Re: [Ejbca-develop] Anyone familiar with CVCA Key Management Protocol for SPOC?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

If you have generated a superadmin.jks file you should be all set to use
the WS cli.

Configure the superadmin.jks in ejbcawsracli.properties and the right
password.

The command sample is for generating a new administrator keystore to use
for WS communication (WS communication is authenticated with client
certificate). The admin cert must be from AdminCA, because it must be an
x.509 certificate.

So you have to separate completely the admin certificates from the CVC
certificates. After you have the admin certificate you can use the
cvcwscli to create IS certificates. USERGENERATED must be used when
adding IS users just as it says. For this you can use the sample
commands in http://ejbca.org/cvccas.html

Regards,
Tomas

stupidtss wrote:
> I try to create CVC request.  Before that, I think I should create an user so
> that I can use the WS CLI.
> 
> Under the "Web Services authentication", I find the following command
> sample:
> 
> ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS
> ejbca ra setclearpwd <1> <2>
> ejbca batch
> ejbca admins addadmin "Temporary Super Administrator Group" AdminCA
> WITHCOMMONNAME QUALCASEINS <1>
> 
> If my CVC CA is "HK", my DV is HKDV, and there is also a CA called AdminCA1
> which is created during installation, which CA should I used in the command
> above?  I have test all three, and only AdminCA1 works.  All the other two
> returns with message saying that CA not found.  
> 
> Should I select AdminCA1 as the name of CA?
> 
> Furthermore, when I later issue the cvcwscli cvcrequest command, a
> BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED can
> be used for cvc.  But if I use USERGENERATED in creating the user name, no
> .JKS is generated and the cvcwscli cvcrequest command returns with an
> LOGIN_ERROR.
> 
> Please help.  Thanks.
> 
> 
> stupidtss wrote:
>> This post is a little bit off-topic.  Please accept my apologies.
>>
>> I am new to programming, and I was assigned to work on the CVCA Key
>> Management Protocol for SPOC.
>>
>> One of the input parameter required (for the RequestCertificate message)
>> is the "certificate request".  Can anyone here point me the way on how to
>> construct and handle this "certificate request"?  Thanks very much.
>>
> 