ejbca-develop

[Ejbca-develop] CRL status is: Expired

[Тимур <tim...@gm...>]

Hello, dears !

I have successfully installed and configured EJBCA 6.2.0 (r19221) based on
RHEL 5.7 / Java 7u45 / Oracle 10g R2 and all works fine, no errors.
Then two new users' CAs named "testca.bta.kz" and "Default CA" were created
(also without  errors) - all work fine.  Only question is why in
certificate authorities home page some CAs have their CRL status marked by
yellow warning triangle "CRL status: Expired" ?  How to fix CRL  ?
Could you please to see attached screenshots and config of my EJBCA
instance ?

Thank you a lot,
Timur

Re: [Ejbca-develop] CRL status is: Expired

[Manuel D. <ma...@de...>]

Hej Timur,
according to the "CRL Expire Period" configured in your CA (default 1
day) the CRL (Certificate Revokation List) expires after one day, even
if there is no change to the CA / no certificate is revoked. You can
"fix" this by clicking "Create CRL" for that CA in "CA Structure &
CRLs".

does that answer your question ?
best regards, Manuel

On Thu, Dec 18, 2014 at 2:02 PM, Тимур <tim...@gm...> wrote:
> Hello, dears !
>
> I have successfully installed and configured EJBCA 6.2.0 (r19221) based on
> RHEL 5.7 / Java 7u45 / Oracle 10g R2 and all works fine, no errors.
> Then two new users' CAs named "testca.bta.kz" and "Default CA" were created
> (also without  errors) - all work fine.  Only question is why in certificate
> authorities home page some CAs have their CRL status marked by yellow
> warning triangle "CRL status: Expired" ?  How to fix CRL  ?
> Could you please to see attached screenshots and config of my EJBCA instance
> ?
>
> Thank you a lot,
> Timur
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>

Re: [Ejbca-develop] CRL status is: Expired

[Michael S. <mi...@st...>]

Тимур wrote:
> I have successfully installed and configured EJBCA 6.2.0 (r19221) based on
> RHEL 5.7 / Java 7u45 / Oracle 10g R2 and all works fine, no errors.
> Then two new users' CAs named "testca.bta.kz" and "Default CA" were created
> (also without  errors) - all work fine.  Only question is why in
> certificate authorities home page some CAs have their CRL status marked by
> yellow warning triangle "CRL status: Expired" ?  How to fix CRL  ?
> Could you please to see attached screenshots and config of my EJBCA
> instance ?

You probably did not set up a CRLUpdate service for those CAs yet.

Ciao, Michael.

Re: [Ejbca-develop] CRL status is: Expired

[Тимур <tim...@gm...>]

Thanks to all who found a minute to answer me !
Yes , I fixed :) CRL status manually.
Could you please to gve me a reference how to set up CRL automatic update
service
in EJBCA 6.2.0 ?

Thank you a lot,
Timur

2014-12-18 19:10 GMT+06:00 Michael Ströder <mi...@st...>:
>
> Тимур wrote:
> > I have successfully installed and configured EJBCA 6.2.0 (r19221) based
> on
> > RHEL 5.7 / Java 7u45 / Oracle 10g R2 and all works fine, no errors.
> > Then two new users' CAs named "testca.bta.kz" and "Default CA" were
> created
> > (also without  errors) - all work fine.  Only question is why in
> > certificate authorities home page some CAs have their CRL status marked
> by
> > yellow warning triangle "CRL status: Expired" ?  How to fix CRL  ?
> > Could you please to see attached screenshots and config of my EJBCA
> > instance ?
>
> You probably did not set up a CRLUpdate service for those CAs yet.
>
> Ciao, Michael.
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>

Re: [Ejbca-develop] CRL status is: Expired

[Тимур <tim...@gm...>]

Hello, dears.

Could you please to prompt about clientToolBox.sh (healthCheckTest) on
EJBCA 3.11.0 ?
Before first run I have modified its properties file then run one but I see
it cannot connect to EJBCA:
error.log: "Unable to find valid certification path to requested target"
Here is my ejbcawsracli.properties:

jboss@rootca:/ejbca/ejbca_3_11_0/dist/clientToolBox$ cat
ejbcawsracli.properties | grep -v "#"
ejbcawsracli.url = https://rootca.teka.kz:8443/ejbca/ejbcaws/ejbcaws
ejbcawsracli.keystore.path = /ejbca/ejbca_3_11_0/p12/superadmin.p12
ejbcawsracli.keystore.password = tt76333key80890
ejbcawsracli.truststore.path=/ejbca/
jboss-5.0.1.GA/server/default/conf/keystore/truststore.jks

Where I'm wrong ?

thank you, Timur.

2014-12-18 19:10 GMT+06:00 Michael Ströder <mi...@st...>:

> Тимур wrote:
> > I have successfully installed and configured EJBCA 6.2.0 (r19221) based
> on
> > RHEL 5.7 / Java 7u45 / Oracle 10g R2 and all works fine, no errors.
> > Then two new users' CAs named "testca.bta.kz" and "Default CA" were
> created
> > (also without  errors) - all work fine.  Only question is why in
> > certificate authorities home page some CAs have their CRL status marked
> by
> > yellow warning triangle "CRL status: Expired" ?  How to fix CRL  ?
> > Could you please to see attached screenshots and config of my EJBCA
> > instance ?
>
> You probably did not set up a CRLUpdate service for those CAs yet.
>
> Ciao, Michael.
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>

Re: [Ejbca-develop] CRL status is: Expired

[Pavel B. <byc...@ht...>]

Hi Timur,
You can update CRL manually or set up CRL Updater service in services

Best regards,
Pavel

On 18.12.2014 15:02, Тимур wrote:
> Hello, dears !
>
> I have successfully installed and configured EJBCA 6.2.0 (r19221) 
> based on RHEL 5.7 / Java 7u45 / Oracle 10g R2 and all works fine, no 
> errors.
> Then two new users' CAs named "testca.bta.kz <http://testca.bta.kz>" 
> and "Default CA" were created (also without  errors) - all work fine.  
> Only question is why in certificate authorities home page some CAs 
> have their CRL status marked by yellow warning triangle "CRL status: 
> Expired" ?  How to fix CRL  ?
> Could you please to see attached screenshots and config of my EJBCA 
> instance ?
>
> Thank you a lot,
> Timur
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop

Re: [Ejbca-develop] CRL status is: Expired

[Michael S. <mi...@st...>]

Тимур wrote:
> Could you please to gve me a reference how to set up CRL automatic update
> service
> in EJBCA 6.2.0 ?

http://www.ejbca.org/docs/adminguide.html#CRL%20generation

Ciao, Michael.

Re: [Ejbca-develop] CRL status is: Expired

[Тимур <tim...@gm...>]

Thank you a lot, Michael.  All is clear.

2014-12-18 20:17 GMT+06:00 Michael Ströder <mi...@st...>:
>
> Тимур wrote:
> > Could you please to gve me a reference how to set up CRL automatic update
> > service
> > in EJBCA 6.2.0 ?
>
> http://www.ejbca.org/docs/adminguide.html#CRL%20generation
>
> Ciao, Michael.
>
>
>
> ------------------------------------------------------------------------------
> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
> from Actuate! Instantly Supercharge Your Business Reports and Dashboards
> with Interactivity, Sharing, Native Excel Exports, App Integration & more
> Get technology previously reserved for billion-dollar corporations, FREE
>
> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>