Thread: [Ejbca-develop] Multiple Certificates Per End Entity

Brought to you by: anatom, hsunmark, karolinhem, mikekushner, and 2 others

ejbca-develop

[Ejbca-develop] Multiple Certificates Per End Entity

From: Mark S. <mse...@ho...> - 2010-01-06 18:06:39

Is it possible to create more than one certificate for any given end entity? I want to be able to create certificates for an end user for different applications and not use the same cert for every user application. I have been and am still digging in the users pages but have not found the answer

 

Thanks

Joenateen
 		 	   		  
_________________________________________________________________
Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
http://clk.atdmt.com/GBL/go/196390709/direct/01/

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Tomas G. <to...@pr...> - 2010-01-07 11:11:53

Yes it is exactly this that is the purpose of the "user" concept, so you
can have multiple certificates easily viewable for each user.

Just issue a new certificate for the same username and it will have
multiple certificates. "Edit End Entity", you can select new certificate
profiles to have different types of certificates.

Cheers,
Tomas
-----
PrimeKey Solutions offers a commercial EJBCA support subscription and
training for EJBCA. Please see www.primekey.se or contact
in...@pr... for more information.
http://www.primekey.se/Services/Support/
http://www.primekey.se/Services/Training/

Mark Seaborn wrote:
> Is it possible to create more than one certificate for any given end entity? I want to be able to create certificates for an end user for different applications and not use the same cert for every user application. I have been and am still digging in the users pages but have not found the answer
> 
>  
> 
> Thanks
> 
> Joenateen
>  		 	   		  
> _________________________________________________________________
> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
> http://clk.atdmt.com/GBL/go/196390709/direct/01/
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev 
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Tham W. <ejb...@pr...> - 2010-01-07 14:11:29

Hi,

Alternatively, in the end entity profile you can set the 'number of 
allowed requests' policy. Then you will be allowed to set allowed number 
of requests when you create the user.

There is a maximum number of five requests though.

Kind regards,
Tham

Tomas Gustavsson wrote:
> Yes it is exactly this that is the purpose of the "user" concept, so you
> can have multiple certificates easily viewable for each user.
>
> Just issue a new certificate for the same username and it will have
> multiple certificates. "Edit End Entity", you can select new certificate
> profiles to have different types of certificates.
>
> Cheers,
> Tomas
> -----
> PrimeKey Solutions offers a commercial EJBCA support subscription and
> training for EJBCA. Please see www.primekey.se or contact
> in...@pr... for more information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
>
> Mark Seaborn wrote:
>   
>> Is it possible to create more than one certificate for any given end entity? I want to be able to create certificates for an end user for different applications and not use the same cert for every user application. I have been and am still digging in the users pages but have not found the answer
>>
>>  
>>
>> Thanks
>>
>> Joenateen
>>  		 	   		  
>> _________________________________________________________________
>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>
>>
>> ------------------------------------------------------------------------
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev 
>>
>>
>> ------------------------------------------------------------------------
>>
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>     
>
>
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Joenateen <mse...@ho...> - 2010-01-07 15:33:08

Ok, so let me see if I have this straight. I am seeing two certificates in
the end user now. But it is not what I expected. In order to create multiple
certificates for a user

1. Create the certificate profiles for each certificate I want to issue.
2. Create the "End Entity Profile" and select the certificates that I want
to have issued to a user assigned to a given "End Entity Profile" in the
"Available Certificate Profiles" list box (multiselect).
3. Create a user and specify the "End Entity Profile" with aforementioned
certificates.
4. Go to the public web section and request the certificates using the
"Create Keystore" link.

Right?

I also am having troubles finding the example code for the external RA
function. I don't have SVN for the windows platform. Is there a zip file
somewhere?
 

Tomas Gustavsson wrote:
> 
> 
> Yes it is exactly this that is the purpose of the "user" concept, so you
> can have multiple certificates easily viewable for each user.
> 
> Just issue a new certificate for the same username and it will have
> multiple certificates. "Edit End Entity", you can select new certificate
> profiles to have different types of certificates.
> 
> Cheers,
> Tomas
> -----
> PrimeKey Solutions offers a commercial EJBCA support subscription and
> training for EJBCA. Please see www.primekey.se or contact
> in...@pr... for more information.
> http://www.primekey.se/Services/Support/
> http://www.primekey.se/Services/Training/
> 
> Mark Seaborn wrote:
>> Is it possible to create more than one certificate for any given end
>> entity? I want to be able to create certificates for an end user for
>> different applications and not use the same cert for every user
>> application. I have been and am still digging in the users pages but have
>> not found the answer
>> 
>>  
>> 
>> Thanks
>> 
>> Joenateen
>>  		 	   		  
>> _________________________________________________________________
>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>> 
>> 
>> ------------------------------------------------------------------------
>> 
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev 
>> 
>> 
>> ------------------------------------------------------------------------
>> 
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and
> easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 

-- 
View this message in context: http://old.nabble.com/Multiple-Certificates-Per-End-Entity-tp27048018p27061821.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Joenateen <mse...@ho...> - 2010-01-07 16:23:09

Thanks, that registered after I wrote the last reply. Thanks for you help
guys.


Johan Eklund wrote:
> 
> You are correct that you will need to use the 'create keystore' option 
> from the public page for each of the certificates you want to create.
> 
> If you followed the steps I mentioned earlier you should not have to use 
> the admin page to set status to new in between.
> 
> Kind regards,
> Tham
> 
> Joenateen wrote:
>> Thanks for the quick response. 
>>
>> So when I follow the steps I listed, I only get one certificate.
>> Specifically the certificate that I ask for in the user interface
>> following
>> the "Create Keystore" link. I do notice that the second step of
>> certificate
>> enrollment asks for which certificate to generate. It generates the
>> certificate specified but I am back to the issue of only getting one
>> certificate. If I go through the process again. It tells me that the user
>> is
>> not in the right state to generate the second certificates. I am sure
>> that I
>> am just using the interfaces wrong. 
>>
>> Now if I go back to the admin screens and put the users back in the "New"
>> state, I can generate the second certificate with no problem. I think I
>> made
>> a bad assumption in assuming that I could generate multiple certificates
>> for
>> the user from one pass through the "Create Keystore" interface. 
>>
>> Is this the intended behavior for the interface in the "out of the box"
>> functionality?
>>
>>
>> Tomas Gustavsson wrote:
>>   
>>> Yes, that is correct. What is not as expected with that? Combine it with
>>> Thams suggestion and you can create multiple certificates immediately
>>> one after the other.
>>>
>>> The extra zip is available from the download page. It contains all code
>>> with tests, samples, docs, etc.
>>> http://ejbca.org/download.html
>>>
>>> Cheers,
>>> Tomas
>>>
>>>
>>> Joenateen wrote:
>>>     
>>>> Ok, so let me see if I have this straight. I am seeing two certificates
>>>> in
>>>> the end user now. But it is not what I expected. In order to create
>>>> multiple
>>>> certificates for a user
>>>>
>>>> 1. Create the certificate profiles for each certificate I want to
>>>> issue.
>>>> 2. Create the "End Entity Profile" and select the certificates that I
>>>> want
>>>> to have issued to a user assigned to a given "End Entity Profile" in
>>>> the
>>>> "Available Certificate Profiles" list box (multiselect).
>>>> 3. Create a user and specify the "End Entity Profile" with
>>>> aforementioned
>>>> certificates.
>>>> 4. Go to the public web section and request the certificates using the
>>>> "Create Keystore" link.
>>>>
>>>> Right?
>>>>
>>>> I also am having troubles finding the example code for the external RA
>>>> function. I don't have SVN for the windows platform. Is there a zip
>>>> file
>>>> somewhere?
>>>>  
>>>>
>>>> Tomas Gustavsson wrote:
>>>>       
>>>>> Yes it is exactly this that is the purpose of the "user" concept, so
>>>>> you
>>>>> can have multiple certificates easily viewable for each user.
>>>>>
>>>>> Just issue a new certificate for the same username and it will have
>>>>> multiple certificates. "Edit End Entity", you can select new
>>>>> certificate
>>>>> profiles to have different types of certificates.
>>>>>
>>>>> Cheers,
>>>>> Tomas
>>>>> -----
>>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>>> training for EJBCA. Please see www.primekey.se or contact
>>>>> in...@pr... for more information.
>>>>> http://www.primekey.se/Services/Support/
>>>>> http://www.primekey.se/Services/Training/
>>>>>
>>>>> Mark Seaborn wrote:
>>>>>         
>>>>>> Is it possible to create more than one certificate for any given end
>>>>>> entity? I want to be able to create certificates for an end user for
>>>>>> different applications and not use the same cert for every user
>>>>>> application. I have been and am still digging in the users pages but
>>>>>> have
>>>>>> not found the answer
>>>>>>
>>>>>>  
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> Joenateen
>>>>>>  		 	   		  
>>>>>> _________________________________________________________________
>>>>>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>>>>>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>> ------------------------------------------------------------------------------
>>>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>>>> Take advantage of Verizon's best-in-class app development support
>>>>>> A streamlined, 14 day to market process makes app distribution fast
>>>>>> and
>>>>>> easy
>>>>>> Join now and get one step closer to millions of Verizon customers
>>>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>>>>
>>>>>>
>>>>>> ------------------------------------------------------------------------
>>>>>>
>>>>>> _______________________________________________
>>>>>> Ejbca-develop mailing list
>>>>>> Ejb...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>           
>>>>> ------------------------------------------------------------------------------
>>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>>> Take advantage of Verizon's best-in-class app development support
>>>>> A streamlined, 14 day to market process makes app distribution fast
>>>>> and
>>>>> easy
>>>>> Join now and get one step closer to millions of Verizon customers
>>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>>> _______________________________________________
>>>>> Ejbca-develop mailing list
>>>>> Ejb...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>
>>>>>
>>>>>         
>>> ------------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Verizon Developer Community
>>> Take advantage of Verizon's best-in-class app development support
>>> A streamlined, 14 day to market process makes app distribution fast and
>>> easy
>>> Join now and get one step closer to millions of Verizon customers
>>> http://p.sf.net/sfu/verizon-dev2dev 
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>>
>>>     
>>
>>   
> 
> 
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and
> easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 

-- 
View this message in context: http://old.nabble.com/Multiple-Certificates-Per-End-Entity-tp27048018p27062602.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Tham W. <ejb...@pr...> - 2010-01-07 16:34:12

You are welcome!

If a 'one click' feature is really important to you you have a couple of 
options as I see it.

1. You could write your own RA page and use the web service interface to 
create all the allowed certificates at once.
2. You could add the functionality to EJBCA yourself. I am sure it would 
be a welcome contribution!
3. You can hire someone to do one of the above. PrimeKey offers 
professional services of this kind.

It all depends on your requirements.

I hope things work out.

Kind regards,
Tham

Joenateen wrote:
> Thanks, that registered after I wrote the last reply. Thanks for you help
> guys.
>
>
> Johan Eklund wrote:
>   
>> You are correct that you will need to use the 'create keystore' option 
>> from the public page for each of the certificates you want to create.
>>
>> If you followed the steps I mentioned earlier you should not have to use 
>> the admin page to set status to new in between.
>>
>> Kind regards,
>> Tham
>>
>> Joenateen wrote:
>>     
>>> Thanks for the quick response. 
>>>
>>> So when I follow the steps I listed, I only get one certificate.
>>> Specifically the certificate that I ask for in the user interface
>>> following
>>> the "Create Keystore" link. I do notice that the second step of
>>> certificate
>>> enrollment asks for which certificate to generate. It generates the
>>> certificate specified but I am back to the issue of only getting one
>>> certificate. If I go through the process again. It tells me that the user
>>> is
>>> not in the right state to generate the second certificates. I am sure
>>> that I
>>> am just using the interfaces wrong. 
>>>
>>> Now if I go back to the admin screens and put the users back in the "New"
>>> state, I can generate the second certificate with no problem. I think I
>>> made
>>> a bad assumption in assuming that I could generate multiple certificates
>>> for
>>> the user from one pass through the "Create Keystore" interface. 
>>>
>>> Is this the intended behavior for the interface in the "out of the box"
>>> functionality?
>>>
>>>
>>> Tomas Gustavsson wrote:
>>>   
>>>       
>>>> Yes, that is correct. What is not as expected with that? Combine it with
>>>> Thams suggestion and you can create multiple certificates immediately
>>>> one after the other.
>>>>
>>>> The extra zip is available from the download page. It contains all code
>>>> with tests, samples, docs, etc.
>>>> http://ejbca.org/download.html
>>>>
>>>> Cheers,
>>>> Tomas
>>>>
>>>>
>>>> Joenateen wrote:
>>>>     
>>>>         
>>>>> Ok, so let me see if I have this straight. I am seeing two certificates
>>>>> in
>>>>> the end user now. But it is not what I expected. In order to create
>>>>> multiple
>>>>> certificates for a user
>>>>>
>>>>> 1. Create the certificate profiles for each certificate I want to
>>>>> issue.
>>>>> 2. Create the "End Entity Profile" and select the certificates that I
>>>>> want
>>>>> to have issued to a user assigned to a given "End Entity Profile" in
>>>>> the
>>>>> "Available Certificate Profiles" list box (multiselect).
>>>>> 3. Create a user and specify the "End Entity Profile" with
>>>>> aforementioned
>>>>> certificates.
>>>>> 4. Go to the public web section and request the certificates using the
>>>>> "Create Keystore" link.
>>>>>
>>>>> Right?
>>>>>
>>>>> I also am having troubles finding the example code for the external RA
>>>>> function. I don't have SVN for the windows platform. Is there a zip
>>>>> file
>>>>> somewhere?
>>>>>  
>>>>>
>>>>> Tomas Gustavsson wrote:
>>>>>       
>>>>>           
>>>>>> Yes it is exactly this that is the purpose of the "user" concept, so
>>>>>> you
>>>>>> can have multiple certificates easily viewable for each user.
>>>>>>
>>>>>> Just issue a new certificate for the same username and it will have
>>>>>> multiple certificates. "Edit End Entity", you can select new
>>>>>> certificate
>>>>>> profiles to have different types of certificates.
>>>>>>
>>>>>> Cheers,
>>>>>> Tomas
>>>>>> -----
>>>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>>>> training for EJBCA. Please see www.primekey.se or contact
>>>>>> in...@pr... for more information.
>>>>>> http://www.primekey.se/Services/Support/
>>>>>> http://www.primekey.se/Services/Training/
>>>>>>
>>>>>> Mark Seaborn wrote:
>>>>>>         
>>>>>>             
>>>>>>> Is it possible to create more than one certificate for any given end
>>>>>>> entity? I want to be able to create certificates for an end user for
>>>>>>> different applications and not use the same cert for every user
>>>>>>> application. I have been and am still digging in the users pages but
>>>>>>> have
>>>>>>> not found the answer
>>>>>>>
>>>>>>>  
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Joenateen
>>>>>>>  		 	   		  
>>>>>>> _________________________________________________________________
>>>>>>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>>>>>>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------
>>>>>>>
>>>>>>> ------------------------------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>>>>> Take advantage of Verizon's best-in-class app development support
>>>>>>> A streamlined, 14 day to market process makes app distribution fast
>>>>>>> and
>>>>>>> easy
>>>>>>> Join now and get one step closer to millions of Verizon customers
>>>>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>>>>>
>>>>>>>
>>>>>>> ------------------------------------------------------------------------
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Ejbca-develop mailing list
>>>>>>> Ejb...@li...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>>           
>>>>>>>               
>>>>>> ------------------------------------------------------------------------------
>>>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>>>> Take advantage of Verizon's best-in-class app development support
>>>>>> A streamlined, 14 day to market process makes app distribution fast
>>>>>> and
>>>>>> easy
>>>>>> Join now and get one step closer to millions of Verizon customers
>>>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>>>> _______________________________________________
>>>>>> Ejbca-develop mailing list
>>>>>> Ejb...@li...
>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>
>>>>>>
>>>>>>         
>>>>>>             
>>>> ------------------------------------------------------------------------------
>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>> Take advantage of Verizon's best-in-class app development support
>>>> A streamlined, 14 day to market process makes app distribution fast and
>>>> easy
>>>> Join now and get one step closer to millions of Verizon customers
>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>> _______________________________________________
>>>> Ejbca-develop mailing list
>>>> Ejb...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>
>>>>
>>>>     
>>>>         
>>>   
>>>       
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev 
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>>
>>     
>
>

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Tomas G. <to...@pr...> - 2010-01-07 15:49:03

Yes, that is correct. What is not as expected with that? Combine it with
Thams suggestion and you can create multiple certificates immediately
one after the other.

The extra zip is available from the download page. It contains all code
with tests, samples, docs, etc.
http://ejbca.org/download.html

Cheers,
Tomas


Joenateen wrote:
> Ok, so let me see if I have this straight. I am seeing two certificates in
> the end user now. But it is not what I expected. In order to create multiple
> certificates for a user
> 
> 1. Create the certificate profiles for each certificate I want to issue.
> 2. Create the "End Entity Profile" and select the certificates that I want
> to have issued to a user assigned to a given "End Entity Profile" in the
> "Available Certificate Profiles" list box (multiselect).
> 3. Create a user and specify the "End Entity Profile" with aforementioned
> certificates.
> 4. Go to the public web section and request the certificates using the
> "Create Keystore" link.
> 
> Right?
> 
> I also am having troubles finding the example code for the external RA
> function. I don't have SVN for the windows platform. Is there a zip file
> somewhere?
>  
> 
> Tomas Gustavsson wrote:
>>
>> Yes it is exactly this that is the purpose of the "user" concept, so you
>> can have multiple certificates easily viewable for each user.
>>
>> Just issue a new certificate for the same username and it will have
>> multiple certificates. "Edit End Entity", you can select new certificate
>> profiles to have different types of certificates.
>>
>> Cheers,
>> Tomas
>> -----
>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>> training for EJBCA. Please see www.primekey.se or contact
>> in...@pr... for more information.
>> http://www.primekey.se/Services/Support/
>> http://www.primekey.se/Services/Training/
>>
>> Mark Seaborn wrote:
>>> Is it possible to create more than one certificate for any given end
>>> entity? I want to be able to create certificates for an end user for
>>> different applications and not use the same cert for every user
>>> application. I have been and am still digging in the users pages but have
>>> not found the answer
>>>
>>>  
>>>
>>> Thanks
>>>
>>> Joenateen
>>>  		 	   		  
>>> _________________________________________________________________
>>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Verizon Developer Community
>>> Take advantage of Verizon's best-in-class app development support
>>> A streamlined, 14 day to market process makes app distribution fast and
>>> easy
>>> Join now and get one step closer to millions of Verizon customers
>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>
>>>
>>> ------------------------------------------------------------------------
>>>
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev 
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>>
>

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Joenateen <mse...@ho...> - 2010-01-07 16:11:13

Thanks for the quick response. 

So when I follow the steps I listed, I only get one certificate.
Specifically the certificate that I ask for in the user interface following
the "Create Keystore" link. I do notice that the second step of certificate
enrollment asks for which certificate to generate. It generates the
certificate specified but I am back to the issue of only getting one
certificate. If I go through the process again. It tells me that the user is
not in the right state to generate the second certificates. I am sure that I
am just using the interfaces wrong. 

Now if I go back to the admin screens and put the users back in the "New"
state, I can generate the second certificate with no problem. I think I made
a bad assumption in assuming that I could generate multiple certificates for
the user from one pass through the "Create Keystore" interface. 

Is this the intended behavior for the interface in the "out of the box"
functionality?


Tomas Gustavsson wrote:
> 
> 
> Yes, that is correct. What is not as expected with that? Combine it with
> Thams suggestion and you can create multiple certificates immediately
> one after the other.
> 
> The extra zip is available from the download page. It contains all code
> with tests, samples, docs, etc.
> http://ejbca.org/download.html
> 
> Cheers,
> Tomas
> 
> 
> Joenateen wrote:
>> Ok, so let me see if I have this straight. I am seeing two certificates
>> in
>> the end user now. But it is not what I expected. In order to create
>> multiple
>> certificates for a user
>> 
>> 1. Create the certificate profiles for each certificate I want to issue.
>> 2. Create the "End Entity Profile" and select the certificates that I
>> want
>> to have issued to a user assigned to a given "End Entity Profile" in the
>> "Available Certificate Profiles" list box (multiselect).
>> 3. Create a user and specify the "End Entity Profile" with aforementioned
>> certificates.
>> 4. Go to the public web section and request the certificates using the
>> "Create Keystore" link.
>> 
>> Right?
>> 
>> I also am having troubles finding the example code for the external RA
>> function. I don't have SVN for the windows platform. Is there a zip file
>> somewhere?
>>  
>> 
>> Tomas Gustavsson wrote:
>>>
>>> Yes it is exactly this that is the purpose of the "user" concept, so you
>>> can have multiple certificates easily viewable for each user.
>>>
>>> Just issue a new certificate for the same username and it will have
>>> multiple certificates. "Edit End Entity", you can select new certificate
>>> profiles to have different types of certificates.
>>>
>>> Cheers,
>>> Tomas
>>> -----
>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>> training for EJBCA. Please see www.primekey.se or contact
>>> in...@pr... for more information.
>>> http://www.primekey.se/Services/Support/
>>> http://www.primekey.se/Services/Training/
>>>
>>> Mark Seaborn wrote:
>>>> Is it possible to create more than one certificate for any given end
>>>> entity? I want to be able to create certificates for an end user for
>>>> different applications and not use the same cert for every user
>>>> application. I have been and am still digging in the users pages but
>>>> have
>>>> not found the answer
>>>>
>>>>  
>>>>
>>>> Thanks
>>>>
>>>> Joenateen
>>>>  		 	   		  
>>>> _________________________________________________________________
>>>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>>>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>> Take advantage of Verizon's best-in-class app development support
>>>> A streamlined, 14 day to market process makes app distribution fast and
>>>> easy
>>>> Join now and get one step closer to millions of Verizon customers
>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>>
>>>>
>>>> ------------------------------------------------------------------------
>>>>
>>>> _______________________________________________
>>>> Ejbca-develop mailing list
>>>> Ejb...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>> ------------------------------------------------------------------------------
>>> This SF.Net email is sponsored by the Verizon Developer Community
>>> Take advantage of Verizon's best-in-class app development support
>>> A streamlined, 14 day to market process makes app distribution fast and
>>> easy
>>> Join now and get one step closer to millions of Verizon customers
>>> http://p.sf.net/sfu/verizon-dev2dev 
>>> _______________________________________________
>>> Ejbca-develop mailing list
>>> Ejb...@li...
>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>
>>>
>> 
> 
> 
> ------------------------------------------------------------------------------
> This SF.Net email is sponsored by the Verizon Developer Community
> Take advantage of Verizon's best-in-class app development support
> A streamlined, 14 day to market process makes app distribution fast and
> easy
> Join now and get one step closer to millions of Verizon customers
> http://p.sf.net/sfu/verizon-dev2dev 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 

-- 
View this message in context: http://old.nabble.com/Multiple-Certificates-Per-End-Entity-tp27048018p27062392.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Joenateen <mse...@ho...> - 2010-01-07 16:21:37

oh, I think I get what Thams eluded to now as well.


Joenateen wrote:
> 
> Thanks for the quick response. 
> 
> So when I follow the steps I listed, I only get one certificate.
> Specifically the certificate that I ask for in the user interface
> following the "Create Keystore" link. I do notice that the second step of
> certificate enrollment asks for which certificate to generate. It
> generates the certificate specified but I am back to the issue of only
> getting one certificate. If I go through the process again. It tells me
> that the user is not in the right state to generate the second
> certificates. I am sure that I am just using the interfaces wrong. 
> 
> Now if I go back to the admin screens and put the users back in the "New"
> state, I can generate the second certificate with no problem. I think I
> made a bad assumption in assuming that I could generate multiple
> certificates for the user from one pass through the "Create Keystore"
> interface. 
> 
> Is this the intended behavior for the interface in the "out of the box"
> functionality?
> 
> 
> Tomas Gustavsson wrote:
>> 
>> 
>> Yes, that is correct. What is not as expected with that? Combine it with
>> Thams suggestion and you can create multiple certificates immediately
>> one after the other.
>> 
>> The extra zip is available from the download page. It contains all code
>> with tests, samples, docs, etc.
>> http://ejbca.org/download.html
>> 
>> Cheers,
>> Tomas
>> 
>> 
>> Joenateen wrote:
>>> Ok, so let me see if I have this straight. I am seeing two certificates
>>> in
>>> the end user now. But it is not what I expected. In order to create
>>> multiple
>>> certificates for a user
>>> 
>>> 1. Create the certificate profiles for each certificate I want to issue.
>>> 2. Create the "End Entity Profile" and select the certificates that I
>>> want
>>> to have issued to a user assigned to a given "End Entity Profile" in the
>>> "Available Certificate Profiles" list box (multiselect).
>>> 3. Create a user and specify the "End Entity Profile" with
>>> aforementioned
>>> certificates.
>>> 4. Go to the public web section and request the certificates using the
>>> "Create Keystore" link.
>>> 
>>> Right?
>>> 
>>> I also am having troubles finding the example code for the external RA
>>> function. I don't have SVN for the windows platform. Is there a zip file
>>> somewhere?
>>>  
>>> 
>>> Tomas Gustavsson wrote:
>>>>
>>>> Yes it is exactly this that is the purpose of the "user" concept, so
>>>> you
>>>> can have multiple certificates easily viewable for each user.
>>>>
>>>> Just issue a new certificate for the same username and it will have
>>>> multiple certificates. "Edit End Entity", you can select new
>>>> certificate
>>>> profiles to have different types of certificates.
>>>>
>>>> Cheers,
>>>> Tomas
>>>> -----
>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>> training for EJBCA. Please see www.primekey.se or contact
>>>> in...@pr... for more information.
>>>> http://www.primekey.se/Services/Support/
>>>> http://www.primekey.se/Services/Training/
>>>>
>>>> Mark Seaborn wrote:
>>>>> Is it possible to create more than one certificate for any given end
>>>>> entity? I want to be able to create certificates for an end user for
>>>>> different applications and not use the same cert for every user
>>>>> application. I have been and am still digging in the users pages but
>>>>> have
>>>>> not found the answer
>>>>>
>>>>>  
>>>>>
>>>>> Thanks
>>>>>
>>>>> Joenateen
>>>>>  		 	   		  
>>>>> _________________________________________________________________
>>>>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>>>>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>>> Take advantage of Verizon's best-in-class app development support
>>>>> A streamlined, 14 day to market process makes app distribution fast
>>>>> and
>>>>> easy
>>>>> Join now and get one step closer to millions of Verizon customers
>>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> _______________________________________________
>>>>> Ejbca-develop mailing list
>>>>> Ejb...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>> Take advantage of Verizon's best-in-class app development support
>>>> A streamlined, 14 day to market process makes app distribution fast and
>>>> easy
>>>> Join now and get one step closer to millions of Verizon customers
>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>> _______________________________________________
>>>> Ejbca-develop mailing list
>>>> Ejb...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>
>>>>
>>> 
>> 
>> 
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev 
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>> 
>> 
> 
> 

-- 
View this message in context: http://old.nabble.com/Multiple-Certificates-Per-End-Entity-tp27048018p27062576.html
Sent from the EjbCA - Dev mailing list archive at Nabble.com.

Re: [Ejbca-develop] Multiple Certificates Per End Entity

From: Tham W. <ejb...@pr...> - 2010-01-07 16:21:20

You are correct that you will need to use the 'create keystore' option 
from the public page for each of the certificates you want to create.

If you followed the steps I mentioned earlier you should not have to use 
the admin page to set status to new in between.

Kind regards,
Tham

Joenateen wrote:
> Thanks for the quick response. 
>
> So when I follow the steps I listed, I only get one certificate.
> Specifically the certificate that I ask for in the user interface following
> the "Create Keystore" link. I do notice that the second step of certificate
> enrollment asks for which certificate to generate. It generates the
> certificate specified but I am back to the issue of only getting one
> certificate. If I go through the process again. It tells me that the user is
> not in the right state to generate the second certificates. I am sure that I
> am just using the interfaces wrong. 
>
> Now if I go back to the admin screens and put the users back in the "New"
> state, I can generate the second certificate with no problem. I think I made
> a bad assumption in assuming that I could generate multiple certificates for
> the user from one pass through the "Create Keystore" interface. 
>
> Is this the intended behavior for the interface in the "out of the box"
> functionality?
>
>
> Tomas Gustavsson wrote:
>   
>> Yes, that is correct. What is not as expected with that? Combine it with
>> Thams suggestion and you can create multiple certificates immediately
>> one after the other.
>>
>> The extra zip is available from the download page. It contains all code
>> with tests, samples, docs, etc.
>> http://ejbca.org/download.html
>>
>> Cheers,
>> Tomas
>>
>>
>> Joenateen wrote:
>>     
>>> Ok, so let me see if I have this straight. I am seeing two certificates
>>> in
>>> the end user now. But it is not what I expected. In order to create
>>> multiple
>>> certificates for a user
>>>
>>> 1. Create the certificate profiles for each certificate I want to issue.
>>> 2. Create the "End Entity Profile" and select the certificates that I
>>> want
>>> to have issued to a user assigned to a given "End Entity Profile" in the
>>> "Available Certificate Profiles" list box (multiselect).
>>> 3. Create a user and specify the "End Entity Profile" with aforementioned
>>> certificates.
>>> 4. Go to the public web section and request the certificates using the
>>> "Create Keystore" link.
>>>
>>> Right?
>>>
>>> I also am having troubles finding the example code for the external RA
>>> function. I don't have SVN for the windows platform. Is there a zip file
>>> somewhere?
>>>  
>>>
>>> Tomas Gustavsson wrote:
>>>       
>>>> Yes it is exactly this that is the purpose of the "user" concept, so you
>>>> can have multiple certificates easily viewable for each user.
>>>>
>>>> Just issue a new certificate for the same username and it will have
>>>> multiple certificates. "Edit End Entity", you can select new certificate
>>>> profiles to have different types of certificates.
>>>>
>>>> Cheers,
>>>> Tomas
>>>> -----
>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>> training for EJBCA. Please see www.primekey.se or contact
>>>> in...@pr... for more information.
>>>> http://www.primekey.se/Services/Support/
>>>> http://www.primekey.se/Services/Training/
>>>>
>>>> Mark Seaborn wrote:
>>>>         
>>>>> Is it possible to create more than one certificate for any given end
>>>>> entity? I want to be able to create certificates for an end user for
>>>>> different applications and not use the same cert for every user
>>>>> application. I have been and am still digging in the users pages but
>>>>> have
>>>>> not found the answer
>>>>>
>>>>>  
>>>>>
>>>>> Thanks
>>>>>
>>>>> Joenateen
>>>>>  		 	   		  
>>>>> _________________________________________________________________
>>>>> Your E-mail and More On-the-Go. Get Windows Live Hotmail Free.
>>>>> http://clk.atdmt.com/GBL/go/196390709/direct/01/
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> ------------------------------------------------------------------------------
>>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>>> Take advantage of Verizon's best-in-class app development support
>>>>> A streamlined, 14 day to market process makes app distribution fast and
>>>>> easy
>>>>> Join now and get one step closer to millions of Verizon customers
>>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>>>
>>>>>
>>>>> ------------------------------------------------------------------------
>>>>>
>>>>> _______________________________________________
>>>>> Ejbca-develop mailing list
>>>>> Ejb...@li...
>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>           
>>>> ------------------------------------------------------------------------------
>>>> This SF.Net email is sponsored by the Verizon Developer Community
>>>> Take advantage of Verizon's best-in-class app development support
>>>> A streamlined, 14 day to market process makes app distribution fast and
>>>> easy
>>>> Join now and get one step closer to millions of Verizon customers
>>>> http://p.sf.net/sfu/verizon-dev2dev 
>>>> _______________________________________________
>>>> Ejbca-develop mailing list
>>>> Ejb...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>
>>>>
>>>>         
>> ------------------------------------------------------------------------------
>> This SF.Net email is sponsored by the Verizon Developer Community
>> Take advantage of Verizon's best-in-class app development support
>> A streamlined, 14 day to market process makes app distribution fast and
>> easy
>> Join now and get one step closer to millions of Verizon customers
>> http://p.sf.net/sfu/verizon-dev2dev 
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>>
>>     
>
>