3) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(3) |
Feb
(2) |
Mar
(8) |
Apr
(3) |
May
(6) |
Jun
(1) |
Jul
(15) |
Aug
(6) |
Sep
|
Oct
(10) |
Nov
(2) |
Dec
(4) |
| 2003 |
Jan
(1) |
Feb
(7) |
Mar
(3) |
Apr
(6) |
May
(7) |
Jun
(5) |
Jul
(5) |
Aug
(25) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
(2) |
| 2004 |
Jan
(7) |
Feb
(4) |
Mar
(12) |
Apr
(16) |
May
(43) |
Jun
(56) |
Jul
(43) |
Aug
(40) |
Sep
(66) |
Oct
(12) |
Nov
(26) |
Dec
(10) |
| 2005 |
Jan
(13) |
Feb
(33) |
Mar
(16) |
Apr
(7) |
May
(10) |
Jun
(34) |
Jul
(41) |
Aug
(8) |
Sep
(4) |
Oct
(32) |
Nov
(20) |
Dec
(25) |
| 2006 |
Jan
(30) |
Feb
(101) |
Mar
(5) |
Apr
(75) |
May
(74) |
Jun
(22) |
Jul
(6) |
Aug
(70) |
Sep
(19) |
Oct
(21) |
Nov
(31) |
Dec
(50) |
| 2007 |
Jan
(15) |
Feb
(20) |
Mar
(24) |
Apr
(33) |
May
(13) |
Jun
(18) |
Jul
(13) |
Aug
(7) |
Sep
(63) |
Oct
(68) |
Nov
(29) |
Dec
(68) |
| 2008 |
Jan
(30) |
Feb
(33) |
Mar
(30) |
Apr
(103) |
May
(78) |
Jun
(48) |
Jul
(72) |
Aug
(24) |
Sep
(62) |
Oct
(63) |
Nov
(70) |
Dec
(37) |
| 2009 |
Jan
(34) |
Feb
(35) |
Mar
(64) |
Apr
(34) |
May
(34) |
Jun
(58) |
Jul
(30) |
Aug
(30) |
Sep
(46) |
Oct
(52) |
Nov
(12) |
Dec
(23) |
| 2010 |
Jan
(121) |
Feb
(18) |
Mar
(53) |
Apr
(62) |
May
(62) |
Jun
(20) |
Jul
(33) |
Aug
(20) |
Sep
(36) |
Oct
(35) |
Nov
(44) |
Dec
(63) |
| 2011 |
Jan
(19) |
Feb
(32) |
Mar
(94) |
Apr
(41) |
May
(47) |
Jun
(25) |
Jul
(34) |
Aug
(20) |
Sep
(9) |
Oct
(41) |
Nov
(33) |
Dec
(24) |
| 2012 |
Jan
(12) |
Feb
(36) |
Mar
(48) |
Apr
(32) |
May
(20) |
Jun
(15) |
Jul
(32) |
Aug
(13) |
Sep
(33) |
Oct
(54) |
Nov
(25) |
Dec
(16) |
| 2013 |
Jan
(45) |
Feb
(39) |
Mar
(38) |
Apr
(50) |
May
(29) |
Jun
(30) |
Jul
(33) |
Aug
(12) |
Sep
(9) |
Oct
(25) |
Nov
(29) |
Dec
(20) |
| 2014 |
Jan
(25) |
Feb
(19) |
Mar
(16) |
Apr
(33) |
May
(27) |
Jun
(37) |
Jul
(29) |
Aug
(27) |
Sep
(37) |
Oct
(58) |
Nov
(109) |
Dec
(26) |
| 2015 |
Jan
(4) |
Feb
(35) |
Mar
(22) |
Apr
(35) |
May
(28) |
Jun
(20) |
Jul
(4) |
Aug
(16) |
Sep
(37) |
Oct
(13) |
Nov
(13) |
Dec
(14) |
| 2016 |
Jan
(22) |
Feb
(7) |
Mar
(23) |
Apr
(30) |
May
(10) |
Jun
(10) |
Jul
(15) |
Aug
(12) |
Sep
(22) |
Oct
(31) |
Nov
(5) |
Dec
(5) |
| 2017 |
Jan
(30) |
Feb
(25) |
Mar
(28) |
Apr
(4) |
May
(19) |
Jun
(13) |
Jul
(7) |
Aug
(1) |
Sep
(2) |
Oct
(5) |
Nov
(12) |
Dec
(2) |
| 2018 |
Jan
(7) |
Feb
|
Mar
(7) |
Apr
(2) |
May
(8) |
Jun
(18) |
Jul
(6) |
Aug
(3) |
Sep
(15) |
Oct
(33) |
Nov
(13) |
Dec
(7) |
| 2019 |
Jan
(5) |
Feb
(7) |
Mar
(30) |
Apr
(5) |
May
(4) |
Jun
(69) |
Jul
(86) |
Aug
(22) |
Sep
(6) |
Oct
(7) |
Nov
(5) |
Dec
(3) |
| 2020 |
Jan
(10) |
Feb
(12) |
Mar
(22) |
Apr
(5) |
May
(1) |
Jun
(4) |
Jul
(6) |
Aug
|
Sep
(9) |
Oct
|
Nov
|
Dec
(1) |
| 2021 |
Jan
(4) |
Feb
(11) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(3) |
Jul
(10) |
Aug
(6) |
Sep
|
Oct
|
Nov
(18) |
Dec
(2) |
| 2022 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: Daniel J. <Dan...@e-...> - 2013-06-25 13:27:08
|
clientToolBox run fine when you give it the path of library libcknfast.so
ant slotListIndex=1
clientToolBox is in error when you give the path of configuration file :
ocs-sunpkcs11.cfg
ocs-sunpkcs11.cfg:
name=NFastJava
library=/opt/nfast/toolkits/pkcs11/libcknfast.so
slotListIndex=1
attributes(*, *, *) = {
CKA_TOKEN = true
}
attributes(*, CKO_PUBLIC_KEY, * ) = {
CKA_ENCRYPT = true
CKA_WRAP = true
CKA_VERIFY = true
}
attributes( *, CKO_PRIVATE_KEY, *) = {
CKA_PRIVATE = false
CKA_SENSITIVE = true
CKA_SIGN = true
CKA_DECRYPT = true
CKA_EXTRACTABLE = false
CKA_UNWRAP = true
}
The log trace:
2013-06-25 13:23:47,115 INFO [org.ejbca.util.keystore.KeyTools] Using SUN
PKCS11 provider: sun.security.pkcs11.SunPKCS11
2013-06-25 13:23:47,123 DEBUG
[org.ejbca.util.keystore.KeyStoreContainerP11] Adding provider with name:
SunPKCS11-NFastJava
2013-06-25 13:23:47,123 DEBUG
[org.ejbca.util.keystore.KeyStoreContainerP11] Provider already exists,
not adding.
2013-06-25 13:23:47,132 DEBUG
[org.ejbca.util.keystore.KeyStoreContainerBase] generating...
2013-06-25 13:23:52,920 DEBUG
[org.ejbca.util.keystore.KeyStoreContainerBase] keystore signing algorithm
SHA1withRSA
2013-06-25 13:23:52,953 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command
'PKCS11HSMKeyTool generate /opt/ejbca/conf/sunpkcs11.cfg null pkcs11 4096
defaultTEST' could not be executed.
java.security.ProviderException: Initialization failed
at
sun.security.pkcs11.P11Signature.initialize(P11Signature.java:312)
at
sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:393)
at
java.security.Signature$Delegate.engineInitSign(Signature.java:1113)
at java.security.Signature.initSign(Signature.java:497)
at org.bouncycastle.x509.X509Util.calculateSignature(Unknown
Source)
at
org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source)
at
org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source)
at
org.ejbca.util.keystore.KeyStoreContainerBase.getSelfCertificate(KeyStoreContainerBase.java:144)
at
org.ejbca.util.keystore.KeyStoreContainerBase.generate(KeyStoreContainerBase.java:285)
at
org.ejbca.util.keystore.KeyStoreContainerBase.generateRSA(KeyStoreContainerBase.java:202)
at
org.ejbca.util.keystore.KeyStoreContainerBase.generate(KeyStoreContainerBase.java:234)
at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:139)
at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:290)
at
org.ejbca.ui.cli.PKCS11HSMKeyTool.execute(PKCS11HSMKeyTool.java:47)
at
org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:70)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
CKR_KEY_FUNCTION_NOT_PERMITTED
at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)
at
sun.security.pkcs11.P11Signature.initialize(P11Signature.java:304)
... 15 more
How explain this ?
kind regards
Daniel JAMET
Direction DPM
Tél : +33 1 55 23 31 70
dan...@e-...
____________________________
Société d'Exploitation de Réseaux et de Services Sécurisés
Immeuble "Le Linéa"
1, rue du Général Leclerc
92800 PUTEAUX
|
|
From: Robbie G. <rob...@ru...> - 2013-06-25 01:09:53
|
I have EJBCA running with nCipher HSM and I am using EJBCA's
PKCS11HSMKeyTool to generate a Module key and then generate a RSA
signature. I am successful in generating the RSA signature but when I try to
verify the generated signature using openssl's rsautl, it fails !!! What am
I missing ? The verification succeeds if I use EJBCA's PKCS11HSMKeyTool
tool, but I need to be able to verify using openssl.
Any ideas would be much appreciated. Below are the detailed steps I carried
out
1) Generate 2048 bit PKCS11 RSA Key on HSM (nCiher) - Module key
$ /opt/ejbca/dist/clientToolBox/ejbcaClientToolBox.sh PKCS11HSMKeyTool
generate /home/rgill/pkcs11_config/CodeSigningServer1_pkcs11.cnf 2048
TestingKey
2013-06-24 17:19:04,381 INFO [org.ejbca.util.keystore.KeyTools] Using SUN
PKCS11 provider: sun.security.pkcs11.SunPKCS11
Created certificate with entry TestingKey.
2) Generate CSR
$ /opt/ejbca/dist/clientToolBox/ejbcaClientToolBox.sh PKCS11HSMKeyTool
certreq /opt/nfast/toolkits/pkcs11/libcknfast.so i0 TestingKey
2013-06-24 17:19:17,495 INFO [org.ejbca.util.keystore.KeyTools] Using SUN
PKCS11 provider: sun.security.pkcs11.SunPKCS11
2013-06-24 17:19:17,657 INFO
[org.ejbca.util.keystore.KeyStoreContainerBase] Using named curve parameter
encoding for ECC key.
2013-06-24 17:19:17,742 INFO
[org.ejbca.util.keystore.KeyStoreContainerBase] Wrote csr to file:
TestingKey.pem
3) Extract public key from CSR
$ openssl req -pubkey -in Testing.pem -out PubKey-TestingKey.pem
4) Generate digest to be signed
$ openssl dgst -binary -sha1 -out /tmp/t.dgst.sha1 < /tmp/t.txt
5) Sign using private key on HSM (PKCS11)
$ /opt/ejbca/dist/clientToolBox/ejbcaClientToolBox.sh PKCS11HSMKeyTool sign
/opt/nfast/toolkits/pkcs11/libcknfast.so i0 /tmp/t.dgst.sha1
/tmp/t.dgst.sha1.HSMsigned TestingKey
2013-06-24 17:20:12,678 INFO [org.ejbca.util.keystore.KeyTools] Using SUN
PKCS11 provider: sun.security.pkcs11.SunPKCS11
6) Try and verify using openssl !!!FAILS!!!
$ openssl rsautl -in /tmp/t.dgst.sha1.HSMsigned -out
/tmp/t.dgst.sha1.OUTfromsig -inkey PubKey-TestingKey.pem -pubin -verify
RSA operation error
23304:error:0406706C:rsa routines:RSA_EAY_PUBLIC_DECRYPT:data greater than
mod len:rsa_eay.c:656:
# Check the public key
$ openssl rsa -in PubKey-TestingKey.pem -text -pubin
Public-Key: (2048 bit)
Modulus:
00:b2:b6:de:b6:4c:1f:56:e2:7d:17:e6:f6:b8:d7:
a0:0d:49:f2:42:ba:16:a7:9f:b9:7e:e1:80:8b:eb:
7b:27:a9:b9:be:db:b1:a9:3d:d5:7f:ae:a0:c5:9b:
a6:5f:33:dd:13:fd:e9:87:27:82:ba:94:97:ef:8a:
4c:df:5d:6c:1a:fc:f9:cd:7b:29:3f:a2:2b:7d:03:
30:7f:d4:e2:db:34:a8:da:08:8b:1e:c7:4f:e0:81:
76:20:1c:5a:a5:57:c2:ff:d1:16:bd:6a:24:a3:c3:
1d:91:10:46:9e:ec:ea:d4:c5:d6:f0:8a:7e:a7:bb:
dc:75:44:99:24:ea:8a:b6:c8:98:dd:fb:76:8e:f2:
e1:82:89:1d:55:99:fb:9c:d3:41:cb:64:ec:61:3f:
7e:77:38:6f:9a:2c:1e:27:01:83:7b:e7:ab:6b:ee:
27:f3:41:23:06:87:a1:ec:2c:65:c3:58:69:c8:c1:
54:6e:76:1d:ea:39:d8:05:72:b4:3e:71:dc:59:6d:
46:17:61:4f:1d:72:26:69:ed:00:11:d9:50:bb:8d:
95:77:53:69:7d:ed:30:ea:ab:90:db:57:13:6d:21:
73:f1:45:25:7b:02:c2:48:78:6d:45:96:aa:63:fa:
19:64:4b:8e:47:59:61:0b:22:58:19:b6:e0:b9:47:
a7:2d
Exponent: 65537 (0x10001)
Regards
Robbie
|
|
From: Gémes G. <ge...@kz...> - 2013-06-17 03:50:25
|
2013-06-16 17:11 keltezéssel, Branko Majic írta: > On Sat, 15 Jun 2013 12:56:35 +0200 > Gémes Géza <ge...@kz...> wrote: > >> 2013-06-15 10:04 keltezéssel, Branko Majic írta: >>> On Fri, 14 Jun 2013 21:58:57 +0200 >>> Gémes Géza <ge...@kz...> wrote: >>> >>>> Hi, >>>> >>>> I'm trying to deploy puppet to our network, and as it uses a PKI to >>>> authenticate client systems I'm interested to know if anyone is using >>>> EJBCA as an external CA (having all systems an EJBCA signed certificate) >>>> or as a top level CA (having EJBCA sign the puppetmaster certificate and >>>> let it sign the certificates of client systems). >>>> >>>> Thank you! >>>> >>>> Cheers >>>> >>>> Geza Gemes >>> Hello Géza, >>> >>> As far as I know, nobody has done this. I've actually been at some >>> point curious if such thing could be done with Puppet, though. It would >>> probably be necessary to modularise the certificate-related code in >>> Puppet and implement a web service-based client in Ruby for use with >>> EJBCA. >>> >>> Best regards >>> >>> >> Hi Branko, >> >> I wasn't thinking about a close integration as having puppet ca >> manipulate ejbca certificates, which would be also nice, but not >> strictly necessary for integration. Puppet can work without the ca >> component >> (http://docs.puppetlabs.com/puppet/3/reference/config_ssl_external_ca.html), >> at least starting from 3.2. What I was hoping to get confirmation on is >> that there are adequate EJBCA certificate profiles for signing master >> and agent certificates and some example scep (e.g. jscep scripts) to >> renew the certs of master/agent. If no certificate profiles exist, the >> other working option would be to create a subCA for puppet master. >> >> Cheers >> >> Geza Gemes > I haven't had a look at Puppet-created certificates, but my guess you > could use the standard server and client certificate profiles (SERVER > and ENDUSER) - the important part is probably just the client/server > EKU. > > Best regards > Thank you! Will try to find out what extended key usage puppet is requiring. Cheers Geza Gemes |
|
From: Branko M. <br...@ma...> - 2013-06-16 15:11:49
|
On Sat, 15 Jun 2013 12:56:35 +0200 Gémes Géza <ge...@kz...> wrote: > 2013-06-15 10:04 keltezéssel, Branko Majic írta: > > On Fri, 14 Jun 2013 21:58:57 +0200 > > Gémes Géza <ge...@kz...> wrote: > > > >> Hi, > >> > >> I'm trying to deploy puppet to our network, and as it uses a PKI to > >> authenticate client systems I'm interested to know if anyone is using > >> EJBCA as an external CA (having all systems an EJBCA signed certificate) > >> or as a top level CA (having EJBCA sign the puppetmaster certificate and > >> let it sign the certificates of client systems). > >> > >> Thank you! > >> > >> Cheers > >> > >> Geza Gemes > > Hello Géza, > > > > As far as I know, nobody has done this. I've actually been at some > > point curious if such thing could be done with Puppet, though. It would > > probably be necessary to modularise the certificate-related code in > > Puppet and implement a web service-based client in Ruby for use with > > EJBCA. > > > > Best regards > > > > > Hi Branko, > > I wasn't thinking about a close integration as having puppet ca > manipulate ejbca certificates, which would be also nice, but not > strictly necessary for integration. Puppet can work without the ca > component > (http://docs.puppetlabs.com/puppet/3/reference/config_ssl_external_ca.html), > at least starting from 3.2. What I was hoping to get confirmation on is > that there are adequate EJBCA certificate profiles for signing master > and agent certificates and some example scep (e.g. jscep scripts) to > renew the certs of master/agent. If no certificate profiles exist, the > other working option would be to create a subCA for puppet master. > > Cheers > > Geza Gemes I haven't had a look at Puppet-created certificates, but my guess you could use the standard server and client certificate profiles (SERVER and ENDUSER) - the important part is probably just the client/server EKU. Best regards -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
|
From: Tomas G. <to...@pr...> - 2013-06-16 10:10:04
|
No On 06/16/2013 11:52 AM, sara wrote: > hi, > > i need to know is JBOSS AS7 is compitable with ejbca 4 ?!! > > regards, > > sara > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: sara <sar...@gm...> - 2013-06-16 09:52:13
|
hi, i need to know is JBOSS AS7 is compitable with ejbca 4 ?!! regards, sara |
|
From: Gémes G. <ge...@kz...> - 2013-06-15 10:56:58
|
2013-06-15 10:04 keltezéssel, Branko Majic írta: > On Fri, 14 Jun 2013 21:58:57 +0200 > Gémes Géza <ge...@kz...> wrote: > >> Hi, >> >> I'm trying to deploy puppet to our network, and as it uses a PKI to >> authenticate client systems I'm interested to know if anyone is using >> EJBCA as an external CA (having all systems an EJBCA signed certificate) >> or as a top level CA (having EJBCA sign the puppetmaster certificate and >> let it sign the certificates of client systems). >> >> Thank you! >> >> Cheers >> >> Geza Gemes > Hello Géza, > > As far as I know, nobody has done this. I've actually been at some > point curious if such thing could be done with Puppet, though. It would > probably be necessary to modularise the certificate-related code in > Puppet and implement a web service-based client in Ruby for use with > EJBCA. > > Best regards > > Hi Branko, I wasn't thinking about a close integration as having puppet ca manipulate ejbca certificates, which would be also nice, but not strictly necessary for integration. Puppet can work without the ca component (http://docs.puppetlabs.com/puppet/3/reference/config_ssl_external_ca.html), at least starting from 3.2. What I was hoping to get confirmation on is that there are adequate EJBCA certificate profiles for signing master and agent certificates and some example scep (e.g. jscep scripts) to renew the certs of master/agent. If no certificate profiles exist, the other working option would be to create a subCA for puppet master. Cheers Geza Gemes |
|
From: Branko M. <br...@ma...> - 2013-06-15 08:04:36
|
On Fri, 14 Jun 2013 21:58:57 +0200 Gémes Géza <ge...@kz...> wrote: > Hi, > > I'm trying to deploy puppet to our network, and as it uses a PKI to > authenticate client systems I'm interested to know if anyone is using > EJBCA as an external CA (having all systems an EJBCA signed certificate) > or as a top level CA (having EJBCA sign the puppetmaster certificate and > let it sign the certificates of client systems). > > Thank you! > > Cheers > > Geza Gemes Hello Géza, As far as I know, nobody has done this. I've actually been at some point curious if such thing could be done with Puppet, though. It would probably be necessary to modularise the certificate-related code in Puppet and implement a web service-based client in Ruby for use with EJBCA. Best regards -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
|
From: Gémes G. <ge...@kz...> - 2013-06-14 19:59:20
|
Hi, I'm trying to deploy puppet to our network, and as it uses a PKI to authenticate client systems I'm interested to know if anyone is using EJBCA as an external CA (having all systems an EJBCA signed certificate) or as a top level CA (having EJBCA sign the puppetmaster certificate and let it sign the certificates of client systems). Thank you! Cheers Geza Gemes |
|
From: Tomas G. <to...@pr...> - 2013-06-06 08:46:55
|
You can read examples in the EJBCA documentation at http://www.ejbca.org/adminguide.html#nCipher%20nShield/netHSM. You must start JBoss also with preload, otherwise JBoss will not be able to access the keys you have created, hence you get a "LoginException". Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 06/06/2013 10:37 AM, Daniel JAMET wrote: > Hi, > > Thanks for your response. > > This morning I: > > 1) Create cardset Racine with the command: */opt/nfast/bin/createocs > --module=1 --ocs-quorum 2/3 --name=Racine --name-cards --persist > --timeout=0* > > 2) Create keys with the commands: > * a) /opt/nfast/bin/preload -c Racine > /opt/ejbca/bin/pkcs11HSM.sh generate > /opt/nfast/toolkits/pkcs11/libcknfast.so defaultRoot i1* > * b) /opt/nfast/bin/preload -c Racine > /opt/ejbca/bin/pkcs11HSM.sh generate > /opt/nfast/toolkits/pkcs11/libcknfast.so cryptRoot i1* > * c) /opt/nfast/bin/preload -c Racine > /opt/ejbca/bin/pkcs11HSM.sh generate > /opt/nfast/toolkits/pkcs11/libcknfast.so testRoot i1* > > 3) preload keys : */opt/nfast/bin/preload -c Racine pause* > > 4) Start Jboss with: *sudo /etc/init.d/jboss start* > > 5) Try to create AC 'AC_Racine' with *preload -c Racine > /opt/ejbca/bin/ejbca.sh ca init AC_Racine 'O=SER2S, OU=DPM, C=FR, > CN=AC_Racine' \* > * 'org.ejbca.core.model.ca.catoken.PKCS11CAToken' prompt > 4096 RSA 10000 '1.2.250.1.79.12' \* > * SHA1WithRSA /opt/ejbca/conf/catoken-Racine.properties* > > 6) And i obtain the log ejbca.log int attachment. > > What do you think ? An explanation ? > > Best regards > > Daniel JAMET |
|
From: ejbca-support <ejb...@pr...> - 2013-06-05 14:58:37
|
Hi Daniel, I don't think you have started EJBCA with preload. See http://www.ejbca.org/adminguide.html#nCipher%20nShield/netHSM step 4. Check this and let us know if this was the problem. Best regards, Lars On 2013-06-05 15:07, Daniel JAMET wrote: > Hi all, > > I'm trying to crate an AC with an 2/3 OCS quorum. > > I use only commands line and all the time, the 'ejbca.sh init ca ' > command failed. the reason is in the > file attachement: > > For launch the command 'ejbca.sh init ca': > 1) I use in another session the command preload -i pause (My > keys are permanent), > 2) the exact command is in the file attachment cmt.txt > > How do you explain this ? > > Best regards > > Daniel JAMET > > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. A cloud service to automate IT design, transition and operations > 2. Dashboards that offer high-level views of enterprise services > 3. A single system of record for all IT processes > http://p.sf.net/sfu/servicenow-d2d-j > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Daniel J. <Dan...@e-...> - 2013-06-05 13:07:49
|
/opt/ejbca/bin/ejbca.sh ca init AC_Racine 'CN=AC_Racine, OU=Department, O=MyCompany, C=FR' 'org.ejbca.core.model.ca.catoken.PKCS11CAToken' prompt 4096 RSA 10000 1.2.250.1.79.12 SHA1WithRSA /opt/ejbca/conf/catoken-Racine.properties # Configuration file were you define key name, password and key alias for the HSM. # This file is used when adding a CA using an HSM during 'ant install' or with the CLI (command line interface). # Same as the Hard CA Token Properties in Admin-GUI. # Remove everything in the file and add your own configuration. # # See the User's Guide locally or at ejbca.org for details and the latest news. # # Possible values differ depending on which HSM you are using. # Common for all HSM are: # * certSignKey - the key to be used when signing certificates, can be RSA or ECDSA. # * crlSignKey - the key to be used when signing CLSs, can be RSA or ECDSA. # * keyEncryptKey - the key to be used for key encryption and decryption, this must be an RSA key. # * testKey - the key to be used by HSM status checks, can be RSA or ECDSA. # * hardTokenEncrypt - the key to be used for hardtoken encryption and decryption. PUK will be decrypted by this key. # * defaultKey - the key to be used when no other key is defined for a purpose. If this is the only definition then this key will be used for all purposes. # # Example for nCipher HSM using the JCE interface: # keyStore 2349823489289asd2387234 sharedLibrary /opt/nfast/toolkits/pkcs11/libcknfast.so slotListIndex 1 defaultKey defaultRoot keyEncryptKey cryptRoot hardTokenEncrypt cryptRoot testKey testRoot pin foo123 |
|
From: Branko M. <br...@ma...> - 2013-06-05 10:05:09
|
On Tue, 4 Jun 2013 10:49:53 -0700 孙伟 <kev...@gm...> wrote: > I have been using EJBCA for my OCSP testing and it went well. Recently I am > testing the CLI part of OCSP so I wonder is there a CLI command like > "ejbca.sh ca activateocsp <ca name>" to activate the OCSP serivce of a CA > on EJBCA? If yes, that would be great help since it can go to automation > and it saves time. Hello Kevin, Are you referring to internal OCSP responder that's deployed in CA mode, or stand-alone OCSP responder? In case of internal OCSP responder, you activate it by activating the CA tokens. In case of stand-alone OCSP responder, you can activate it using EJBCA client toolbox as outlined at: http://www.ejbca.org/userguide-ocsp.html#Signature%20token%20activation Then again, if you want to automate things, any reason why you wouldn't set the activation code in your ocsp.properties file (ocsp.p11.p11password) in the first place? Best regards -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
|
From: 孙伟 <kev...@gm...> - 2013-06-04 17:50:00
|
Hello, I have been using EJBCA for my OCSP testing and it went well. Recently I am testing the CLI part of OCSP so I wonder is there a CLI command like "ejbca.sh ca activateocsp <ca name>" to activate the OCSP serivce of a CA on EJBCA? If yes, that would be great help since it can go to automation and it saves time. Thanks and best regards, Kevin |
|
From: ejbca-support <ejb...@pr...> - 2013-06-03 20:10:23
|
On 2013-06-03 21:49, Ma, Brian [HDS] wrote: > Hello EJBCA project administers, > > > > I would like to inquire about the minimum hardware requirements > needed for EJBCA Enterprise PKI. I have looked on your site and > Google, but can only fine software requirements like MySQL and JBoss. > I haven’t been able to find any information on hardware requirements. It starts with 1 G RAM and 5G disk. Then it is all a matter of capacity. Logging can use a lot of disk-space unless you disable or filter it. Cheers Anders tech support > > > > Thank you, > > Brian Ma > > HD Supply IT Intern > > Orlando GSC > > Phone: (407) 822-2981 > > > > > > ------------------------------------------------------------------------------ > How ServiceNow helps IT people transform IT departments: > 1. A cloud service to automate IT design, transition and operations > 2. Dashboards that offer high-level views of enterprise services > 3. A single system of record for all IT processes > http://p.sf.net/sfu/servicenow-d2d-j > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Ma, B. [HDS] <Bri...@hd...> - 2013-06-03 19:49:15
|
Hello EJBCA project administers, I would like to inquire about the minimum hardware requirements needed for EJBCA Enterprise PKI. I have looked on your site and Google, but can only fine software requirements like MySQL and JBoss. I haven't been able to find any information on hardware requirements. Thank you, Brian Ma HD Supply IT Intern Orlando GSC Phone: (407) 822-2981 |
|
From: ejbca-support <ejb...@pr...> - 2013-06-03 13:33:11
|
On 2013-06-03 12:20, Miguel Angel Robledo wrote: > Hi, > > I need install ejbca under glassfishv3... I install on glassfishv2 but is possible on glassfish v3? It doesn't make sense to promote something that we don't officially support: http://ejbca.org/installation.html#Glassfish I'm sure that it can work but probably not without "adjustments". These adjustments probably require proficiency in both java, EJBCA and Glassfish. Cheers Anders tech support > > Regards, > > Miguel > > -- > Ing. Miguel Angel Robledo > Infraestructura de Firma Digital > Secretaría de Tecnologías para la Gestión > Ministerio de Gobierno y Reforma del Estado > Provincia de Santa Fe > San Martín 2466 3° Piso (S3000FSB) Santa Fe > +54 342 4508700/4574891 int 5132 > > > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite > It's a free troubleshooting tool designed for production > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://p.sf.net/sfu/appdyn_d2d_ap2 > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Miguel A. R. <mar...@sa...> - 2013-06-03 10:21:12
|
Hi, I need install ejbca under glassfishv3... I install on glassfishv2 but is possible on glassfish v3? Regards, Miguel -- Ing. Miguel Angel Robledo Infraestructura de Firma Digital Secretaría de Tecnologías para la Gestión Ministerio de Gobierno y Reforma del Estado Provincia de Santa Fe San Martín 2466 3° Piso (S3000FSB) Santa Fe +54 342 4508700/4574891 int 5132 |
|
From: Tomas G. <to...@pr...> - 2013-05-31 07:15:11
|
Hi, We are to announce the release of EJBCA Enterprise Edition version 5.0.10. This is a maintenance release with new features, improvements and bug fixes. In all 20 issues have been fixed. * Noteworthy changes: - Added lots of CLI improvements to create subCA signed by external CAs, edit CAs and profiles, and add and edit services. - It is now possible to create CAs, using the CLI, with explicit ECC key encoding in CA certificate. Useful for ePassport installations. - When creating link certificates they are now issued using the same certificate profile as the CA is using. - Improved support for Elliptic Curve Cryptography (ECC) using the CMP protocol. You can now use CMP in a Suite B compliant way. - The LDAP publisher now supports STARTTLS extension, in addition to pure TLS connections. - The batch enrollment GUI can now use JKS keystores, in addition to PKCS#12 keystores. - Healthcheck messages are now logged in debug log, for easier troubleshooting. You can find the complete changelog in our issue tracker: https://jira.primekey.se/browse/ECA/fixforversion/10644 Regards, PrimeKey EJBCA Team |
|
From: Tomas G. <to...@pr...> - 2013-05-24 12:16:59
|
On 05/23/2013 04:06 PM, Miguel Angel Robledo wrote: > Hi, > > I wanted to know if all system data are stored in database or some data > are to be stored in filesystem. With respect to security wanted to know > how keys private are stored. All system data is stored in filesystem. If you are using an HSM the CAs signing keys are stored in the HSM. If you are using soft keys the CA signing keys are store in the database, encrypted with activation password. > Also, i read the difference in the enterprise version vs community see > the following description "Full database integrity protection of all > tables, to detect database manipulation". In the community there are > levels of security with respect to manipulation of the database? Without "database integrity protection" the database security means apply, i.e. you have username/password and authorization rules set on your database accounts. Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ |
|
From: Miguel A. R. <mar...@sa...> - 2013-05-23 14:26:27
|
Hi, I wanted to know if all system data are stored in database or some data are to be stored in filesystem. With respect to security wanted to know how keys private are stored. Also, i read the difference in the enterprise version vs community see the following description "Full database integrity protection of all tables, to detect database manipulation". In the community there are levels of security with respect to manipulation of the database? Thanks. -- Ing. Miguel Angel Robledo Infraestructura de Firma Digital Secretaría de Tecnologías para la Gestión Ministerio de Gobierno y Reforma del Estado Provincia de Santa Fe San Martín 2466 3° Piso (S3000FSB) Santa Fe +54 342 4508700/4574891 int 5132 |
|
From: Tomas G. <to...@pr...> - 2013-05-23 14:08:43
|
Normally enrollment passwords in EJBCA are one-time passwords. http://www.ejbca.org/faq.html#errorUserStatus If you need to reuse a password multiple times you can uncheck "finish user" in the "Edit CA" settings. Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 05/23/2013 03:55 PM, Jian Wang wrote: > Hi, > I am testing EJBCA XKSM client. I can successfully run register and > reissue commands in XKMS client. But I found once reissue command is > called, the password will be reset to a unknown value by EJBCA server so > that I have to recover it by hand if I want to run register command > again (surely I turn the entity status back to new). I am not sure it is > a bug or required in XKMS specification. > Thanks. > With regards, > Jian > -- > _________________________________________ > Dr. Jian Wang > College of Computer Science and Technology > Jilin University > 2699 Qianjin Road, Changchun, P.R. China > Tel: +86-431-85159419 > Email: wan...@gm... <mailto:wan...@gm...> > QQ: 1332552 > Home Page: http://ccst.jlu.edu.cn/~wangj > _________________________________________ > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Jian W. <wan...@gm...> - 2013-05-23 13:55:53
|
Hi,
I am testing EJBCA XKSM client. I can successfully run register and
reissue commands in XKMS client. But I found once reissue command is
called, the password will be reset to a unknown value by EJBCA server so
that I have to recover it by hand if I want to run register command again
(surely I turn the entity status back to new). I am not sure it is a bug or
required in XKMS specification.
Thanks.
With regards,
Jian
--
_________________________________________
Dr. Jian Wang
College of Computer Science and Technology
Jilin University
2699 Qianjin Road, Changchun, P.R. China
Tel: +86-431-85159419
Email: wan...@gm...
QQ: 1332552
Home Page: http://ccst.jlu.edu.cn/~wangj
_________________________________________
|
|
From: Tomas G. <to...@pr...> - 2013-05-21 14:08:18
|
Hi, The end entity profile in itself only specifies the possible values you can enter for a user. If you look in the Admin GUI you will find a _field_ where you can enter notBefore date. This means that your adduser operation must _set_ the notBefore value, otherwise it will be unset, and the current date will be used. See Validity in http://www.ejbca.org/userguide.html#Certificate%20profiles. I don't think you can set that value using the adduser CLI command? I think you can set it using the WebService CLI though (edituser). Cheers, Tomas ********** PrimeKey Solutions AB Anderstorpsvägen 16, 171 54 Solna, Sweden Mob: +46 (0)707421096 Internet: www.primekey.se Twitter: twitter.com/primekeyPKI ********** On 05/21/2013 03:58 PM, Daniel JAMET wrote: > Hi All, > > I'm wanting to create an end entity on EJBCA with command line. > > 1) I have created two xml files: a certificate profile and an end > entity profile (see the attachment). > > 2) I have imported them with the command <ejbca.sh ca importprofiles rep>. > > 3) I have generated a p12 file with commands <bin/ejbca.sh ra adduser > > , <bin/ejbca.sh ra setclearpwd> > > and <bin/ejbca.sh batch> > > 4) All seemed Ok but the p12 notBefore date isn't the end entity > profile notBefore date. > > notBefore is always the current date. > > Have you any idea ? > > Best regards > > > Daniel JAMET > > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Daniel J. <Dan...@e-...> - 2013-05-21 13:59:01
|
******************************* P12 FILE ***********************************
log1008.p12
****************************************************************************
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
6f:29:da:bd:9c:28:fa:be
Signature Algorithm: sha1WithRSAEncryption
Issuer: CN=AC_LOG, OU=MonService, O=MyCompany, C=FR
Validity
Not Before: May 21 12:12:12 2013 GMT
Not After : Sep 24 12:12:12 2013 GMT
Subject: CN=log1008, OU=MyDepartment, O=MyCompany, C=FR
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (4096 bit)
Modulus (4096 bit):
00:a9:aa:87:07:a2:81:99:8c:c5:87:d1:60:a4:fe:
ea:80:bf:5f:36:59:8e:58:01:e9:fb:00:80:92:25:
09:52:99:ab:83:d0:56:21:f9:24:8c:5c:fd:e3:42:
82:76:e7:1f:49:99:f4:bb:9b:a0:00:2a:8d:74:bc:
6d:55:50:bf:b1:46:e2:9e:6b:7f:cf:fd:46:42:a7:
6a:e7:e1:be:39:31:df:74:01:38:5a:9d:d3:70:f0:
4c:6e:c4:35:3d:d8:59:05:25:50:2c:8a:64:57:e0:
22:6f:4e:13:97:c2:ab:5d:3c:73:58:d1:20:54:34:
ce:05:31:3d:ec:72:20:24:c8:27:a1:14:47:75:d7:
ac:0c:92:10:65:9f:f1:34:52:c1:19:e5:4f:e0:30:
29:db:59:19:d6:3b:1e:27:e8:97:f6:4f:aa:ea:fa:
89:48:70:ce:31:af:f0:04:6a:2d:6c:a1:07:17:e2:
bd:fe:37:05:75:c6:7d:98:18:8c:f6:58:eb:af:ce:
6d:71:d4:cf:37:4c:51:ac:c4:ae:34:0b:96:cc:dd:
2a:7c:41:d5:11:a1:ef:f4:77:d2:02:13:52:77:7a:
22:77:e0:f1:79:43:3a:e4:0a:e3:91:20:f6:2e:87:
56:ce:43:30:44:ca:16:ba:3d:6c:17:74:b6:52:2c:
bd:d8:3a:c4:11:0b:77:af:3f:ef:91:17:d6:11:97:
64:30:35:77:ab:bf:f9:6d:c6:3c:a3:07:5e:c6:3f:
c4:e7:74:28:55:1b:cb:ec:8a:15:54:97:2b:29:0f:
03:0e:21:ca:ad:28:30:e2:2f:77:ea:a9:b6:8c:9f:
52:d3:28:1c:c8:57:1d:2d:8e:5b:ff:2e:e2:b0:89:
27:5f:3a:dc:0a:a2:30:b1:44:21:fd:5d:ed:e3:b3:
eb:a4:25:07:03:31:b6:f0:61:35:62:82:13:c9:42:
a7:d2:b9:bb:1f:5b:6b:56:62:a8:8b:17:4b:ba:ed:
dd:40:7e:7e:cb:30:0d:df:de:ec:9b:1c:c3:c0:af:
52:cf:47:ec:b1:e6:3f:99:0d:f6:bd:e2:f2:84:2a:
9c:57:80:e8:84:73:ff:f4:49:b3:f3:8d:12:be:eb:
e7:a5:fe:59:b4:11:9b:5b:ea:47:06:38:33:bc:25:
6c:d8:97:22:17:e1:dd:4f:53:73:2f:04:b2:1c:e9:
66:74:8f:2a:37:b2:d6:c5:07:d1:17:0d:22:45:bd:
c3:6e:dd:ea:18:21:ee:c3:03:24:6a:22:02:ab:a1:
6f:41:f8:78:95:bf:bc:a0:1f:88:cc:e4:c8:b6:b6:
03:bf:0c:f1:a2:1f:7f:b7:82:a4:f1:86:88:1e:c1:
fd:37:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:72:2B:52:FD:DA:A0:54:45:28:79:8F:70:9A:CE:71:C9:B2:B8:96
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Authority Key Identifier:
keyid:E7:E8:AC:59:2D:89:DA:2D:A6:FF:BA:A4:B3:41:D8:9C:24:2E:88:33
X509v3 Certificate Policies:
Policy: 1.2.250.1.79.12.1
X509v3 Key Usage: critical
Digital Signature, Non Repudiation, CRL Sign
X509v3 Extended Key Usage:
Code Signing
Signature Algorithm: sha1WithRSAEncryption
60:ff:19:db:9c:fe:cd:a3:43:f0:73:05:3c:b3:e0:fc:72:d8:
7d:bb:08:3c:c2:28:b5:3d:e4:5f:37:7c:4f:9c:79:c1:62:a3:
a2:42:2d:30:0a:2d:8d:44:a2:eb:28:fb:8f:bd:42:5e:d0:96:
fe:49:53:d8:05:66:ea:dd:75:76:46:6b:d7:ce:ec:90:b5:36:
07:c9:bc:f3:7f:9c:c9:1e:23:52:80:66:aa:4a:2e:40:30:ef:
bd:0d:f7:70:3f:b2:30:42:bb:b4:69:c4:2e:23:63:b9:c7:c4:
27:53:ba:34:24:bb:c2:ec:0e:a4:f7:b3:f7:8a:3b:89:c5:4c:
60:53:34:b6:6f:cb:22:aa:c7:74:cc:48:47:e2:9a:9e:04:74:
81:b8:7f:7a:a4:98:ce:5b:cc:a6:44:55:d9:d2:ed:00:8d:fc:
c0:a3:21:04:40:6e:19:bc:81:c2:4d:c0:64:2d:ae:cd:38:6e:
68:5a:5b:79:c5:f7:20:b4:c4:c3:6e:62:98:4b:fe:db:29:27:
0a:ca:8c:1c:bd:33:dc:45:99:1c:b7:24:4f:f3:6c:4e:9e:d4:
1a:a2:68:4f:51:d2:bd:2f:3b:13:4c:72:9f:3f:60:45:bc:81:
df:dc:bf:da:d8:55:f1:aa:8b:29:11:5f:10:26:af:39:84:e7:
bf:e6:e3:b7:36:d5:cc:87:fe:8e:fb:ca:1c:67:c1:1f:58:aa:
3a:b4:ca:92:63:29:20:c9:47:4a:da:da:40:7d:66:96:3f:36:
27:82:d9:eb:a1:53:4f:81:87:11:1a:55:d9:e5:2c:bf:c7:71:
3f:f6:13:0d:0e:c3:2d:f8:da:57:94:1a:d3:4d:6c:ef:d9:c9:
60:a5:4e:5a:96:fd:a7:59:31:86:de:aa:50:c6:4a:50:32:4e:
c5:a3:37:36:de:b7:44:57:8a:2d:03:5d:ac:d1:01:0d:ce:67:
6d:00:a8:8b:de:56:ea:6b:07:76:76:57:dc:0c:e4:14:ae:53:
4e:fa:63:4b:83:a7:1b:38:ab:75:19:80:88:27:2f:9f:c0:2c:
99:0e:49:b9:8a:97:a3:cc:ee:a3:ac:26:4c:a1:87:fe:7d:07:
a1:08:ba:2a:e3:ef:c6:d2:fa:4e:ab:46:1b:66:2d:96:d8:ea:
15:0d:9b:3d:16:81:12:59:b8:31:2a:73:15:43:94:7d:ce:91:
48:da:9a:27:9e:23:6f:a2:dd:b4:e7:4e:70:aa:3e:09:a1:a9:
e8:b4:e7:6c:ef:a9:52:6d:b9:81:67:38:04:3e:42:da:c2:bd:
6b:d3:86:3b:d7:1b:76:53:bb:41:15:8c:f5:ff:1f:54:4a:f4:
04:c4:0a:03:b4:b4:6f:b4
Certificate purposes:
SSL client : No
SSL client CA : No
SSL server : No
SSL server CA : No
Netscape SSL server : No
Netscape SSL server CA : No
S/MIME signing : No
S/MIME signing CA : No
S/MIME encryption : No
S/MIME encryption CA : No
CRL signing : Yes
CRL signing CA : No
Any Purpose : Yes
Any Purpose CA : Yes
OCSP helper : Yes
OCSP helper CA : No
-----BEGIN CERTIFICATE-----
MIIFiDCCA3CgAwIBAgIIbynavZwo+r4wDQYJKoZIhvcNAQEFBQAwPDEPMA0GA1UE
AwwGQUNfTE9HMQwwCgYDVQQLDANEUE0xDjAMBgNVBAoMBVNFUjJTMQswCQYDVQQG
EwJGUjAeFw0xMzA1MjExMjEyMTJaFw0xMzA5MjQxMjEyMTJaMD0xEDAOBgNVBAMM
B2xvZzEwMDgxDDAKBgNVBAsMA0RQTTEOMAwGA1UECgwFU0VSMlMxCzAJBgNVBAYT
AkZSMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAqaqHB6KBmYzFh9Fg
pP7qgL9fNlmOWAHp+wCAkiUJUpmrg9BWIfkkjFz940KCducfSZn0u5ugACqNdLxt
VVC/sUbinmt/z/1GQqdq5+G+OTHfdAE4Wp3TcPBMbsQ1PdhZBSVQLIpkV+Aib04T
l8KrXTxzWNEgVDTOBTE97HIgJMgnoRRHddesDJIQZZ/xNFLBGeVP4DAp21kZ1jse
J+iX9k+q6vqJSHDOMa/wBGotbKEHF+K9/jcFdcZ9mBiM9ljrr85tcdTPN0xRrMSu
NAuWzN0qfEHVEaHv9HfSAhNSd3oid+DxeUM65ArjkSD2LodWzkMwRMoWuj1sF3S2
Uiy92DrEEQt3rz/vkRfWEZdkMDV3q7/5bcY8owdexj/E53QoVRvL7IoVVJcrKQ8D
DiHKrSgw4i936qm2jJ9S0ygcyFcdLY5b/y7isIknXzrcCqIwsUQh/V3t47PrpCUH
AzG28GE1YoITyUKn0rm7H1trVmKoixdLuu3dQH5+yzAN397smxzDwK9Sz0fsseY/
mQ32veLyhCqcV4DohHP/9Emz840Svuvnpf5ZtBGbW+pHBjgzvCVs2JciF+HdT1Nz
LwSyHOlmdI8qN7LWxQfRFw0iRb3Dbt3qGCHuwwMkaiICq6FvQfh4lb+8oB+IzOTI
trYDvwzxoh9/t4Kk8YaIHsH9N3UCAwEAAaOBjDCBiTAdBgNVHQ4EFgQUQHIrUv3a
oFRFKHmPcJrOccmyuJYwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTn6KxZLYna
Lab/uqSzQdicJC6IMzAUBgNVHSAEDTALMAkGByqBegFPDAEwDgYDVR0PAQH/BAQD
AgHCMBMGA1UdJQQMMAoGCCsGAQUFBwMDMA0GCSqGSIb3DQEBBQUAA4ICAQBg/xnb
nP7No0PwcwU8s+D8cth9uwg8wii1PeRfN3xPnHnBYqOiQi0wCi2NRKLrKPuPvUJe
0Jb+SVPYBWbq3XV2RmvXzuyQtTYHybzzf5zJHiNSgGaqSi5AMO+9DfdwP7IwQru0
acQuI2O5x8QnU7o0JLvC7A6k97P3ijuJxUxgUzS2b8siqsd0zEhH4pqeBHSBuH96
pJjOW8ymRFXZ0u0AjfzAoyEEQG4ZvIHCTcBkLa7NOG5oWlt5xfcgtMTDbmKYS/7b
KScKyowcvTPcRZkctyRP82xOntQaomhPUdK9LzsTTHKfP2BFvIHf3L/a2FXxqosp
EV8QJq85hOe/5uO3NtXMh/6O+8ocZ8EfWKo6tMqSYykgyUdK2tpAfWaWPzYngtnr
oVNPgYcRGlXZ5Sy/x3E/9hMNDsMt+NpXlBrTTWzv2clgpU5alv2nWTGG3qpQxkpQ
Mk7Fozc23rdEV4otA12s0QENzmdtAKiL3lbqawd2dlfcDOQUrlNO+mNLg6cbOKt1
GYCIJy+fwCyZDkm5ipejzO6jrCZMoYf+fQehCLoq4+/G0vpOq0YbZi2W2OoVDZs9
FoESWbgxKnMVQ5R9zpFI2ponniNvot20505wqj4JoanotOds76lSbbmBZzgEPkLa
wr1r04Y71xt2U7tBFYz1/x9USvQExAoDtLRvtA==
-----END CERTIFICATE-----
********************** ENTITY PROFILE ****************************
entityprofile_EE_ERSB_SIGNATURE_log1008-100001008.xml
******************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<java version="1.6.0_22" class="java.beans.XMLDecoder">
<object class="java.util.HashMap">
<void method="put">
<int>20095</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>0</int>
<string>log1008</string>
</void>
<void method="put">
<int>20094</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>1</int>
<string>log1</string>
</void>
<void method="put">
<int>20093</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>2</int>
<string>true</string>
</void>
<void method="put">
<int>20091</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>5</int>
<string>log1008</string>
</void>
<void method="put">
<int>10038</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10037</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>11</int>
<string>MyDepartment</string>
</void>
<void method="put">
<int>10035</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>12</int>
<string>MyCompagny</string>
</void>
<void method="put">
<int>10034</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>10033</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10032</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10030</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>16</int>
<string>FR</string>
</void>
<void method="put">
<int>10031</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10028</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>10029</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10026</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>26</int>
<string></string>
</void>
<void method="put">
<int>29</int>
<string>100001008</string>
</void>
<void method="put">
<int>28</int>
<string>false</string>
</void>
<void method="put">
<int>10016</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>31</int>
<string>2</string>
</void>
<void method="put">
<int>30</int>
<string>100001008</string>
</void>
<void method="put">
<int>34</int>
<string></string>
</void>
<void method="put">
<int>35</int>
<string>false</string>
</void>
<void method="put">
<int>10012</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>32</int>
<string>2;1;3;4</string>
</void>
<void method="put">
<int>33</int>
<string></string>
</void>
<void method="put">
<int>30097</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>38</int>
<string>-1353778943;774010572;1331868368;1466709454</string>
</void>
<void method="put">
<int>30096</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10011</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30099</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>30098</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>37</int>
<string>1466709454</string>
</void>
<void method="put">
<int>10005</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10001</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10000</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10002</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30093</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>20037</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30094</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>20038</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30095</int>
<boolean>true</boolean>
</void>
<void method="put">
<string>SUBJECTALTNAMEFIELDORDER</string>
<object class="java.util.ArrayList"/>
</void>
<void method="put">
<int>20032</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>20033</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>20034</int>
<boolean>true</boolean>
</void>
<void method="put">
<string>NUMBERARRAY</string>
<object class="java.util.ArrayList">
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>0</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
<void method="add">
<int>1</int>
</void>
</object>
</void>
<void method="put">
<int>20035</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>30091</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>20026</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>20031</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>20030</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>20029</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>20028</int>
<boolean>false</boolean>
</void>
<void method="put">
<string>PRINTINGUSE</string>
<boolean>false</boolean>
</void>
<void method="put">
<int>10099</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10098</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10097</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>20016</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>10096</int>
<boolean>true</boolean>
</void>
<void method="put">
<string>SUBJECTDNFIELDORDER</string>
<object class="java.util.ArrayList">
<void method="add">
<int>500</int>
</void>
<void method="add">
<int>1100</int>
</void>
<void method="add">
<int>1600</int>
</void>
<void method="add">
<int>1200</int>
</void>
</object>
</void>
<void method="put">
<string>REUSECERTIFICATE</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>version</string>
<float>14.0</float>
</void>
<void method="put">
<int>10090</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>20011</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>10091</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10094</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>10095</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>10092</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>20012</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>10093</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>93</int>
<string>-1</string>
</void>
<void method="put">
<int>20002</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>95</int>
<string></string>
</void>
<void method="put">
<int>20000</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>94</int>
<string>-1</string>
</void>
<void method="put">
<int>20001</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>91</int>
<string>false</string>
</void>
<void method="put">
<int>20005</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>90</int>
<string>0</string>
</void>
<void method="put">
<int>98</int>
<string>2013-05-28 12:11</string>
</void>
<void method="put">
<int>99</int>
<string>2013-09-25 12:11</string>
</void>
<void method="put">
<int>96</int>
<string></string>
</void>
<void method="put">
<int>97</int>
<string></string>
</void>
<void method="put">
<string>PRINTINGCOPIES</string>
<int>1</int>
</void>
<void method="put">
<int>30012</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30011</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30005</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30000</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30001</int>
<boolean>true</boolean>
</void>
<void method="put">
<string>SUBJECTDIRATTRFIELDORDER</string>
<object class="java.util.ArrayList"/>
</void>
<void method="put">
<string>ALLOW_MERGEDN_WEBSERVICES</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>PRINTINGSVGDATA</string>
<string></string>
</void>
<void method="put">
<string>PRINTINGDEFAULT</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>PRINTINGSVGFILENAME</string>
<string></string>
</void>
<void method="put">
<string>USEEXTENSIONDATA</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>PRINTINGPRINTERNAME</string>
<string></string>
</void>
<void method="put">
<int>30032</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30033</int>
<boolean>true</boolean>
</void>
<void method="put">
<string>REVERSEFFIELDCHECKS</string>
<boolean>false</boolean>
</void>
<void method="put">
<int>30034</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30037</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30038</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>20097</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>20096</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>20099</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>30026</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>20098</int>
<boolean>false</boolean>
</void>
<void method="put">
<int>30029</int>
<boolean>true</boolean>
</void>
<void method="put">
<string>PRINTINGREQUIRED</string>
<boolean>false</boolean>
</void>
<void method="put">
<int>30031</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30030</int>
<boolean>true</boolean>
</void>
<void method="put">
<int>30016</int>
<boolean>true</boolean>
</void>
</object>
</java>
************************************ CERTPROFILE **************************************
certprofile_CP_ERSB_SIGNATURE_log1008-100001008.xml
***************************************************************************************
<?xml version="1.0" encoding="UTF-8"?>
<java version="1.6.0_22" class="java.beans.XMLDecoder">
<object class="java.util.HashMap">
<void method="put">
<string>numofreqapprovals</string>
<int>1</int>
</void>
<void method="put">
<string>usemicrosofttemplate</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>subjectaltnamesubset</string>
<object class="java.util.ArrayList"/>
</void>
<void method="put">
<string>qccustomstringtext</string>
<string></string>
</void>
<void method="put">
<string>useprivkeyusageperiodnotbefore</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>usepathlengthconstraint</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>usedpublishers</string>
<object class="java.util.ArrayList"/>
</void>
<void method="put">
<string>type</string>
<int>1</int>
</void>
<void method="put">
<string>usecardnumber</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useqcstatementcritical</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>pathlengthconstraint</string>
<int>0</int>
</void>
<void method="put">
<string>availablebitlengths</string>
<object class="java.util.ArrayList">
<void method="add">
<int>1024</int>
</void>
<void method="add">
<int>1536</int>
</void>
<void method="add">
<int>2048</int>
</void>
<void method="add">
<int>4096</int>
</void>
<void method="add">
<int>8192</int>
</void>
</object>
</void>
<void method="put">
<string>useocspnocheck</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>validity</string>
<long>126</long>
</void>
<void method="put">
<string>useqcetsivaluelimit</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>usecertificatepolicies</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>usecrldistributionpoint</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useqcetsiretentionperiod</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>caissuers</string>
<object class="java.util.ArrayList"/>
</void>
<void method="put">
<string>usesubjectaltnamesubset</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>usekeyusage</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>cvcaccessrights</string>
<int>3</int>
</void>
<void method="put">
<string>allowextensionoverride</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>crldistributionpointcritical</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useqcsematicsid</string>
<string></string>
</void>
<void method="put">
<string>usedefaultcrldistributionpoint</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>availablecas</string>
<object class="java.util.ArrayList">
<void method="add">
<int>-1</int>
</void>
</object>
</void>
<void method="put">
<string>privkeyusageperiodstartoffset</string>
<long>604181</long>
</void>
<void method="put">
<string>useauthoritykeyidentifier</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>qccustomstringoid</string>
<string></string>
</void>
<void method="put">
<string>useprivkeyusageperiod</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>certificatepolicies</string>
<object class="java.util.ArrayList">
<void method="add">
<object class="org.ejbca.core.model.ca.certificateprofiles.CertificatePolicy">
<void property="policyID">
<string>1.2.250.1.79.12.1</string>
</void>
</object>
</void>
</object>
</void>
<void method="put">
<string>approvalsettings</string>
<object class="java.util.Collections" method="emptyList"/>
</void>
<void method="put">
<string>usecadefinedfreshestcrl</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>minimumavailablebitlength</string>
<int>0</int>
</void>
<void method="put">
<string>maximumavailablebitlength</string>
<int>8192</int>
</void>
<void method="put">
<string>privkeyusageperiodlength</string>
<long>10368000</long>
</void>
<void method="put">
<string>usedcertificateextensions</string>
<object class="java.util.ArrayList"/>
</void>
<void method="put">
<string>qcetsivaluelimitcurrency</string>
<string></string>
</void>
<void method="put">
<string>qcetsivaluelimit</string>
<int>0</int>
</void>
<void method="put">
<string>subjectkeyidentifiercritical</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>freshestcrluri</string>
<string></string>
</void>
<void method="put">
<string>usesubjectalternativename</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>usecnpostfix</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useauthorityinformationaccess</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>crldistributionpointuri</string>
<string></string>
</void>
<void method="put">
<string>usesubjectkeyidentifier</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>qcetsiretentionperiod</string>
<int>0</int>
</void>
<void method="put">
<string>usebasicconstrants</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>allowvalidityoverride</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>version</string>
<float>35.0</float>
</void>
<void method="put">
<string>usesubjectdnsubset</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>qcetsivaluelimitexp</string>
<int>0</int>
</void>
<void method="put">
<string>usepkixqcsyntaxv2</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>keyusage</string>
<object class="java.util.ArrayList">
<void method="add">
<boolean>true</boolean>
</void>
<void method="add">
<boolean>true</boolean>
</void>
<void method="add">
<boolean>false</boolean>
</void>
<void method="add">
<boolean>false</boolean>
</void>
<void method="add">
<boolean>false</boolean>
</void>
<void method="add">
<boolean>false</boolean>
</void>
<void method="add">
<boolean>true</boolean>
</void>
<void method="add">
<boolean>false</boolean>
</void>
<void method="add">
<boolean>false</boolean>
</void>
</object>
</void>
<void method="put">
<string>useqcetsisignaturedevice</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>keyusagecritical</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>usefreshestcrl</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useldapdnorder</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>useextendedkeyusage</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>extendedkeyusage</string>
<object class="java.util.ArrayList">
<void method="add">
<string>1.3.6.1.5.5.7.3.3</string>
</void>
</object>
</void>
<void method="put">
<string>usesubjectdirattributes</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>certificatepoliciescritical</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useqcetsiqccompliance</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>microsofttemplate</string>
<string></string>
</void>
<void method="put">
<string>authoritykeyidentifiercritical</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>subjectalternativenamecritical</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>allowdnoverride</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>extendedkeyusagecritical</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>subjectdnsubset</string>
<object class="java.util.ArrayList"/>
</void>
<void method="put">
<string>allowkeyusageoverride</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useprivkeyusageperiodnotafter</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>useqccustomstring</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useqcstatement</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>allowcertsnoverride</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>usecrldistributionpointoncrl</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>useqcstatementraname</string>
<string></string>
</void>
<void method="put">
<string>basicconstraintscritical</string>
<boolean>true</boolean>
</void>
<void method="put">
<string>certversion</string>
<string>X509v3</string>
</void>
<void method="put">
<string>usedefaultocspservicelocator</string>
<boolean>false</boolean>
</void>
<void method="put">
<string>ocspservicelocatoruri</string>
<string></string>
</void>
<void method="put">
<string>cnpostfix</string>
<string></string>
</void>
</object>
</java>
|
106 messages has been excluded from this view by a project administrator.
