Menu
▾
▴
ejbca-develop
|
From: stupidtss <sim...@si...> - 2009-09-07 07:44:02
|
This post is a little bit off-topic. Please accept my apologies. I am new to programming, and I was assigned to work on the CVCA Key Management Protocol for SPOC. One of the input parameter required (for the RequestCertificate message) is the "certificate request". Can anyone here point me the way on how to construct and handle this "certificate request"? Thanks very much. -- View this message in context: http://www.nabble.com/Anyone-familiar-with-CVCA-Key-Management-Protocol-for-SPOC--tp25326299p25326299.html Sent from the EjbCA - Dev mailing list archive at Nabble.com. |
|
From: Tham W. <ejb...@pr...> - 2009-09-07 09:55:51
|
Hi, See: http://www.ejbca.org/cvccas.html#Command%20line%20client for information about how to create a certificate request for a DV. I hope that will give the information you are looking for. Kind regards, Tham stupidtss wrote: > This post is a little bit off-topic. Please accept my apologies. > > I am new to programming, and I was assigned to work on the CVCA Key > Management Protocol for SPOC. > > One of the input parameter required (for the RequestCertificate message) is > the "certificate request". Can anyone here point me the way on how to > construct and handle this "certificate request"? Thanks very much. > |
|
From: stupidtss <sim...@si...> - 2009-09-09 04:00:19
|
Thanks.
I use the web Administration interface and create a user called
"spoc_certReq", password="password" with
"CN=spoc_certReq". All other leave blank.
Then when I use the following command, error occur:
...\ejbcawscli>cvcwscli cvcrequest spoc_certReq password "C=,
CN=spoc_certReq password "C=, CN=spoc_certReq" null RSA 1024 true certReq
Enrolling user:
Username: spoc_certReq
Subject name: C=, CN=spoc_certReq
Sequence: null
Signature algorithm: RSA
Key spec: 1024
Generating a new request with base filename: certReq
No sequence given, using random 5 number sequence: 68036
java.lang.NullPointerException
org.ejbca.ui.cli.ErrorAdminCommandException: java.lang.NullPointerException
at
org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211)
at
org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30)
Caused by: java.lang.NullPointerException
at org.ejbca.cvc.ReferenceField.(init)(ReferenceField.java:43)
at
org.ejbca.cvc.HolderReferenceField.(init)(HolderReferenceField.java:33)
at
org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:133)
... 1 more
What is the problem? Is it a necessary to use "ejbcawsracli" to create user
for cvcrequest (I have difficulty in using "ejbcawsracli" to create user as
there are many fields that I do not know how to fill in)?
Thanks in advance.
stupidtss
Johan Eklund wrote:
>
> Hi,
>
> See: http://www.ejbca.org/cvccas.html#Command%20line%20client for
> information about how to create a certificate request for a DV.
>
> I hope that will give the information you are looking for.
>
> Kind regards,
> Tham
>
> stupidtss wrote:
>> This post is a little bit off-topic. Please accept my apologies.
>>
>> I am new to programming, and I was assigned to work on the CVCA Key
>> Management Protocol for SPOC.
>>
>> One of the input parameter required (for the RequestCertificate message)
>> is
>> the "certificate request". Can anyone here point me the way on how to
>> construct and handle this "certificate request"? Thanks very much.
>>
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
> 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
--
View this message in context: http://www.nabble.com/Anyone-familiar-with-CVCA-Key-Management-Protocol-for-SPOC--tp25326299p25358183.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.
|
|
From: Tomas G. <to...@pr...> - 2009-09-09 05:19:54
|
Try with a better command: cvcwscli cvcrequest spoc_certReq password "CN=spoc,C=SE" 00001 SHA256WithRSA 1024 true certReq CN is maximum 8 characters, you must have a country code, signature algorithm is SHA256WithRSA etc... Cheers, Tomas stupidtss wrote: > Thanks. > > I use the web Administration interface and create a user called > "spoc_certReq", password="password" with > "CN=spoc_certReq". All other leave blank. > > Then when I use the following command, error occur: > > ...\ejbcawscli>cvcwscli cvcrequest spoc_certReq password "C=, > CN=spoc_certReq password "C=, CN=spoc_certReq" null RSA 1024 true certReq > > Enrolling user: > Username: spoc_certReq > Subject name: C=, CN=spoc_certReq > Sequence: null > Signature algorithm: RSA > Key spec: 1024 > Generating a new request with base filename: certReq > No sequence given, using random 5 number sequence: 68036 > java.lang.NullPointerException > org.ejbca.ui.cli.ErrorAdminCommandException: java.lang.NullPointerException > at > org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211) > at > org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30) > Caused by: java.lang.NullPointerException > at org.ejbca.cvc.ReferenceField.(init)(ReferenceField.java:43) > at > org.ejbca.cvc.HolderReferenceField.(init)(HolderReferenceField.java:33) > at > org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:133) > ... 1 more > > What is the problem? Is it a necessary to use "ejbcawsracli" to create user > for cvcrequest (I have difficulty in using "ejbcawsracli" to create user as > there are many fields that I do not know how to fill in)? > > Thanks in advance. > > stupidtss > > > Johan Eklund wrote: >> Hi, >> >> See: http://www.ejbca.org/cvccas.html#Command%20line%20client for >> information about how to create a certificate request for a DV. >> >> I hope that will give the information you are looking for. >> >> Kind regards, >> Tham >> >> stupidtss wrote: >>> This post is a little bit off-topic. Please accept my apologies. >>> >>> I am new to programming, and I was assigned to work on the CVCA Key >>> Management Protocol for SPOC. >>> >>> One of the input parameter required (for the RequestCertificate message) >>> is >>> the "certificate request". Can anyone here point me the way on how to >>> construct and handle this "certificate request"? Thanks very much. >>> >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> 30-Day >> trial. Simplify your report design, integration and deployment - and focus >> on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > |
|
From: stupidtss <sim...@si...> - 2009-09-09 06:36:24
|
Thanks very much for your kind assistance.
I have tried the new command. The following error messages come out.
...
...
Generating a new request with base filename: certReq
Wrote binary request to: certReq.cvreq
Wrote private key in PKCS#8 format to to: certReq.pkcs8
Submitting CVC request for user 'spoc_certReq'.
java.lang.Exception: Shared library 'superadmin.jks' does not exist
org.ejbca.ui.cli.ErrorAdminCommandException: java.lang.Exception: Shared
library 'superadmin.jks' does not exist
at
org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211)
at
org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30)
at
org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.checkIfFIleExits(EJBCAWSRABaseCommand.java:175)
at
org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.(init)(EJBCAWSRABaseCommand.java:133)
at
org.ejbca.core.protocol.ws.client.CvcRequestCommand.(init)(CvcRequestCommand.java:70)
at
org.ejbca.core.protocol.ws.client.EJBCAWSRACommandFactory.getCommand(EJBCAWSRACommandFactory.java:69)
at
org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:27)
In folder \ejbcawscli, certReq.cvreq (311 bytes) and certReq.pkcs8 (634
bytes) are created. Does it means the command is successful and the error
can be ignored?
stupidtss
Tomas Gustavsson wrote:
>
>
> Try with a better command:
>
> cvcwscli cvcrequest spoc_certReq password "CN=spoc,C=SE" 00001
> SHA256WithRSA 1024 true certReq
>
> CN is maximum 8 characters, you must have a country code, signature
> algorithm is SHA256WithRSA etc...
>
> Cheers,
> Tomas
>
>
>
> stupidtss wrote:
>> Thanks.
>>
>> I use the web Administration interface and create a user called
>> "spoc_certReq", password="password" with
>> "CN=spoc_certReq". All other leave blank.
>>
>> Then when I use the following command, error occur:
>>
>> ...\ejbcawscli>cvcwscli cvcrequest spoc_certReq password "C=,
>> CN=spoc_certReq password "C=, CN=spoc_certReq" null RSA 1024 true certReq
>>
>> Enrolling user:
>> Username: spoc_certReq
>> Subject name: C=, CN=spoc_certReq
>> Sequence: null
>> Signature algorithm: RSA
>> Key spec: 1024
>> Generating a new request with base filename: certReq
>> No sequence given, using random 5 number sequence: 68036
>> java.lang.NullPointerException
>> org.ejbca.ui.cli.ErrorAdminCommandException:
>> java.lang.NullPointerException
>> at
>> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211)
>> at
>> org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30)
>> Caused by: java.lang.NullPointerException
>> at org.ejbca.cvc.ReferenceField.(init)(ReferenceField.java:43)
>> at
>> org.ejbca.cvc.HolderReferenceField.(init)(HolderReferenceField.java:33)
>> at
>> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:133)
>> ... 1 more
>>
>> What is the problem? Is it a necessary to use "ejbcawsracli" to create
>> user
>> for cvcrequest (I have difficulty in using "ejbcawsracli" to create user
>> as
>> there are many fields that I do not know how to fill in)?
>>
>> Thanks in advance.
>>
>> stupidtss
>>
>>
>> Johan Eklund wrote:
>>> Hi,
>>>
>>> See: http://www.ejbca.org/cvccas.html#Command%20line%20client for
>>> information about how to create a certificate request for a DV.
>>>
>>> I hope that will give the information you are looking for.
>>>
>>> Kind regards,
>>> Tham
>>>
>>> stupidtss wrote:
>>>> This post is a little bit off-topic. Please accept my apologies.
>>>>
>>>> I am new to programming, and I was assigned to work on the CVCA Key
>>>> Management Protocol for SPOC.
>>>>
>>>> One of the input parameter required (for the RequestCertificate
>>>> message)
>>>> is
>>>> the "certificate request". Can anyone here point me the way on how to
>>>> construct and handle this "certificate request"? Thanks very much.
>>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
>>> 30-Day
>>> trial. Simplify your report design, integration and deployment - and
>>> focus
>>> on
>>> what you do best, core application coding. Discover what's new with
>>> Crystal Reports now. http://p.sf.net/sfu/bobj-july
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>>
>>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008
> 30-Day
> trial. Simplify your report design, integration and deployment - and focus
> on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
--
View this message in context: http://www.nabble.com/Anyone-familiar-with-CVCA-Key-Management-Protocol-for-SPOC--tp25326299p25359382.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.
|
|
From: Tomas G. <to...@pr...> - 2009-09-09 09:12:17
|
You should read the documentation in the User Guide how to get the Webservice interface of EJBCA up and running. It needs certificate authentication so you need to create a JKS for that, and configure everything in ejbcawsracli.properties. /Tomas stupidtss wrote: > Thanks very much for your kind assistance. > > I have tried the new command. The following error messages come out. > > ... > ... > Generating a new request with base filename: certReq > Wrote binary request to: certReq.cvreq > Wrote private key in PKCS#8 format to to: certReq.pkcs8 > Submitting CVC request for user 'spoc_certReq'. > > java.lang.Exception: Shared library 'superadmin.jks' does not exist > org.ejbca.ui.cli.ErrorAdminCommandException: java.lang.Exception: Shared > library 'superadmin.jks' does not exist > at > org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211) > at > org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30) > at > org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.checkIfFIleExits(EJBCAWSRABaseCommand.java:175) > at > org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.(init)(EJBCAWSRABaseCommand.java:133) > at > org.ejbca.core.protocol.ws.client.CvcRequestCommand.(init)(CvcRequestCommand.java:70) > at > org.ejbca.core.protocol.ws.client.EJBCAWSRACommandFactory.getCommand(EJBCAWSRACommandFactory.java:69) > at > org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:27) > > In folder \ejbcawscli, certReq.cvreq (311 bytes) and certReq.pkcs8 (634 > bytes) are created. Does it means the command is successful and the error > can be ignored? > > stupidtss > > > Tomas Gustavsson wrote: >> >> Try with a better command: >> >> cvcwscli cvcrequest spoc_certReq password "CN=spoc,C=SE" 00001 >> SHA256WithRSA 1024 true certReq >> >> CN is maximum 8 characters, you must have a country code, signature >> algorithm is SHA256WithRSA etc... >> >> Cheers, >> Tomas >> >> >> >> stupidtss wrote: >>> Thanks. >>> >>> I use the web Administration interface and create a user called >>> "spoc_certReq", password="password" with >>> "CN=spoc_certReq". All other leave blank. >>> >>> Then when I use the following command, error occur: >>> >>> ...\ejbcawscli>cvcwscli cvcrequest spoc_certReq password "C=, >>> CN=spoc_certReq password "C=, CN=spoc_certReq" null RSA 1024 true certReq >>> >>> Enrolling user: >>> Username: spoc_certReq >>> Subject name: C=, CN=spoc_certReq >>> Sequence: null >>> Signature algorithm: RSA >>> Key spec: 1024 >>> Generating a new request with base filename: certReq >>> No sequence given, using random 5 number sequence: 68036 >>> java.lang.NullPointerException >>> org.ejbca.ui.cli.ErrorAdminCommandException: >>> java.lang.NullPointerException >>> at >>> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211) >>> at >>> org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30) >>> Caused by: java.lang.NullPointerException >>> at org.ejbca.cvc.ReferenceField.(init)(ReferenceField.java:43) >>> at >>> org.ejbca.cvc.HolderReferenceField.(init)(HolderReferenceField.java:33) >>> at >>> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:133) >>> ... 1 more >>> >>> What is the problem? Is it a necessary to use "ejbcawsracli" to create >>> user >>> for cvcrequest (I have difficulty in using "ejbcawsracli" to create user >>> as >>> there are many fields that I do not know how to fill in)? >>> >>> Thanks in advance. >>> >>> stupidtss >>> >>> >>> Johan Eklund wrote: >>>> Hi, >>>> >>>> See: http://www.ejbca.org/cvccas.html#Command%20line%20client for >>>> information about how to create a certificate request for a DV. >>>> >>>> I hope that will give the information you are looking for. >>>> >>>> Kind regards, >>>> Tham >>>> >>>> stupidtss wrote: >>>>> This post is a little bit off-topic. Please accept my apologies. >>>>> >>>>> I am new to programming, and I was assigned to work on the CVCA Key >>>>> Management Protocol for SPOC. >>>>> >>>>> One of the input parameter required (for the RequestCertificate >>>>> message) >>>>> is >>>>> the "certificate request". Can anyone here point me the way on how to >>>>> construct and handle this "certificate request"? Thanks very much. >>>>> >>>> ------------------------------------------------------------------------------ >>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >>>> 30-Day >>>> trial. Simplify your report design, integration and deployment - and >>>> focus >>>> on >>>> what you do best, core application coding. Discover what's new with >>>> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejb...@li... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>>> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> 30-Day >> trial. Simplify your report design, integration and deployment - and focus >> on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > |
|
From: stupidtss <sim...@si...> - 2009-10-09 04:55:27
|
I try to create CVC request. Before that, I think I should create an user so that I can use the WS CLI. Under the "Web Services authentication", I find the following command sample: ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS ejbca ra setclearpwd <1> <2> ejbca batch ejbca admins addadmin "Temporary Super Administrator Group" AdminCA WITHCOMMONNAME QUALCASEINS <1> If my CVC CA is "HK", my DV is HKDV, and there is also a CA called AdminCA1 which is created during installation, which CA should I used in the command above? I have test all three, and only AdminCA1 works. All the other two returns with message saying that CA not found. Should I select AdminCA1 as the name of CA? Furthermore, when I later issue the cvcwscli cvcrequest command, a BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED can be used for cvc. But if I use USERGENERATED in creating the user name, no .JKS is generated and the cvcwscli cvcrequest command returns with an LOGIN_ERROR. Please help. Thanks. stupidtss wrote: > > This post is a little bit off-topic. Please accept my apologies. > > I am new to programming, and I was assigned to work on the CVCA Key > Management Protocol for SPOC. > > One of the input parameter required (for the RequestCertificate message) > is the "certificate request". Can anyone here point me the way on how to > construct and handle this "certificate request"? Thanks very much. > -- View this message in context: http://www.nabble.com/Anyone-familiar-with-CVCA-Key-Management-Protocol-for-SPOC--tp25326299p25815510.html Sent from the EjbCA - Dev mailing list archive at Nabble.com. |
|
From: stupidtss <sim...@si...> - 2009-10-09 05:39:44
|
I have also tested with the superadmin account as set in the ejbcawsracli.properties file but also failed (I have already generated the superadmin.jks and placed it in the \ejbcawscli folder (the error is BAD_USER_TOKEN_TYPE). stupidtss wrote: > > I try to create CVC request. Before that, I think I should create an user > so that I can use the WS CLI. > > Under the "Web Services authentication", I find the following command > sample: > > ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS > ejbca ra setclearpwd <1> <2> > ejbca batch > ejbca admins addadmin "Temporary Super Administrator Group" AdminCA > WITHCOMMONNAME QUALCASEINS <1> > > If my CVC CA is "HK", my DV is HKDV, and there is also a CA called > AdminCA1 which is created during installation, which CA should I used in > the command above? I have test all three, and only AdminCA1 works. All > the other two returns with message saying that CA not found. > > Should I select AdminCA1 as the name of CA? > > Furthermore, when I later issue the cvcwscli cvcrequest command, a > BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED > can be used for cvc. But if I use USERGENERATED in creating the user > name, no .JKS is generated and the cvcwscli cvcrequest command returns > with an LOGIN_ERROR. > > Please help. Thanks. > > > stupidtss wrote: >> >> This post is a little bit off-topic. Please accept my apologies. >> >> I am new to programming, and I was assigned to work on the CVCA Key >> Management Protocol for SPOC. >> >> One of the input parameter required (for the RequestCertificate message) >> is the "certificate request". Can anyone here point me the way on how to >> construct and handle this "certificate request"? Thanks very much. >> > > -- View this message in context: http://www.nabble.com/Anyone-familiar-with-CVCA-Key-Management-Protocol-for-SPOC--tp25326299p25815759.html Sent from the EjbCA - Dev mailing list archive at Nabble.com. |
|
From: Tomas G. <to...@pr...> - 2009-10-09 06:30:55
|
If you have generated a superadmin.jks file you should be all set to use the WS cli. Configure the superadmin.jks in ejbcawsracli.properties and the right password. The command sample is for generating a new administrator keystore to use for WS communication (WS communication is authenticated with client certificate). The admin cert must be from AdminCA, because it must be an x.509 certificate. So you have to separate completely the admin certificates from the CVC certificates. After you have the admin certificate you can use the cvcwscli to create IS certificates. USERGENERATED must be used when adding IS users just as it says. For this you can use the sample commands in http://ejbca.org/cvccas.html Regards, Tomas stupidtss wrote: > I try to create CVC request. Before that, I think I should create an user so > that I can use the WS CLI. > > Under the "Web Services authentication", I find the following command > sample: > > ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS > ejbca ra setclearpwd <1> <2> > ejbca batch > ejbca admins addadmin "Temporary Super Administrator Group" AdminCA > WITHCOMMONNAME QUALCASEINS <1> > > If my CVC CA is "HK", my DV is HKDV, and there is also a CA called AdminCA1 > which is created during installation, which CA should I used in the command > above? I have test all three, and only AdminCA1 works. All the other two > returns with message saying that CA not found. > > Should I select AdminCA1 as the name of CA? > > Furthermore, when I later issue the cvcwscli cvcrequest command, a > BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED can > be used for cvc. But if I use USERGENERATED in creating the user name, no > .JKS is generated and the cvcwscli cvcrequest command returns with an > LOGIN_ERROR. > > Please help. Thanks. > > > stupidtss wrote: >> This post is a little bit off-topic. Please accept my apologies. >> >> I am new to programming, and I was assigned to work on the CVCA Key >> Management Protocol for SPOC. >> >> One of the input parameter required (for the RequestCertificate message) >> is the "certificate request". Can anyone here point me the way on how to >> construct and handle this "certificate request"? Thanks very much. >> > |
|
From: stupidtss <sim...@si...> - 2009-10-09 07:12:19
|
When I submit the following command "cvcwscli cvcrequest superadmin ejbca "C=HK, CN=HKDV" 00001 SHA256WithRSA 1024 true zzz" The error LOGIN_ERROR come out saying tha Got request for user with invalid password: superadmin even though the password is correct. If I Edit End Entity in the GUI and save with the correct password again, the error then changed to INTERNAL_ERROR for the first time, the then LOGIN_ERROR for the second time and after. Is there anything wrong with my command above? Tomas Gustavsson wrote: > > > If you have generated a superadmin.jks file you should be all set to use > the WS cli. > > Configure the superadmin.jks in ejbcawsracli.properties and the right > password. > > The command sample is for generating a new administrator keystore to use > for WS communication (WS communication is authenticated with client > certificate). The admin cert must be from AdminCA, because it must be an > x.509 certificate. > > So you have to separate completely the admin certificates from the CVC > certificates. After you have the admin certificate you can use the > cvcwscli to create IS certificates. USERGENERATED must be used when > adding IS users just as it says. For this you can use the sample > commands in http://ejbca.org/cvccas.html > > Regards, > Tomas > > > stupidtss wrote: >> I try to create CVC request. Before that, I think I should create an >> user so >> that I can use the WS CLI. >> >> Under the "Web Services authentication", I find the following command >> sample: >> >> ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS >> ejbca ra setclearpwd <1> <2> >> ejbca batch >> ejbca admins addadmin "Temporary Super Administrator Group" AdminCA >> WITHCOMMONNAME QUALCASEINS <1> >> >> If my CVC CA is "HK", my DV is HKDV, and there is also a CA called >> AdminCA1 >> which is created during installation, which CA should I used in the >> command >> above? I have test all three, and only AdminCA1 works. All the other >> two >> returns with message saying that CA not found. >> >> Should I select AdminCA1 as the name of CA? >> >> Furthermore, when I later issue the cvcwscli cvcrequest command, a >> BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED >> can >> be used for cvc. But if I use USERGENERATED in creating the user name, >> no >> .JKS is generated and the cvcwscli cvcrequest command returns with an >> LOGIN_ERROR. >> >> Please help. Thanks. >> >> >> stupidtss wrote: >>> This post is a little bit off-topic. Please accept my apologies. >>> >>> I am new to programming, and I was assigned to work on the CVCA Key >>> Management Protocol for SPOC. >>> >>> One of the input parameter required (for the RequestCertificate message) >>> is the "certificate request". Can anyone here point me the way on how >>> to >>> construct and handle this "certificate request"? Thanks very much. >>> >> > > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > -- View this message in context: http://www.nabble.com/Anyone-familiar-with-CVCA-Key-Management-Protocol-for-SPOC--tp25326299p25816478.html Sent from the EjbCA - Dev mailing list archive at Nabble.com. |
|
From: Tomas G. <to...@pr...> - 2009-10-09 07:27:02
|
You do not issue IS certificates to superadmin that is plain wrong. Superadmin is not an inspection system. You have to add an inspection system user first, like in the example I pointed to att ejbca.org. ./ejbcawsracli.sh edituser hkdv foo123 false "CN=HKDV,C=HK" NULL NULL DVCA 1 USERGENERATED NEW IS IS /Tomas stupidtss wrote: > When I submit the following command "cvcwscli cvcrequest superadmin ejbca > "C=HK, CN=HKDV" 00001 SHA256WithRSA 1024 true zzz" > The error LOGIN_ERROR come out saying tha Got request for user with invalid > password: superadmin even though the password is correct. > > If I Edit End Entity in the GUI and save with the correct password again, > the error then changed to INTERNAL_ERROR for the first time, the then > LOGIN_ERROR for the second time and after. > > Is there anything wrong with my command above? > > Tomas Gustavsson wrote: >> >> If you have generated a superadmin.jks file you should be all set to use >> the WS cli. >> >> Configure the superadmin.jks in ejbcawsracli.properties and the right >> password. >> >> The command sample is for generating a new administrator keystore to use >> for WS communication (WS communication is authenticated with client >> certificate). The admin cert must be from AdminCA, because it must be an >> x.509 certificate. >> >> So you have to separate completely the admin certificates from the CVC >> certificates. After you have the admin certificate you can use the >> cvcwscli to create IS certificates. USERGENERATED must be used when >> adding IS users just as it says. For this you can use the sample >> commands in http://ejbca.org/cvccas.html >> >> Regards, >> Tomas >> >> >> stupidtss wrote: >>> I try to create CVC request. Before that, I think I should create an >>> user so >>> that I can use the WS CLI. >>> >>> Under the "Web Services authentication", I find the following command >>> sample: >>> >>> ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS >>> ejbca ra setclearpwd <1> <2> >>> ejbca batch >>> ejbca admins addadmin "Temporary Super Administrator Group" AdminCA >>> WITHCOMMONNAME QUALCASEINS <1> >>> >>> If my CVC CA is "HK", my DV is HKDV, and there is also a CA called >>> AdminCA1 >>> which is created during installation, which CA should I used in the >>> command >>> above? I have test all three, and only AdminCA1 works. All the other >>> two >>> returns with message saying that CA not found. >>> >>> Should I select AdminCA1 as the name of CA? >>> >>> Furthermore, when I later issue the cvcwscli cvcrequest command, a >>> BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED >>> can >>> be used for cvc. But if I use USERGENERATED in creating the user name, >>> no >>> .JKS is generated and the cvcwscli cvcrequest command returns with an >>> LOGIN_ERROR. >>> >>> Please help. Thanks. >>> >>> >>> stupidtss wrote: >>>> This post is a little bit off-topic. Please accept my apologies. >>>> >>>> I am new to programming, and I was assigned to work on the CVCA Key >>>> Management Protocol for SPOC. >>>> >>>> One of the input parameter required (for the RequestCertificate message) >>>> is the "certificate request". Can anyone here point me the way on how >>>> to >>>> construct and handle this "certificate request"? Thanks very much. >>>> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and stay >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> http://p.sf.net/sfu/devconference >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > |
