Menu
▾
▴
ejbca-develop — Development discussions
You can subscribe to this list here.
| 2001 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
(1) |
Dec
(3) |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2002 |
Jan
(3) |
Feb
(2) |
Mar
(8) |
Apr
(3) |
May
(6) |
Jun
(1) |
Jul
(15) |
Aug
(6) |
Sep
|
Oct
(10) |
Nov
(2) |
Dec
(4) |
| 2003 |
Jan
(1) |
Feb
(7) |
Mar
(3) |
Apr
(6) |
May
(7) |
Jun
(5) |
Jul
(5) |
Aug
(25) |
Sep
(14) |
Oct
(2) |
Nov
|
Dec
(2) |
| 2004 |
Jan
(7) |
Feb
(4) |
Mar
(12) |
Apr
(16) |
May
(43) |
Jun
(56) |
Jul
(43) |
Aug
(40) |
Sep
(66) |
Oct
(12) |
Nov
(26) |
Dec
(10) |
| 2005 |
Jan
(13) |
Feb
(33) |
Mar
(16) |
Apr
(7) |
May
(10) |
Jun
(34) |
Jul
(41) |
Aug
(8) |
Sep
(4) |
Oct
(32) |
Nov
(20) |
Dec
(25) |
| 2006 |
Jan
(30) |
Feb
(101) |
Mar
(5) |
Apr
(75) |
May
(74) |
Jun
(22) |
Jul
(6) |
Aug
(70) |
Sep
(19) |
Oct
(21) |
Nov
(31) |
Dec
(50) |
| 2007 |
Jan
(15) |
Feb
(20) |
Mar
(24) |
Apr
(33) |
May
(13) |
Jun
(18) |
Jul
(13) |
Aug
(7) |
Sep
(63) |
Oct
(68) |
Nov
(29) |
Dec
(68) |
| 2008 |
Jan
(30) |
Feb
(33) |
Mar
(30) |
Apr
(103) |
May
(78) |
Jun
(48) |
Jul
(72) |
Aug
(24) |
Sep
(62) |
Oct
(63) |
Nov
(70) |
Dec
(37) |
| 2009 |
Jan
(34) |
Feb
(35) |
Mar
(64) |
Apr
(34) |
May
(34) |
Jun
(58) |
Jul
(30) |
Aug
(30) |
Sep
(46) |
Oct
(52) |
Nov
(12) |
Dec
(23) |
| 2010 |
Jan
(121) |
Feb
(18) |
Mar
(53) |
Apr
(62) |
May
(62) |
Jun
(20) |
Jul
(33) |
Aug
(20) |
Sep
(36) |
Oct
(35) |
Nov
(44) |
Dec
(63) |
| 2011 |
Jan
(19) |
Feb
(32) |
Mar
(94) |
Apr
(41) |
May
(47) |
Jun
(25) |
Jul
(34) |
Aug
(20) |
Sep
(9) |
Oct
(41) |
Nov
(33) |
Dec
(24) |
| 2012 |
Jan
(12) |
Feb
(36) |
Mar
(48) |
Apr
(32) |
May
(20) |
Jun
(15) |
Jul
(32) |
Aug
(13) |
Sep
(33) |
Oct
(54) |
Nov
(25) |
Dec
(16) |
| 2013 |
Jan
(45) |
Feb
(39) |
Mar
(38) |
Apr
(50) |
May
(29) |
Jun
(30) |
Jul
(33) |
Aug
(12) |
Sep
(9) |
Oct
(25) |
Nov
(29) |
Dec
(20) |
| 2014 |
Jan
(25) |
Feb
(19) |
Mar
(16) |
Apr
(33) |
May
(27) |
Jun
(37) |
Jul
(29) |
Aug
(27) |
Sep
(37) |
Oct
(58) |
Nov
(109) |
Dec
(26) |
| 2015 |
Jan
(4) |
Feb
(35) |
Mar
(22) |
Apr
(35) |
May
(28) |
Jun
(20) |
Jul
(4) |
Aug
(16) |
Sep
(37) |
Oct
(13) |
Nov
(13) |
Dec
(14) |
| 2016 |
Jan
(22) |
Feb
(7) |
Mar
(23) |
Apr
(30) |
May
(10) |
Jun
(10) |
Jul
(15) |
Aug
(12) |
Sep
(22) |
Oct
(31) |
Nov
(5) |
Dec
(5) |
| 2017 |
Jan
(30) |
Feb
(25) |
Mar
(28) |
Apr
(4) |
May
(19) |
Jun
(13) |
Jul
(7) |
Aug
(1) |
Sep
(2) |
Oct
(5) |
Nov
(12) |
Dec
(2) |
| 2018 |
Jan
(7) |
Feb
|
Mar
(7) |
Apr
(2) |
May
(8) |
Jun
(18) |
Jul
(6) |
Aug
(3) |
Sep
(15) |
Oct
(33) |
Nov
(13) |
Dec
(7) |
| 2019 |
Jan
(5) |
Feb
(7) |
Mar
(30) |
Apr
(5) |
May
(4) |
Jun
(69) |
Jul
(86) |
Aug
(22) |
Sep
(6) |
Oct
(7) |
Nov
(5) |
Dec
(3) |
| 2020 |
Jan
(10) |
Feb
(12) |
Mar
(22) |
Apr
(5) |
May
(1) |
Jun
(4) |
Jul
(6) |
Aug
|
Sep
(9) |
Oct
|
Nov
|
Dec
(1) |
| 2021 |
Jan
(4) |
Feb
(11) |
Mar
(7) |
Apr
(7) |
May
|
Jun
(3) |
Jul
(10) |
Aug
(6) |
Sep
|
Oct
|
Nov
(18) |
Dec
(2) |
| 2022 |
Jan
(1) |
Feb
(1) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
(4) |
Sep
|
Oct
|
Nov
|
Dec
|
| 2023 |
Jan
|
Feb
|
Mar
|
Apr
(1) |
May
(1) |
Jun
|
Jul
|
Aug
(5) |
Sep
|
Oct
|
Nov
|
Dec
|
|
From: ejbca-support <ejb...@pr...> - 2013-04-22 12:04:42
|
On 2013-04-22 11:33, eilaf sorkatti wrote: > Hi, > > When I try to run my jboss server "jboss-5.1.0.GA <http://jboss-5.1.0.GA>" I get these errors, Any one could help aboout the reasons of the errors > > 09:25:28,385 ERROR [STDERR] Apr 22, 2013 9:25:28 AM com.sun.xml.ws.transport.http.servlet.WSServletContextListener contextInitialized > INFO: WSSERVLET12: JAX-WS context listener initializing > 09:25:28,645 ERROR [STDERR] Apr 22, 2013 9:25:28 AM com.sun.xml.ws.transport.http.servlet.RuntimeEndpointInfoParser processWsdlLocation > INFO: wsdl cannot be found from DD or annotation. Will generate and publish a new WSDL for SEI endpoints. > 09:25:29,872 ERROR [STDERR] Apr 22, 2013 9:25:29 AM com.sun.xml.ws.transport.http.servlet.WSServletDelegate init > INFO: WSSERVLET14: JAX-WS servlet initializing If you (for example) run JDK 7 you may get strange errors. For EJBCA JDK 6 is the current requirement. Cheers Anders tech support > > > -- > Eilaf > University Of Khartoum > School Of Mathematical science > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Toru T. <tanaka_toru@g.ogis-ri.co.jp> - 2013-04-22 11:50:58
|
Hi, all I read this article. http://blog.ejbca.org/2012/05/new-features-in-ejbca-5.html And I understand the difference between EJBCA 4 and EJBCA 5. This arcticle said EJBCA 5.0 has follows features except Common Criteria Certificaion. -Certified access control and authorization module, for assurance and high trust role separation. -Integrity protected security audit log, with digital signature or HMAC protection. -Improved security audit log messages, complete information that is auditable. -Full database integrity protection of all tables, to detect database manipulation. -Authentication of local CLI users enabling role separation also for local CLI. -Penetration tested with improved security. About these feature,I have a question. Has EJBCA 5.0 these feature as standard feature? Or in order to have these feature, does EJBCA 5.0 need other software, modules, and so on? Please give me infomation. Thanks in advance Toru Tanaka |
|
From: eilaf s. <eil...@gm...> - 2013-04-22 06:34:01
|
Hi, When I try to run my jboss server "jboss-5.1.0.GA" I get these errors, Any one could help aboout the reasons of the errors 09:25:28,385 ERROR [STDERR] Apr 22, 2013 9:25:28 AM com.sun.xml.ws.transport.http.servlet.WSServletContextListener contextInitialized INFO: WSSERVLET12: JAX-WS context listener initializing 09:25:28,645 ERROR [STDERR] Apr 22, 2013 9:25:28 AM com.sun.xml.ws.transport.http.servlet.RuntimeEndpointInfoParser processWsdlLocation INFO: wsdl cannot be found from DD or annotation. Will generate and publish a new WSDL for SEI endpoints. 09:25:29,872 ERROR [STDERR] Apr 22, 2013 9:25:29 AM com.sun.xml.ws.transport.http.servlet.WSServletDelegate init INFO: WSSERVLET14: JAX-WS servlet initializing -- Eilaf University Of Khartoum School Of Mathematical science |
|
From: Tomas G. <to...@pr...> - 2013-04-20 00:58:51
|
Sorry, but context is lost in this thread? How about X509CA.setDefaultCRLDistPoint()? On 04/20/2013 05:20 AM, Marcos Fontana wrote: > Hi Tomas, i've already tryed, but the option to insert the URI and a > plenty of others options are unabled too. > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Marcos F. <mar...@ho...> - 2013-04-19 21:20:44
|
Hi Tomas, i've already tryed, but the option to insert the URI and a plenty of others options are unabled too. |
|
From: Tomas G. <to...@pr...> - 2013-04-19 01:09:27
|
Check "ocsp.includecertchain" in ocsp.properties. Cheers, Tomas PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ Twitter: twitter.com/primekeyPKI On 04/18/2013 06:04 AM, 孙伟 wrote: > Hello, > > I am a tester currently testing with EJBCA OCSP function. I have a > question on the OCSP response. Generally we have the OCSP response > including the signing certificate, I wonder if there is a way to exclude > the signing certificate or make it unavailable from the OCSP response? > > Just curious about it, can anybody help? > > Regards, > Kevin > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Tomas G. <to...@pr...> - 2013-04-18 23:59:20
|
You have to add the CRL Dist point in the certificate profile used when issuing the certificates. The Default Dist Point, set in CA, can be used by the cert profile. Check in the certificate profiles. Cheers, Tomas On 04/18/2013 03:49 AM, Marcos Fontana wrote: > Hi Tomas, > > When I'm creating the certificates through the AdminGUI, on the fields > *Default CRL Dist. Point *even generating it, in the certificate, the > CRL point is not showed. How this should me done? > > The crlstore.properties was placed right. > > Thank you! > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: 孙伟 <kev...@gm...> - 2013-04-17 22:04:31
|
Hello, I am a tester currently testing with EJBCA OCSP function. I have a question on the OCSP response. Generally we have the OCSP response including the signing certificate, I wonder if there is a way to exclude the signing certificate or make it unavailable from the OCSP response? Just curious about it, can anybody help? Regards, Kevin |
|
From: Marcos F. <mar...@ho...> - 2013-04-17 19:49:27
|
Hi Tomas, When I'm creating the certificates through the AdminGUI, on the fields Default CRL Dist. Point even generating it, in the certificate, the CRL point is not showed. How this should me done? The crlstore.properties was placed right. Thank you! |
|
From: parveez b. m. <par...@re...> - 2013-04-17 15:05:04
|
Hi, Thanks for your reply. I would be calling the API(EJBCA) from java application for fetching the private key and Digital Certificate based on criteria. Could you please suggest the best approach. Regards, Parveez On Wed, 17 Apr 2013 19:29:15 +0530 wrote >Hi, One of EJBCA's strong points is the integration. There are sooo many different ways to do what you are asking, so many protocols :-) The are standard protocosl: - CMP: http://www.ejbca.org/adminguide.html#CMP - SCEP: http://www.ejbca.org/adminguide.html#Scep There are non-standard protocols: - WebService: http://www.ejbca.org/adminguide.html#EJBCA%20Web%20Service%20Interface There is direct Java (JEE) interface: - EJBCA plug-ins: http://www.ejbca.org/adminguide.html#EJBCA%20Plugins - Example source code: http://www.ejbca.org/adminguide.html#Using%20the%20demo%20servlet - More example source code in: modules/ejbca-ejb/cli, modules/systemtests etc... Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 04/17/2013 05:29 PM, parveez basha mohammad wrote: > Dear All, > I have below requirement > > I would be using Admin UI of the CA for the following: > 1. create Asymmetric Key pair > 2. Generate Digital Certificate. > 3. Save Digital certificates recieved by third party. > > > Now in my Java Project I would be doing the below: > > Fetch the Asymmetric(Private Key) from EJBCA > Fetch the Digital Certificate from EJBCA > > Does EJBCA has interfaces which can be used by external > applications(similar to above).Have anyone implemented similar use case > using EJBCA > > Thanks and Regards, > Parveez > > > > Get your own *FREE* website and domain with business email solutions, > click here > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Tomas G. <to...@pr...> - 2013-04-17 13:59:01
|
Hi, One of EJBCA's strong points is the integration. There are sooo many different ways to do what you are asking, so many protocols :-) The are standard protocosl: - CMP: http://www.ejbca.org/adminguide.html#CMP - SCEP: http://www.ejbca.org/adminguide.html#Scep There are non-standard protocols: - WebService: http://www.ejbca.org/adminguide.html#EJBCA%20Web%20Service%20Interface There is direct Java (JEE) interface: - EJBCA plug-ins: http://www.ejbca.org/adminguide.html#EJBCA%20Plugins - Example source code: http://www.ejbca.org/adminguide.html#Using%20the%20demo%20servlet - More example source code in: modules/ejbca-ejb/cli, modules/systemtests etc... Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 04/17/2013 05:29 PM, parveez basha mohammad wrote: > Dear All, > I have below requirement > > I would be using Admin UI of the CA for the following: > 1. create Asymmetric Key pair > 2. Generate Digital Certificate. > 3. Save Digital certificates recieved by third party. > > > Now in my Java Project I would be doing the below: > > Fetch the Asymmetric(Private Key) from EJBCA > Fetch the Digital Certificate from EJBCA > > Does EJBCA has interfaces which can be used by external > applications(similar to above).Have anyone implemented similar use case > using EJBCA > > Thanks and Regards, > Parveez > <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?> > > > Get your own *FREE* website and domain with business email solutions, > click here > <http://track.rediff.com/click?url=___http://hosting.rediff.com/rediffmailpro/business-email?sc_cid=sig___&cmp=sig&lnk=sig&nsrv1=host> > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: parveez b. m. <par...@re...> - 2013-04-17 09:29:56
|
Dear All, I have below requirement I would be using Admin UI of the CA for the following: 1. create Asymmetric Key pair 2. Generate Digital Certificate. 3. Save Digital certificates recieved by third party. Now in my Java Project I would be doing the below: Fetch the Asymmetric(Private Key) from EJBCA Fetch the Digital Certificate from EJBCA Does EJBCA has interfaces which can be used by external applications(similar to above).Have anyone implemented similar use case using EJBCA Thanks and Regards, Parveez |
|
From: Tomas G. <to...@pr...> - 2013-04-17 06:08:56
|
Ah cool,then they had at least though about not using default password in the original installation :) On 04/17/2013 01:01 PM, Duarte Silva wrote: > No the problem was that it wasn't the default password (foo123), atleast > not for the root CA and sub CA used to sign the certificates. The conf > directory only had the sample files (remember that the system was > installed as a PoC but in the end was used in production pffffff). For > the more curious, the password used was 05813... I don't even know where > that comes from :P > > Later I figured out that I was lucky that the CA's were in auto > activation, otherwise when I restarted JBoss the password would have > been lost. I could also have checked the database for the pin'ed > password (I don't know where it is saved though) but in the end, I still > would have to deobfuscate it. > > I will purpose to management that in the new system, the administration > CA is the only that will use the password on file, the signing CA and > sub CA will use a different password each that will be stored in a > vault, they wont be in auto activation mode. If by some reason the > physical server or JBoss gets restarted a recovery process will have to > be followed where access to the password's/CA's needs to be approved. > > If the server gets owned they will still have to use it to create fake > certs (unless they know what to search for in the process memory) > instead of just extracting the CA's and using them externally. It's > about time to harden up things :) > > On 17 Apr 2013 00:41, "Tomas Gustavsson" <to...@pr... > <mailto:to...@pr...>> wrote: > > > An impressive demonstration of java skills! > > You were probably using the default keystore password. > So the other, even simpler option, would have been to look in the file > conf/ejbca.properties, where is is configured :-) > > If you require non-configured passwords in the future you can use CA > passwords that are not configured in any file, so you have to activate > your CAs manually with a password if you restart JBoss. > > I hope you will consider contributing to EJBCA in the future, people > with debugging skills are always needed :-) > > Cheers, > Tomas > > On 04/17/2013 12:46 AM, Duarte Silva wrote: > > I was able to recover the CA keystore password > > > > I downloaded the source code for EJBCA version 3.8.0 and after > grep'ing around > > I found the function loadKeystore(..., String keystorepass) in > the class > > SoftCAToken. > > > > Then I decided to import the code into Eclipse, start JBoss in > debug mode with > > the Eclipse debugger attached, a breakpoint in that function and > bam, instant > > password recovery!! > > > > In the end the password itself would be easly cracked by a > brute-force attack, > > but the way I did it as so much more style eheheh :P > > > > Best regards, > > Duarte Silva > > > > > > On Tuesday 16 April 2013 08:41:00 Tomas Gustavsson wrote: > >> There are always alternatives... > >> > >> I think you have many options depending on how much you know about > >> databases, or java programming etc. And how much time/money you > want to > >> spend. > >> > >> If you want to migrate to another database: > >> > >> You can write a program to export database contents and import into > >> another database. You can find HSQLDB tools (don't know if there is > >> any?) to SQL dump the database contents to import into another > database. > >> Or you can export the CAs and individual certificates to file > (of not > >> too many) and import it all in a new installation using the > EJBCA CLI. > >> > >> PrimeKey has some tools for the common criteria certified version of > >> EJBCA, EJBCA 5, that can be used to migrate between databases. > >> > >> Cheers, > >> Tomas > >> > >> On 04/15/2013 09:28 PM, Duarte Silva wrote: > >>> Hi David, > >>> > >>> the answer I was afraid of, specially because the older version > >>> installation is using a HSQLDB. There aren't any passwords > defined in the > >>> config files and it's been a long time, I don't even remember > what I have > >>> hate yesterday :| > >>> > >>> Is there an alternative way of exporting every CA and bulk > export the > >>> entities to then re-import them in the new installation? > >>> > >>> > >>> Best regards, > >>> Duarte Silva > >>> > >>> On Monday 15 April 2013 14:51:00 David CARELLA wrote: > >>>> Hi Duarte, > >>>> > >>>> You can see the documentation in EJBCA_HOME/doc/RELEASE_NOTES and > >>>> UPGRADE for information about upgrading from an earlier > version of EJBCA. > >>>> > >>>> To upgrade from 3.8.0, you will need to upgrade from 3.8.0 to > 3.11.x, > >>>> then from 3.11.x to 4.0.14. > >>>> > >>>> Cheers, > >>>> David Carella > >>>> > >>>> On 04/15/2013 01:48 PM, Duarte Silva wrote: > >>>>> Hi all, > >>>>> > >>>>> I have been using EJBCA since 2008, it is a old version > (3.8.0) and at > >>>>> the > >>>>> time the way the installation was done, wasn't the smartest. > Now I'm > >>>>> trying to migrate the old system to the new version of EJBCA. > >>>>> > >>>>> I have installed the new version in a proper manner (with an > actual > >>>>> database and so on) in a different machine and I'm now trying > to migrate > >>>>> the CA's and Entities to the newly created system. > >>>>> > >>>>> Whats the best approach to do this migration? > >>>>> > >>>>> Thanks in advance, > >>>>> Duarte Silva > >>>>> > >>>>> > ------------------------------------------------------------------------ > >>>>> -- > >>>>> ---- Precog is a next-generation analytics platform capable > of advanced > >>>>> analytics on semi-structured data. The platform includes APIs for > >>>>> building apps and a phenomenal toolset for data science. > Developers can > >>>>> use our toolset for easy data analysis & visualization. Get a > free > >>>>> account! http://www2.precog.com/precogplatform/slashdotnewsletter > >>>>> _______________________________________________ > >>>>> Ejbca-develop mailing list > >>>>> Ejb...@li... > <mailto:Ejb...@li...> > >>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > >>> > >>> > -------------------------------------------------------------------------- > >>> ---- Precog is a next-generation analytics platform capable of > advanced > >>> analytics on semi-structured data. The platform includes APIs for > >>> building apps and a phenomenal toolset for data science. > Developers can > >>> use our toolset for easy data analysis & visualization. Get a free > >>> account! http://www2.precog.com/precogplatform/slashdotnewsletter > >>> _______________________________________________ > >>> Ejbca-develop mailing list > >>> Ejb...@li... > <mailto:Ejb...@li...> > >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > >> > >> > ---------------------------------------------------------------------------- > >> -- Precog is a next-generation analytics platform capable of > advanced > >> analytics on semi-structured data. The platform includes APIs > for building > >> apps and a phenomenal toolset for data science. Developers can > use our > >> toolset for easy data analysis & visualization. Get a free account! > >> http://www2.precog.com/precogplatform/slashdotnewsletter > >> _______________________________________________ > >> Ejbca-develop mailing list > >> Ejb...@li... > <mailto:Ejb...@li...> > >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for > building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free > account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for > building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Duarte S. <dua...@se...> - 2013-04-17 05:25:00
|
No the problem was that it wasn't the default password (foo123), atleast not for the root CA and sub CA used to sign the certificates. The conf directory only had the sample files (remember that the system was installed as a PoC but in the end was used in production pffffff). For the more curious, the password used was 05813... I don't even know where that comes from :P Later I figured out that I was lucky that the CA's were in auto activation, otherwise when I restarted JBoss the password would have been lost. I could also have checked the database for the pin'ed password (I don't know where it is saved though) but in the end, I still would have to deobfuscate it. I will purpose to management that in the new system, the administration CA is the only that will use the password on file, the signing CA and sub CA will use a different password each that will be stored in a vault, they wont be in auto activation mode. If by some reason the physical server or JBoss gets restarted a recovery process will have to be followed where access to the password's/CA's needs to be approved. If the server gets owned they will still have to use it to create fake certs (unless they know what to search for in the process memory) instead of just extracting the CA's and using them externally. It's about time to harden up things :) On 17 Apr 2013 00:41, "Tomas Gustavsson" <to...@pr...> wrote: > > An impressive demonstration of java skills! > > You were probably using the default keystore password. > So the other, even simpler option, would have been to look in the file > conf/ejbca.properties, where is is configured :-) > > If you require non-configured passwords in the future you can use CA > passwords that are not configured in any file, so you have to activate > your CAs manually with a password if you restart JBoss. > > I hope you will consider contributing to EJBCA in the future, people > with debugging skills are always needed :-) > > Cheers, > Tomas > > On 04/17/2013 12:46 AM, Duarte Silva wrote: > > I was able to recover the CA keystore password > > > > I downloaded the source code for EJBCA version 3.8.0 and after grep'ing > around > > I found the function loadKeystore(..., String keystorepass) in the class > > SoftCAToken. > > > > Then I decided to import the code into Eclipse, start JBoss in debug > mode with > > the Eclipse debugger attached, a breakpoint in that function and bam, > instant > > password recovery!! > > > > In the end the password itself would be easly cracked by a brute-force > attack, > > but the way I did it as so much more style eheheh :P > > > > Best regards, > > Duarte Silva > > > > > > On Tuesday 16 April 2013 08:41:00 Tomas Gustavsson wrote: > >> There are always alternatives... > >> > >> I think you have many options depending on how much you know about > >> databases, or java programming etc. And how much time/money you want to > >> spend. > >> > >> If you want to migrate to another database: > >> > >> You can write a program to export database contents and import into > >> another database. You can find HSQLDB tools (don't know if there is > >> any?) to SQL dump the database contents to import into another database. > >> Or you can export the CAs and individual certificates to file (of not > >> too many) and import it all in a new installation using the EJBCA CLI. > >> > >> PrimeKey has some tools for the common criteria certified version of > >> EJBCA, EJBCA 5, that can be used to migrate between databases. > >> > >> Cheers, > >> Tomas > >> > >> On 04/15/2013 09:28 PM, Duarte Silva wrote: > >>> Hi David, > >>> > >>> the answer I was afraid of, specially because the older version > >>> installation is using a HSQLDB. There aren't any passwords defined in > the > >>> config files and it's been a long time, I don't even remember what I > have > >>> hate yesterday :| > >>> > >>> Is there an alternative way of exporting every CA and bulk export the > >>> entities to then re-import them in the new installation? > >>> > >>> > >>> Best regards, > >>> Duarte Silva > >>> > >>> On Monday 15 April 2013 14:51:00 David CARELLA wrote: > >>>> Hi Duarte, > >>>> > >>>> You can see the documentation in EJBCA_HOME/doc/RELEASE_NOTES and > >>>> UPGRADE for information about upgrading from an earlier version of > EJBCA. > >>>> > >>>> To upgrade from 3.8.0, you will need to upgrade from 3.8.0 to 3.11.x, > >>>> then from 3.11.x to 4.0.14. > >>>> > >>>> Cheers, > >>>> David Carella > >>>> > >>>> On 04/15/2013 01:48 PM, Duarte Silva wrote: > >>>>> Hi all, > >>>>> > >>>>> I have been using EJBCA since 2008, it is a old version (3.8.0) and > at > >>>>> the > >>>>> time the way the installation was done, wasn't the smartest. Now I'm > >>>>> trying to migrate the old system to the new version of EJBCA. > >>>>> > >>>>> I have installed the new version in a proper manner (with an actual > >>>>> database and so on) in a different machine and I'm now trying to > migrate > >>>>> the CA's and Entities to the newly created system. > >>>>> > >>>>> Whats the best approach to do this migration? > >>>>> > >>>>> Thanks in advance, > >>>>> Duarte Silva > >>>>> > >>>>> > ------------------------------------------------------------------------ > >>>>> -- > >>>>> ---- Precog is a next-generation analytics platform capable of > advanced > >>>>> analytics on semi-structured data. The platform includes APIs for > >>>>> building apps and a phenomenal toolset for data science. Developers > can > >>>>> use our toolset for easy data analysis & visualization. Get a free > >>>>> account! http://www2.precog.com/precogplatform/slashdotnewsletter > >>>>> _______________________________________________ > >>>>> Ejbca-develop mailing list > >>>>> Ejb...@li... > >>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > >>> > >>> > -------------------------------------------------------------------------- > >>> ---- Precog is a next-generation analytics platform capable of advanced > >>> analytics on semi-structured data. The platform includes APIs for > >>> building apps and a phenomenal toolset for data science. Developers can > >>> use our toolset for easy data analysis & visualization. Get a free > >>> account! http://www2.precog.com/precogplatform/slashdotnewsletter > >>> _______________________________________________ > >>> Ejbca-develop mailing list > >>> Ejb...@li... > >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > >> > >> > ---------------------------------------------------------------------------- > >> -- Precog is a next-generation analytics platform capable of advanced > >> analytics on semi-structured data. The platform includes APIs for > building > >> apps and a phenomenal toolset for data science. Developers can use our > >> toolset for easy data analysis & visualization. Get a free account! > >> http://www2.precog.com/precogplatform/slashdotnewsletter > >> _______________________________________________ > >> Ejbca-develop mailing list > >> Ejb...@li... > >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for > building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Tomas G. <to...@pr...> - 2013-04-16 23:40:43
|
An impressive demonstration of java skills! You were probably using the default keystore password. So the other, even simpler option, would have been to look in the file conf/ejbca.properties, where is is configured :-) If you require non-configured passwords in the future you can use CA passwords that are not configured in any file, so you have to activate your CAs manually with a password if you restart JBoss. I hope you will consider contributing to EJBCA in the future, people with debugging skills are always needed :-) Cheers, Tomas On 04/17/2013 12:46 AM, Duarte Silva wrote: > I was able to recover the CA keystore password > > I downloaded the source code for EJBCA version 3.8.0 and after grep'ing around > I found the function loadKeystore(..., String keystorepass) in the class > SoftCAToken. > > Then I decided to import the code into Eclipse, start JBoss in debug mode with > the Eclipse debugger attached, a breakpoint in that function and bam, instant > password recovery!! > > In the end the password itself would be easly cracked by a brute-force attack, > but the way I did it as so much more style eheheh :P > > Best regards, > Duarte Silva > > > On Tuesday 16 April 2013 08:41:00 Tomas Gustavsson wrote: >> There are always alternatives... >> >> I think you have many options depending on how much you know about >> databases, or java programming etc. And how much time/money you want to >> spend. >> >> If you want to migrate to another database: >> >> You can write a program to export database contents and import into >> another database. You can find HSQLDB tools (don't know if there is >> any?) to SQL dump the database contents to import into another database. >> Or you can export the CAs and individual certificates to file (of not >> too many) and import it all in a new installation using the EJBCA CLI. >> >> PrimeKey has some tools for the common criteria certified version of >> EJBCA, EJBCA 5, that can be used to migrate between databases. >> >> Cheers, >> Tomas >> >> On 04/15/2013 09:28 PM, Duarte Silva wrote: >>> Hi David, >>> >>> the answer I was afraid of, specially because the older version >>> installation is using a HSQLDB. There aren't any passwords defined in the >>> config files and it's been a long time, I don't even remember what I have >>> hate yesterday :| >>> >>> Is there an alternative way of exporting every CA and bulk export the >>> entities to then re-import them in the new installation? >>> >>> >>> Best regards, >>> Duarte Silva >>> >>> On Monday 15 April 2013 14:51:00 David CARELLA wrote: >>>> Hi Duarte, >>>> >>>> You can see the documentation in EJBCA_HOME/doc/RELEASE_NOTES and >>>> UPGRADE for information about upgrading from an earlier version of EJBCA. >>>> >>>> To upgrade from 3.8.0, you will need to upgrade from 3.8.0 to 3.11.x, >>>> then from 3.11.x to 4.0.14. >>>> >>>> Cheers, >>>> David Carella >>>> >>>> On 04/15/2013 01:48 PM, Duarte Silva wrote: >>>>> Hi all, >>>>> >>>>> I have been using EJBCA since 2008, it is a old version (3.8.0) and at >>>>> the >>>>> time the way the installation was done, wasn't the smartest. Now I'm >>>>> trying to migrate the old system to the new version of EJBCA. >>>>> >>>>> I have installed the new version in a proper manner (with an actual >>>>> database and so on) in a different machine and I'm now trying to migrate >>>>> the CA's and Entities to the newly created system. >>>>> >>>>> Whats the best approach to do this migration? >>>>> >>>>> Thanks in advance, >>>>> Duarte Silva >>>>> >>>>> ------------------------------------------------------------------------ >>>>> -- >>>>> ---- Precog is a next-generation analytics platform capable of advanced >>>>> analytics on semi-structured data. The platform includes APIs for >>>>> building apps and a phenomenal toolset for data science. Developers can >>>>> use our toolset for easy data analysis & visualization. Get a free >>>>> account! http://www2.precog.com/precogplatform/slashdotnewsletter >>>>> _______________________________________________ >>>>> Ejbca-develop mailing list >>>>> Ejb...@li... >>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >>> -------------------------------------------------------------------------- >>> ---- Precog is a next-generation analytics platform capable of advanced >>> analytics on semi-structured data. The platform includes APIs for >>> building apps and a phenomenal toolset for data science. Developers can >>> use our toolset for easy data analysis & visualization. Get a free >>> account! http://www2.precog.com/precogplatform/slashdotnewsletter >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> ---------------------------------------------------------------------------- >> -- Precog is a next-generation analytics platform capable of advanced >> analytics on semi-structured data. The platform includes APIs for building >> apps and a phenomenal toolset for data science. Developers can use our >> toolset for easy data analysis & visualization. Get a free account! >> http://www2.precog.com/precogplatform/slashdotnewsletter >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Arshad N. <ars...@st...> - 2013-04-16 16:53:38
|
Once again, you're a little confused about what a PKI does and what you're looking for. While a PKI is essential to issuing and managing large numbers of digital certificates, its not intended to be used as a repository for applications to retrieve private-keys at will to decrypt data sent by application users. If I understand your use-case correctly, you're looking to register users into your application, perhaps issue them digital certificates (with private-keys) and then use that digital certificate to verify signatures performed by them and decrypt content they might send you. While a PKI can definitely be used to issue the certificate with the private-key, and while the PKI can also be used to escrow the private-key, you don't necessarily want to use the PKI to constantly retrieve the private key to decrypt content since that is really in the realm of "use of certificates" as opposed to "issuance and management of certificates". While you can publish your digital certificates to an LDAP directory to retrieve them at-will and verify signatures, you need something else to retrieve private-keys by applications for decrypting objects and content sent by application users. You can technically use your application database to store the P12 files in the user-record if you want to, but, then you cannot rely on the private-key within this P12 for signing operations, since you also have a copy. You will want to issue two types of certs, one for signing where you do NOT generate/store the private-key anywhere in your infrastructure, and one for encryption operations where you DO want to generate/issue the private-key with the cert. If you want more security to store the P12's instead of relying upon your application database, there are products out there - including one from our company - that can store sensitive objects like keys, P12, data, etc. in a "vault" under strong and hardware cryptographic control. But, that's a separate discussion - and I certainly do not want to hijack an EJBCA forum for that. All this is getting fairly complex for a public forum; my strong recommendation is to read a book - Secure Electronic Commerce - by Warwick Ford and Michael Baum, and then design your application. After you've had a chance to read that, if you have more questions on PKI, this forum can provide answers; but if you have other application-related questions, contact me directly. Arshad Noor StrongAuth, Inc. On 04/16/2013 05:57 AM, parveez basha mohammad wrote: > Thanks Arshad Noor for your reply. > I would be using PKI Tool(EJBCA) Admin UI for creating Asymmetric > KeyPair and generating Digital Certificate for the public key.Along with > this I would be saving Digital Certificate shared by my Project Clients > in PKI Tool. > > I understand EJBCA has interfaces for fetching Digital Certificates and > Private Key. > > In my Project the requirement is to fetch the Asymmetric Key(+ > Algorithm) from PKI tool for decrypting the data. > Also I have to fetch the Digital Certificate from PKI Tool for > retrieving the Public Key/Signature Algorithm for non-repudation. > > Can you please tell me the available interface for the above.And when I > create a Keypair or save a DigitalCertificate will the EJBCA tool > returns some alias string which I can use in future to retrieve the > Keys/DigitalCertificate. > Regards, > Parveez > > > > > On Tue, 16 Apr 2013 02:36:43 +0530 wrote > >Parveez, > > > > You are mixing up two different business requirements into a single > > technology. > > > > The requirement to generate symmetric keys and manage them securely > > is part of a discipline called Symmetric Key Management; the > > requirement to generate and manage asymmetric keys/digital certificates > > is the Public Key Infrastructure. There is, currently, no single > > product that handles both capabilities out-of-the-box on a large-scale > > basis. The JCE KeyStore - which can store both types of objects - is > > useful only on an individual scale. > > > > While EJBCA is the appropriate technology choice for the PKI part of > > your requirements, managing symmetric keys is a little complex because > > there are different ways of solving that problem. Our company alone > > provides three different (free and open-source) ways of dealing with > > the SKM problem: > > > > - By generating keys on the KM server and handing them out to clients > > with policies (http://sourceforge.net/projects/strongkey/) although > > this software is a little dated; > > > > - By generating keys in your application (or on a middle-ware machine > > as a web-service provider) using default key-use policies, and > > sending the key to a KM vault for secure escrow/recovery > > (http://sourceforge.net/projects/skce/); and > > > > - By not dealing with cryptography at all in your application and just > > sending structured data-elements (Credit Card Numbers, Bank A/C > > numbers) to a central KM vault where the data is encrypted, tokenized > > and held in escrow until you retrieve it. There are many advantages > > to this method in that it removes your applications from audit-scope > > for regulatory compliance around cryptography/KM; but it doesn't > > preclude you from using Option #2 at the same time too. > > > > So, while the asymmetric key-management problem gives you one choice - > > PKI (thanks to standardization), you need to determine how you want > > your applications to deal with encryption and/or symmetric keys, > > before you decide which SKM path to choose. > > > > Hope that helps. > > > > Arshad Noor > > StrongAuth, Inc. > > > > On 04/15/2013 11:09 AM, parveez basha mohammad wrote: > > > > > > Dear Yousif Hussin, > > > Thanks for your reply > > > Actually I have a Java Application that would be interacting with PKI > > > tool(EJBCA)through the > > > provided interfaces. > > > The EJBCA would generate Symmetric Key and save it in Keystore(mapped by > > > some alias). > > > My Java Application would fetch the Symmetric Key from EJBCA using the > > > alias. > > > Similary EJBCA would generate the Asymmetric Keys and save the same in > > > Keystore and my Java > > > Application would fetch the same based on alias. > > > > > > Coming to Digital Certificate.The Java Application has to manage Digital > > > Certificates provided > > > by my Project clients.It would use the EJBCA for managing these > > > certificates.The certificates > > > would be passed to the EJBCA.EJB CA should save them in KeyStore(manged > > > by EJBCA) mapped with > > > alias,also notify if the Certificate is going to expire in near future. > > > Also the Java Application has to create a new Key Pair and generate a > > > new Digital Certificate > > > with Public Key and Signature Details.It would be using EJBCA for > > > this.In future I have to > > > share the generated Digital Certificate with my client.I should be able > > > to send the same. > > > > > > could you please confirm my understanding? > > > > > > Thanks and Regards, > > > Parveez > > > On Mon, 15 Apr 2013 21:46:59 +0530 wrote > > > >Dear Parveez, > > > Firstly, since you know that EJBCA is used for PKI systems, you should > > > be familiar with the > > > fact that PKI is a system to manage the Digital Certificate. Starting > > > from your last question, > > > the certificate always contains the Public Key. In fact the Digital > > > Certificate is the binding > > > of the public key to one's identity. > > > > > > Using EJBCA, you can generate Asymmetric keys and sign a Digital > > > Certificate. > > > As for the "saving" of the keys (I'll assume you're talking about the > > > Private Keys), yes you > > > can enable the option of backing up the key. But then it's important to > > > note that you'd better > > > back up Encryption Keys but not Signing Keys. The signing Key should > > > always be with the owner > > > of the key only for non-repudiation purposes. > > > > > > Best Regards;Yousif Hussin > > > > > > On Mon, Apr 15, 2013 at 5:33 PM, parveez basha mohammad wrote: > > > > > > Dear All, > > > > > > I am planning to use EJBCA as PKI tool.Below are some queries > > > > > > > > > > > > Can it generate Symmetric Key and Asymmetric Key(Public Key/Private Key) > > > > > > Will it takes care of saving and retrieving of generated Symmetric and > > > ASymmetric Keys. > > > > > > > > > > > > Will it generate Certicate based on the Public Key > > > > > > Thanks and Regards, > > > > > > Parveez > > > > > > > > > Get your own FREE website and domain with business email solutions, > > > click here > > > > > > > ------------------------------------------------------------------------------ > > > > > > Precog is a next-generation analytics platform capable of advanced > > > > > > analytics on semi-structured data. The platform includes APIs for > building > > > > > > apps and a phenomenal toolset for data science. Developers can use > > > > > > our toolset for easy data analysis & visualization. Get a free account! > > > > > > http://www2.precog.com/precogplatform/slashdotnewsletter > > > _______________________________________________ > > > > > > Ejbca-develop mailing list > > > > > > Ejb...@li... > > > > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > > > > Precog is a next-generation analytics platform capable of advanced > > > > > > analytics on semi-structured data. The platform includes APIs for > building > > > > > > apps and a phenomenal toolset for data science. Developers can use > > > > > > our toolset for easy data analysis & visualization. Get a free account! > > > > > > http://www2.precog.com/precogplatform/slashdotnewsletter > > > _______________________________________________ > > > > > > Ejbca-develop mailing list > > > > > > Ejb...@li... > > > > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > > > > > > > > > Get your own *FREE* website and domain with business email solutions, > > > click here > > > > > > > > > > > > > ------------------------------------------------------------------------------ > > > Precog is a next-generation analytics platform capable of advanced > > > analytics on semi-structured data. The platform includes APIs for > building > > > apps and a phenomenal toolset for data science. Developers can use > > > our toolset for easy data analysis & visualization. Get a free account! > > > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > > > > > > > > > _______________________________________________ > > > Ejbca-develop mailing list > > > Ejb...@li... > > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?> > > > Get your own *FREE* website and domain with business email solutions, > click here > <http://track.rediff.com/click?url=___http://hosting.rediff.com/rediffmailpro/business-email?sc_cid=sig___&cmp=sig&lnk=sig&nsrv1=host> > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Duarte S. <dua...@se...> - 2013-04-16 16:47:38
|
I was able to recover the CA keystore password I downloaded the source code for EJBCA version 3.8.0 and after grep'ing around I found the function loadKeystore(..., String keystorepass) in the class SoftCAToken. Then I decided to import the code into Eclipse, start JBoss in debug mode with the Eclipse debugger attached, a breakpoint in that function and bam, instant password recovery!! In the end the password itself would be easly cracked by a brute-force attack, but the way I did it as so much more style eheheh :P Best regards, Duarte Silva On Tuesday 16 April 2013 08:41:00 Tomas Gustavsson wrote: > There are always alternatives... > > I think you have many options depending on how much you know about > databases, or java programming etc. And how much time/money you want to > spend. > > If you want to migrate to another database: > > You can write a program to export database contents and import into > another database. You can find HSQLDB tools (don't know if there is > any?) to SQL dump the database contents to import into another database. > Or you can export the CAs and individual certificates to file (of not > too many) and import it all in a new installation using the EJBCA CLI. > > PrimeKey has some tools for the common criteria certified version of > EJBCA, EJBCA 5, that can be used to migrate between databases. > > Cheers, > Tomas > > On 04/15/2013 09:28 PM, Duarte Silva wrote: > > Hi David, > > > > the answer I was afraid of, specially because the older version > > installation is using a HSQLDB. There aren't any passwords defined in the > > config files and it's been a long time, I don't even remember what I have > > hate yesterday :| > > > > Is there an alternative way of exporting every CA and bulk export the > > entities to then re-import them in the new installation? > > > > > > Best regards, > > Duarte Silva > > > > On Monday 15 April 2013 14:51:00 David CARELLA wrote: > >> Hi Duarte, > >> > >> You can see the documentation in EJBCA_HOME/doc/RELEASE_NOTES and > >> UPGRADE for information about upgrading from an earlier version of EJBCA. > >> > >> To upgrade from 3.8.0, you will need to upgrade from 3.8.0 to 3.11.x, > >> then from 3.11.x to 4.0.14. > >> > >> Cheers, > >> David Carella > >> > >> On 04/15/2013 01:48 PM, Duarte Silva wrote: > >>> Hi all, > >>> > >>> I have been using EJBCA since 2008, it is a old version (3.8.0) and at > >>> the > >>> time the way the installation was done, wasn't the smartest. Now I'm > >>> trying to migrate the old system to the new version of EJBCA. > >>> > >>> I have installed the new version in a proper manner (with an actual > >>> database and so on) in a different machine and I'm now trying to migrate > >>> the CA's and Entities to the newly created system. > >>> > >>> Whats the best approach to do this migration? > >>> > >>> Thanks in advance, > >>> Duarte Silva > >>> > >>> ------------------------------------------------------------------------ > >>> -- > >>> ---- Precog is a next-generation analytics platform capable of advanced > >>> analytics on semi-structured data. The platform includes APIs for > >>> building apps and a phenomenal toolset for data science. Developers can > >>> use our toolset for easy data analysis & visualization. Get a free > >>> account! http://www2.precog.com/precogplatform/slashdotnewsletter > >>> _______________________________________________ > >>> Ejbca-develop mailing list > >>> Ejb...@li... > >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > -------------------------------------------------------------------------- > > ---- Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for > > building apps and a phenomenal toolset for data science. Developers can > > use our toolset for easy data analysis & visualization. Get a free > > account! http://www2.precog.com/precogplatform/slashdotnewsletter > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ---------------------------------------------------------------------------- > -- Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use our > toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: parveez b. m. <par...@re...> - 2013-04-16 12:57:23
|
Thanks Arshad Noor for your reply. I would be using PKI Tool(EJBCA) Admin UI for creating Asymmetric KeyPair and generating Digital Certificate for the public key.Along with this I would be saving Digital Certificate shared by my Project Clients in PKI Tool. I understand EJBCA has interfaces for fetching Digital Certificates and Private Key. In my Project the requirement is to fetch the Asymmetric Key(+ Algorithm) from PKI tool for decrypting the data. Also I have to fetch the Digital Certificate from PKI Tool for retrieving the Public Key/Signature Algorithm for non-repudation. Can you please tell me the available interface for the above.And when I create a Keypair or save a DigitalCertificate will the EJBCA tool returns some alias string which I can use in future to retrieve the Keys/DigitalCertificate. Regards, Parveez On Tue, 16 Apr 2013 02:36:43 +0530 wrote >Parveez, You are mixing up two different business requirements into a single technology. The requirement to generate symmetric keys and manage them securely is part of a discipline called Symmetric Key Management; the requirement to generate and manage asymmetric keys/digital certificates is the Public Key Infrastructure. There is, currently, no single product that handles both capabilities out-of-the-box on a large-scale basis. The JCE KeyStore - which can store both types of objects - is useful only on an individual scale. While EJBCA is the appropriate technology choice for the PKI part of your requirements, managing symmetric keys is a little complex because there are different ways of solving that problem. Our company alone provides three different (free and open-source) ways of dealing with the SKM problem: - By generating keys on the KM server and handing them out to clients with policies (http://sourceforge.net/projects/strongkey/) although this software is a little dated; - By generating keys in your application (or on a middle-ware machine as a web-service provider) using default key-use policies, and sending the key to a KM vault for secure escrow/recovery (http://sourceforge.net/projects/skce/); and - By not dealing with cryptography at all in your application and just sending structured data-elements (Credit Card Numbers, Bank A/C numbers) to a central KM vault where the data is encrypted, tokenized and held in escrow until you retrieve it. There are many advantages to this method in that it removes your applications from audit-scope for regulatory compliance around cryptography/KM; but it doesn't preclude you from using Option #2 at the same time too. So, while the asymmetric key-management problem gives you one choice - PKI (thanks to standardization), you need to determine how you want your applications to deal with encryption and/or symmetric keys, before you decide which SKM path to choose. Hope that helps. Arshad Noor StrongAuth, Inc. On 04/15/2013 11:09 AM, parveez basha mohammad wrote: > > Dear Yousif Hussin, > Thanks for your reply > Actually I have a Java Application that would be interacting with PKI > tool(EJBCA)through the > provided interfaces. > The EJBCA would generate Symmetric Key and save it in Keystore(mapped by > some alias). > My Java Application would fetch the Symmetric Key from EJBCA using the > alias. > Similary EJBCA would generate the Asymmetric Keys and save the same in > Keystore and my Java > Application would fetch the same based on alias. > > Coming to Digital Certificate.The Java Application has to manage Digital > Certificates provided > by my Project clients.It would use the EJBCA for managing these > certificates.The certificates > would be passed to the EJBCA.EJB CA should save them in KeyStore(manged > by EJBCA) mapped with > alias,also notify if the Certificate is going to expire in near future. > Also the Java Application has to create a new Key Pair and generate a > new Digital Certificate > with Public Key and Signature Details.It would be using EJBCA for > this.In future I have to > share the generated Digital Certificate with my client.I should be able > to send the same. > > could you please confirm my understanding? > > Thanks and Regards, > Parveez > On Mon, 15 Apr 2013 21:46:59 +0530 wrote > >Dear Parveez, > Firstly, since you know that EJBCA is used for PKI systems, you should > be familiar with the > fact that PKI is a system to manage the Digital Certificate. Starting > from your last question, > the certificate always contains the Public Key. In fact the Digital > Certificate is the binding > of the public key to one's identity. > > Using EJBCA, you can generate Asymmetric keys and sign a Digital > Certificate. > As for the "saving" of the keys (I'll assume you're talking about the > Private Keys), yes you > can enable the option of backing up the key. But then it's important to > note that you'd better > back up Encryption Keys but not Signing Keys. The signing Key should > always be with the owner > of the key only for non-repudiation purposes. > > Best Regards;Yousif Hussin > > On Mon, Apr 15, 2013 at 5:33 PM, parveez basha mohammad wrote: > > Dear All, > > I am planning to use EJBCA as PKI tool.Below are some queries > > > > Can it generate Symmetric Key and Asymmetric Key(Public Key/Private Key) > > Will it takes care of saving and retrieving of generated Symmetric and > ASymmetric Keys. > > > > Will it generate Certicate based on the Public Key > > Thanks and Regards, > > Parveez > > > Get your own FREE website and domain with business email solutions, > click here > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > Get your own *FREE* website and domain with business email solutions, > click here > > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: Tomas G. <to...@pr...> - 2013-04-16 00:41:15
|
There are always alternatives... I think you have many options depending on how much you know about databases, or java programming etc. And how much time/money you want to spend. If you want to migrate to another database: You can write a program to export database contents and import into another database. You can find HSQLDB tools (don't know if there is any?) to SQL dump the database contents to import into another database. Or you can export the CAs and individual certificates to file (of not too many) and import it all in a new installation using the EJBCA CLI. PrimeKey has some tools for the common criteria certified version of EJBCA, EJBCA 5, that can be used to migrate between databases. Cheers, Tomas On 04/15/2013 09:28 PM, Duarte Silva wrote: > Hi David, > > the answer I was afraid of, specially because the older version installation > is using a HSQLDB. There aren't any passwords defined in the config files and > it's been a long time, I don't even remember what I have hate yesterday :| > > Is there an alternative way of exporting every CA and bulk export the entities > to then re-import them in the new installation? > > > Best regards, > Duarte Silva > > On Monday 15 April 2013 14:51:00 David CARELLA wrote: >> Hi Duarte, >> >> You can see the documentation in EJBCA_HOME/doc/RELEASE_NOTES and >> UPGRADE for information about upgrading from an earlier version of EJBCA. >> >> To upgrade from 3.8.0, you will need to upgrade from 3.8.0 to 3.11.x, >> then from 3.11.x to 4.0.14. >> >> Cheers, >> David Carella >> >> On 04/15/2013 01:48 PM, Duarte Silva wrote: >>> Hi all, >>> >>> I have been using EJBCA since 2008, it is a old version (3.8.0) and at the >>> time the way the installation was done, wasn't the smartest. Now I'm >>> trying to migrate the old system to the new version of EJBCA. >>> >>> I have installed the new version in a proper manner (with an actual >>> database and so on) in a different machine and I'm now trying to migrate >>> the CA's and Entities to the newly created system. >>> >>> Whats the best approach to do this migration? >>> >>> Thanks in advance, >>> Duarte Silva >>> >>> -------------------------------------------------------------------------- >>> ---- Precog is a next-generation analytics platform capable of advanced >>> analytics on semi-structured data. The platform includes APIs for >>> building apps and a phenomenal toolset for data science. Developers can >>> use our toolset for easy data analysis & visualization. Get a free >>> account! http://www2.precog.com/precogplatform/slashdotnewsletter >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Arshad N. <ars...@st...> - 2013-04-15 21:06:19
|
Parveez, You are mixing up two different business requirements into a single technology. The requirement to generate symmetric keys and manage them securely is part of a discipline called Symmetric Key Management; the requirement to generate and manage asymmetric keys/digital certificates is the Public Key Infrastructure. There is, currently, no single product that handles both capabilities out-of-the-box on a large-scale basis. The JCE KeyStore - which can store both types of objects - is useful only on an individual scale. While EJBCA is the appropriate technology choice for the PKI part of your requirements, managing symmetric keys is a little complex because there are different ways of solving that problem. Our company alone provides three different (free and open-source) ways of dealing with the SKM problem: - By generating keys on the KM server and handing them out to clients with policies (http://sourceforge.net/projects/strongkey/) although this software is a little dated; - By generating keys in your application (or on a middle-ware machine as a web-service provider) using default key-use policies, and sending the key to a KM vault for secure escrow/recovery (http://sourceforge.net/projects/skce/); and - By not dealing with cryptography at all in your application and just sending structured data-elements (Credit Card Numbers, Bank A/C numbers) to a central KM vault where the data is encrypted, tokenized and held in escrow until you retrieve it. There are many advantages to this method in that it removes your applications from audit-scope for regulatory compliance around cryptography/KM; but it doesn't preclude you from using Option #2 at the same time too. So, while the asymmetric key-management problem gives you one choice - PKI (thanks to standardization), you need to determine how you want your applications to deal with encryption and/or symmetric keys, before you decide which SKM path to choose. Hope that helps. Arshad Noor StrongAuth, Inc. On 04/15/2013 11:09 AM, parveez basha mohammad wrote: > > Dear Yousif Hussin, > Thanks for your reply > Actually I have a Java Application that would be interacting with PKI > tool(EJBCA)through the > provided interfaces. > The EJBCA would generate Symmetric Key and save it in Keystore(mapped by > some alias). > My Java Application would fetch the Symmetric Key from EJBCA using the > alias. > Similary EJBCA would generate the Asymmetric Keys and save the same in > Keystore and my Java > Application would fetch the same based on alias. > > Coming to Digital Certificate.The Java Application has to manage Digital > Certificates provided > by my Project clients.It would use the EJBCA for managing these > certificates.The certificates > would be passed to the EJBCA.EJB CA should save them in KeyStore(manged > by EJBCA) mapped with > alias,also notify if the Certificate is going to expire in near future. > Also the Java Application has to create a new Key Pair and generate a > new Digital Certificate > with Public Key and Signature Details.It would be using EJBCA for > this.In future I have to > share the generated Digital Certificate with my client.I should be able > to send the same. > > could you please confirm my understanding? > > Thanks and Regards, > Parveez > On Mon, 15 Apr 2013 21:46:59 +0530 wrote > >Dear Parveez, > Firstly, since you know that EJBCA is used for PKI systems, you should > be familiar with the > fact that PKI is a system to manage the Digital Certificate. Starting > from your last question, > the certificate always contains the Public Key. In fact the Digital > Certificate is the binding > of the public key to one's identity. > > Using EJBCA, you can generate Asymmetric keys and sign a Digital > Certificate. > As for the "saving" of the keys (I'll assume you're talking about the > Private Keys), yes you > can enable the option of backing up the key. But then it's important to > note that you'd better > back up Encryption Keys but not Signing Keys. The signing Key should > always be with the owner > of the key only for non-repudiation purposes. > > Best Regards;Yousif Hussin > > On Mon, Apr 15, 2013 at 5:33 PM, parveez basha mohammad wrote: > > Dear All, > > I am planning to use EJBCA as PKI tool.Below are some queries > > > > Can it generate Symmetric Key and Asymmetric Key(Public Key/Private Key) > > Will it takes care of saving and retrieving of generated Symmetric and > ASymmetric Keys. > > > > Will it generate Certicate based on the Public Key > > Thanks and Regards, > > Parveez > > > Get your own FREE website and domain with business email solutions, > click here > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > ------------------------------------------------------------------------------ > > Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for building > > apps and a phenomenal toolset for data science. Developers can use > > our toolset for easy data analysis & visualization. Get a free account! > > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?> > > > Get your own *FREE* website and domain with business email solutions, > click here > <http://track.rediff.com/click?url=___http://hosting.rediff.com/rediffmailpro/business-email?sc_cid=sig___&cmp=sig&lnk=sig&nsrv1=host> > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: parveez b. m. <par...@re...> - 2013-04-15 18:09:48
|
Dear Yousif Hussin, Thanks for your reply Actually I have a Java Application that would be interacting with PKI tool(EJBCA)through the provided interfaces. The EJBCA would generate Symmetric Key and save it in Keystore(mapped by some alias). My Java Application would fetch the Symmetric Key from EJBCA using the alias. Similary EJBCA would generate the Asymmetric Keys and save the same in Keystore and my Java Application would fetch the same based on alias. Coming to Digital Certificate.The Java Application has to manage Digital Certificates provided by my Project clients.It would use the EJBCA for managing these certificates.The certificates would be passed to the EJBCA.EJB CA should save them in KeyStore(manged by EJBCA) mapped with alias,also notify if the Certificate is going to expire in near future. Also the Java Application has to create a new Key Pair and generate a new Digital Certificate with Public Key and Signature Details.It would be using EJBCA for this.In future I have to share the generated Digital Certificate with my client.I should be able to send the same. could you please confirm my understanding? Thanks and Regards, Parveez On Mon, 15 Apr 2013 21:46:59 +0530 wrote >Dear Parveez, Firstly, since you know that EJBCA is used for PKI systems, you should be familiar with the fact that PKI is a system to manage the Digital Certificate. Starting from your last question, the certificate always contains the Public Key. In fact the Digital Certificate is the binding of the public key to one's identity. Using EJBCA, you can generate Asymmetric keys and sign a Digital Certificate. As for the "saving" of the keys (I'll assume you're talking about the Private Keys), yes you can enable the option of backing up the key. But then it's important to note that you'd better back up Encryption Keys but not Signing Keys. The signing Key should always be with the owner of the key only for non-repudiation purposes. Best Regards;Yousif Hussin On Mon, Apr 15, 2013 at 5:33 PM, parveez basha mohammad wrote: Dear All, I am planning to use EJBCA as PKI tool.Below are some queries Can it generate Symmetric Key and Asymmetric Key(Public Key/Private Key) Will it takes care of saving and retrieving of generated Symmetric and ASymmetric Keys. Will it generate Certicate based on the Public Key Thanks and Regards, Parveez Get your own FREE website and domain with business email solutions, click here ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop ------------------------------------------------------------------------------ Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: yousif h. <yoh...@gm...> - 2013-04-15 16:16:40
|
Dear Parveez, Firstly, since you know that EJBCA is used for PKI systems, you should be familiar with the fact that PKI is a system to manage the Digital Certificate. Starting from your last question, the certificate always contains the Public Key. In fact the Digital Certificate is the binding of the public key to one's identity. Using EJBCA, you can generate Asymmetric keys and sign a Digital Certificate. As for the "saving" of the keys (I'll assume you're talking about the Private Keys), yes you can enable the option of backing up the key. But then it's important to note that you'd better back up Encryption Keys but not Signing Keys. The signing Key should always be with the owner of the key only for non-repudiation purposes. Best Regards; Yousif Hussin On Mon, Apr 15, 2013 at 5:33 PM, parveez basha mohammad < par...@re...> wrote: > Dear All, > I am planning to use EJBCA as PKI tool.Below are some queries > > Can it generate Symmetric Key and Asymmetric Key(Public Key/Private Key) > Will it takes care of saving and retrieving of generated Symmetric and > ASymmetric Keys. > > Will it generate Certicate based on the Public Key > Thanks and Regards, > Parveez > > <http://sigads.rediff.com/RealMedia/ads/click_nx.ads/www.rediffmail.com/signatureline.htm@Middle?> > Get your own *FREE* website and domain with business email solutions, click > here<http://track.rediff.com/click?url=___http://hosting.rediff.com/rediffmailpro/business-email?sc_cid=sig___&cmp=sig&lnk=sig&nsrv1=host> > > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > |
|
From: parveez b. m. <par...@re...> - 2013-04-15 14:34:09
|
Dear All, I am planning to use EJBCA as PKI tool.Below are some queries Can it generate Symmetric Key and Asymmetric Key(Public Key/Private Key) Will it takes care of saving and retrieving of generated Symmetric and ASymmetric Keys. Will it generate Certicate based on the Public Key Thanks and Regards, Parveez |
|
From: Duarte S. <dua...@se...> - 2013-04-15 13:29:28
|
Hi David, the answer I was afraid of, specially because the older version installation is using a HSQLDB. There aren't any passwords defined in the config files and it's been a long time, I don't even remember what I have hate yesterday :| Is there an alternative way of exporting every CA and bulk export the entities to then re-import them in the new installation? Best regards, Duarte Silva On Monday 15 April 2013 14:51:00 David CARELLA wrote: > Hi Duarte, > > You can see the documentation in EJBCA_HOME/doc/RELEASE_NOTES and > UPGRADE for information about upgrading from an earlier version of EJBCA. > > To upgrade from 3.8.0, you will need to upgrade from 3.8.0 to 3.11.x, > then from 3.11.x to 4.0.14. > > Cheers, > David Carella > > On 04/15/2013 01:48 PM, Duarte Silva wrote: > > Hi all, > > > > I have been using EJBCA since 2008, it is a old version (3.8.0) and at the > > time the way the installation was done, wasn't the smartest. Now I'm > > trying to migrate the old system to the new version of EJBCA. > > > > I have installed the new version in a proper manner (with an actual > > database and so on) in a different machine and I'm now trying to migrate > > the CA's and Entities to the newly created system. > > > > Whats the best approach to do this migration? > > > > Thanks in advance, > > Duarte Silva > > > > -------------------------------------------------------------------------- > > ---- Precog is a next-generation analytics platform capable of advanced > > analytics on semi-structured data. The platform includes APIs for > > building apps and a phenomenal toolset for data science. Developers can > > use our toolset for easy data analysis & visualization. Get a free > > account! http://www2.precog.com/precogplatform/slashdotnewsletter > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: David C. <dca...@li...> - 2013-04-15 13:08:36
|
Hi Duarte, You can see the documentation in EJBCA_HOME/doc/RELEASE_NOTES and UPGRADE for information about upgrading from an earlier version of EJBCA. To upgrade from 3.8.0, you will need to upgrade from 3.8.0 to 3.11.x, then from 3.11.x to 4.0.14. Cheers, David Carella On 04/15/2013 01:48 PM, Duarte Silva wrote: > Hi all, > > I have been using EJBCA since 2008, it is a old version (3.8.0) and at the > time the way the installation was done, wasn't the smartest. Now I'm trying to > migrate the old system to the new version of EJBCA. > > I have installed the new version in a proper manner (with an actual database > and so on) in a different machine and I'm now trying to migrate the CA's and > Entities to the newly created system. > > Whats the best approach to do this migration? > > Thanks in advance, > Duarte Silva > > ------------------------------------------------------------------------------ > Precog is a next-generation analytics platform capable of advanced > analytics on semi-structured data. The platform includes APIs for building > apps and a phenomenal toolset for data science. Developers can use > our toolset for easy data analysis & visualization. Get a free account! > http://www2.precog.com/precogplatform/slashdotnewsletter > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
106 messages has been excluded from this view by a project administrator.
