Menu
▾
▴
ejbca-develop
|
From: sara <sar...@gm...> - 2013-04-02 11:13:19
|
hi, i have configured a GUI RA and used it successfully, and know i want to configure the RA mode for CMP, i did edit the conf file (cmp.properties) and redeploy my ra but nothing changed, what are the other changes that i need to do? i tried to figure it out from ejbca.org but the steps are very misleading, so can you help me? regards, sara |
|
From: Ghaidaa T. <gha...@gm...> - 2013-04-04 11:42:01
|
hello i would like to ask about certificate control protocol and how it can be configured as a registration authority...i read the directions and explanation written in ejbca website and followed it but no changes are noticed.. please need help.. best regards... |
|
From: Tomas G. <to...@pr...> - 2013-04-02 11:24:07
|
CMP is a feature of EJBCA (the CA). Not in the external RA. /Tomas On 04/02/2013 01:13 PM, sara wrote: > hi, > > i have configured a GUI RA and used it successfully, and know i want to > configure the RA mode for CMP, i did edit the conf file > (cmp.properties) and redeploy my ra but nothing changed, what are the > other changes that i need to do? i tried to figure it out from ejbca.org > but the steps are very misleading, so can you help me? > > > regards, > > sara > > ------------------------------------------------------------------------------ > Own the Future-Intel(R) Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. Compete > for recognition, cash, and the chance to get your game on Steam. > $5K grand prize plus 10 genre and skill prizes. Submit your demo > by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: sara <sar...@gm...> - 2013-04-02 11:31:58
|
so if i edit the cmp.properties file in my CA and redeploy it my RA will work at CMP mode? will the RA be able to create useres and issue their certificates even when the user isn't registered ? regards, sara |
|
From: Tomas G. <to...@pr...> - 2013-04-02 11:54:57
|
No, your RA will not answer to CMP requests whatever you do. /Tomas On 04/02/2013 01:31 PM, sara wrote: > so if i edit the cmp.properties file in my CA and redeploy it my RA will > work at CMP mode? > will the RA be able to create useres and issue their certificates even > when the user isn't registered ? > > regards, > > sara > > ------------------------------------------------------------------------------ > Own the Future-Intel(R) Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. Compete > for recognition, cash, and the chance to get your game on Steam. > $5K grand prize plus 10 genre and skill prizes. Submit your demo > by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: sara <sar...@gm...> - 2013-04-02 11:59:21
|
ok thank you |
|
From: sara <sar...@gm...> - 2013-04-04 13:20:38
|
hi, i was wondering what is the point of the RA mode for CMP if it can not be configured in an externalra? i mean if the RA mode for CMP is inside my CA then the RA here is useless because the main goal of RA is to issue the user certificate without allowing the user to connect directly with the CA, so what is the point of using RA mode for CMP if it will be inside my CA? regards, sara |
|
From: Tham W. <ejb...@pr...> - 2013-04-04 13:36:45
|
Dear Sara, There may be many different reasons why you would want to communicate with EJBCA configured in RA mode. RA mode is a convenient mode to write clients with, also it is a pretty efficient protocol. In fact, many of our users have written RAs which communicate with EJBCA using CMP in RA mode, you could say we built it for them! Kind regards, Tham Wickenberg On 4/4/13 3:20 PM, sara wrote: > hi, > > i was wondering what is the point of the RA mode for CMP if it can not > be configured in an externalra? > i mean if the RA mode for CMP is inside my CA then the RA here is > useless because the main goal of RA is to issue the user certificate > without allowing the user to connect directly with the CA, so what is > the point of using RA mode for CMP if it will be inside my CA? > > regards, > > sara > > ------------------------------------------------------------------------------ > Minimize network downtime and maximize team effectiveness. > Reduce network management and security costs.Learn how to hire > the most talented Cisco Certified professionals. Visit the > Employer Resources Portal > http://www.cisco.com/web/learning/employer_resources/index.html > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
From: eilaf s. <eil...@gm...> - 2013-04-04 13:22:44
|
Hello Tomas, Did you mean that she can't configure the CMP between external RA and CA? even in RA mode? On Tue, Apr 2, 2013 at 2:59 PM, sara <sar...@gm...> wrote: > ok thank you > > > ------------------------------------------------------------------------------ > Own the Future-Intel(R) Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. Compete > for recognition, cash, and the chance to get your game on Steam. > $5K grand prize plus 10 genre and skill prizes. Submit your demo > by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > -- Eilaf Hamad Elnil Mugbil University Of Khartoum School Of Mathematical science |
|
From: Tomas G. <to...@pr...> - 2013-04-04 13:43:10
|
To fill in (perhaps a bit too much) from what Tham already said...) * No, there is no built in CMP functionality in the External RA. You have to develop that yourselves. But EJBCA have excellent CMP support used in hundreds of installations and different use-cases world-wide. Since you have not fully understood how CMP and the External RA works it would be much easier if you describe what goal you try to accomplish. Then we can suggest best practice for doing this (we have seen hundreds of different installations). For example: - What are the users and clients? - Where is registration of users done? - What protocols do the clients use? - Who communicates with what? ----- Installing EJBCA in a server gives you a Certificate Authority, with built in Registration Authority functions. This means that on the EJBCA server you can register and issue certificates for users. You can do this with many different protocols: - Web GUIs - Command line interface - CMP - SCEP - Web Service - and more... Against one Certificate Authority you can have multiple Registration Authorities. "Registration Authority" is an abstract concept, that does not mandate any specific technology to be used. Local, remote, distributed, web based, java GUI based, carrier pigeon based. External RA is an external server that can be used to develop RAs _if_ there is a requirement that no incoming connections are allowed to the CA server. If there is _not_ any such requirements, there is no use of the external RA. The External RA is an API, so you can develop your own External RA GUI. EJBCA comes with two pre-made external RA functions, External RA browser enrollment GUI, and External RA SCEP service. The meaning of RA mode for CMP is that an RA connects to the CA using CMP. The requests that the RA sends over CMP to the CA is treated as "trusted" and certificates are issued, if the RA is authenticated. The EJBCA External RA does _not_ use CMP to communicate with the CA server. The most common usages of CMP are: - Card management system works as an RA. Card management system communicates with CMP to EJBCA. - 3GPP/LTE network nodes, specified in the 3GPP standard how eNodes communicates using CMP to the CA (EJBCA). - Network routers getting certificates from the CA If you want to use CMP directly from your clients and want some network shielding, you can use the CMP Proxy instead. This sits between the client and the CA and breaks/inspects all network connections. Regards, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 04/04/2013 03:22 PM, eilaf sorkatti wrote: > Hello Tomas, > > Did you mean that she can't configure the CMP between external RA and > CA? even in RA mode? > > > On Tue, Apr 2, 2013 at 2:59 PM, sara <sar...@gm... > <mailto:sar...@gm...>> wrote: > > ok thank you > > ------------------------------------------------------------------------------ > Own the Future-Intel(R) Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. Compete > for recognition, cash, and the chance to get your game on Steam. > $5K grand prize plus 10 genre and skill prizes. Submit your demo > by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > -- > Eilaf Hamad Elnil Mugbil > University Of Khartoum > School Of Mathematical science > > > ------------------------------------------------------------------------------ > Minimize network downtime and maximize team effectiveness. > Reduce network management and security costs.Learn how to hire > the most talented Cisco Certified professionals. Visit the > Employer Resources Portal > http://www.cisco.com/web/learning/employer_resources/index.html > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
|
From: Tham W. <ejb...@pr...> - 2013-04-04 13:44:03
|
Hello Eilaf, I believe what Tomas was trying to explain is that ExternalRA is a product which does not support CMP in any mode, it is not a CMP product. The ExternalRA is a pretty specific tool which is designed to allow a network configuration where are not allowing any calls from a DMZ to the CA. CMP is not designed for this, that is probably why noone has felt compelled to combine the two before. Cheers, Tham Wickenberg PrimeKey Solutions On 4/4/13 3:22 PM, eilaf sorkatti wrote: > Hello Tomas, > > Did you mean that she can't configure the CMP between external RA and > CA? even in RA mode? > > > On Tue, Apr 2, 2013 at 2:59 PM, sara <sar...@gm... > <mailto:sar...@gm...>> wrote: > > ok thank you > > ------------------------------------------------------------------------------ > Own the Future-Intel(R) Level Up Game Demo Contest 2013 > Rise to greatness in Intel's independent game demo contest. Compete > for recognition, cash, and the chance to get your game on Steam. > $5K grand prize plus 10 genre and skill prizes. Submit your demo > by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2 > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > <mailto:Ejb...@li...> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > -- > Eilaf Hamad Elnil Mugbil > University Of Khartoum > School Of Mathematical science > > > ------------------------------------------------------------------------------ > Minimize network downtime and maximize team effectiveness. > Reduce network management and security costs.Learn how to hire > the most talented Cisco Certified professionals. Visit the > Employer Resources Portal > http://www.cisco.com/web/learning/employer_resources/index.html > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
