Menu
▾
▴
Re: [Ejbca-develop] Anyone familiar with CVCA Key Management Protocol for SPOC?
|
From: stupidtss <sim...@si...> - 2009-10-09 07:12:19
|
When I submit the following command "cvcwscli cvcrequest superadmin ejbca "C=HK, CN=HKDV" 00001 SHA256WithRSA 1024 true zzz" The error LOGIN_ERROR come out saying tha Got request for user with invalid password: superadmin even though the password is correct. If I Edit End Entity in the GUI and save with the correct password again, the error then changed to INTERNAL_ERROR for the first time, the then LOGIN_ERROR for the second time and after. Is there anything wrong with my command above? Tomas Gustavsson wrote: > > > If you have generated a superadmin.jks file you should be all set to use > the WS cli. > > Configure the superadmin.jks in ejbcawsracli.properties and the right > password. > > The command sample is for generating a new administrator keystore to use > for WS communication (WS communication is authenticated with client > certificate). The admin cert must be from AdminCA, because it must be an > x.509 certificate. > > So you have to separate completely the admin certificates from the CVC > certificates. After you have the admin certificate you can use the > cvcwscli to create IS certificates. USERGENERATED must be used when > adding IS users just as it says. For this you can use the sample > commands in http://ejbca.org/cvccas.html > > Regards, > Tomas > > > stupidtss wrote: >> I try to create CVC request. Before that, I think I should create an >> user so >> that I can use the WS CLI. >> >> Under the "Web Services authentication", I find the following command >> sample: >> >> ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS >> ejbca ra setclearpwd <1> <2> >> ejbca batch >> ejbca admins addadmin "Temporary Super Administrator Group" AdminCA >> WITHCOMMONNAME QUALCASEINS <1> >> >> If my CVC CA is "HK", my DV is HKDV, and there is also a CA called >> AdminCA1 >> which is created during installation, which CA should I used in the >> command >> above? I have test all three, and only AdminCA1 works. All the other >> two >> returns with message saying that CA not found. >> >> Should I select AdminCA1 as the name of CA? >> >> Furthermore, when I later issue the cvcwscli cvcrequest command, a >> BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED >> can >> be used for cvc. But if I use USERGENERATED in creating the user name, >> no >> .JKS is generated and the cvcwscli cvcrequest command returns with an >> LOGIN_ERROR. >> >> Please help. Thanks. >> >> >> stupidtss wrote: >>> This post is a little bit off-topic. Please accept my apologies. >>> >>> I am new to programming, and I was assigned to work on the CVCA Key >>> Management Protocol for SPOC. >>> >>> One of the input parameter required (for the RequestCertificate message) >>> is the "certificate request". Can anyone here point me the way on how >>> to >>> construct and handle this "certificate request"? Thanks very much. >>> >> > > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry(R) Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9 - 12, 2009. Register now! > http://p.sf.net/sfu/devconference > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > -- View this message in context: http://www.nabble.com/Anyone-familiar-with-CVCA-Key-Management-Protocol-for-SPOC--tp25326299p25816478.html Sent from the EjbCA - Dev mailing list archive at Nabble.com. |
