Menu
▾
▴
Re: [Ejbca-develop] Anyone familiar with CVCA Key Management Protocol for SPOC?
|
From: Tomas G. <to...@pr...> - 2009-10-09 07:27:02
|
You do not issue IS certificates to superadmin that is plain wrong. Superadmin is not an inspection system. You have to add an inspection system user first, like in the example I pointed to att ejbca.org. ./ejbcawsracli.sh edituser hkdv foo123 false "CN=HKDV,C=HK" NULL NULL DVCA 1 USERGENERATED NEW IS IS /Tomas stupidtss wrote: > When I submit the following command "cvcwscli cvcrequest superadmin ejbca > "C=HK, CN=HKDV" 00001 SHA256WithRSA 1024 true zzz" > The error LOGIN_ERROR come out saying tha Got request for user with invalid > password: superadmin even though the password is correct. > > If I Edit End Entity in the GUI and save with the correct password again, > the error then changed to INTERNAL_ERROR for the first time, the then > LOGIN_ERROR for the second time and after. > > Is there anything wrong with my command above? > > Tomas Gustavsson wrote: >> >> If you have generated a superadmin.jks file you should be all set to use >> the WS cli. >> >> Configure the superadmin.jks in ejbcawsracli.properties and the right >> password. >> >> The command sample is for generating a new administrator keystore to use >> for WS communication (WS communication is authenticated with client >> certificate). The admin cert must be from AdminCA, because it must be an >> x.509 certificate. >> >> So you have to separate completely the admin certificates from the CVC >> certificates. After you have the admin certificate you can use the >> cvcwscli to create IS certificates. USERGENERATED must be used when >> adding IS users just as it says. For this you can use the sample >> commands in http://ejbca.org/cvccas.html >> >> Regards, >> Tomas >> >> >> stupidtss wrote: >>> I try to create CVC request. Before that, I think I should create an >>> user so >>> that I can use the WS CLI. >>> >>> Under the "Web Services authentication", I find the following command >>> sample: >>> >>> ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS >>> ejbca ra setclearpwd <1> <2> >>> ejbca batch >>> ejbca admins addadmin "Temporary Super Administrator Group" AdminCA >>> WITHCOMMONNAME QUALCASEINS <1> >>> >>> If my CVC CA is "HK", my DV is HKDV, and there is also a CA called >>> AdminCA1 >>> which is created during installation, which CA should I used in the >>> command >>> above? I have test all three, and only AdminCA1 works. All the other >>> two >>> returns with message saying that CA not found. >>> >>> Should I select AdminCA1 as the name of CA? >>> >>> Furthermore, when I later issue the cvcwscli cvcrequest command, a >>> BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED >>> can >>> be used for cvc. But if I use USERGENERATED in creating the user name, >>> no >>> .JKS is generated and the cvcwscli cvcrequest command returns with an >>> LOGIN_ERROR. >>> >>> Please help. Thanks. >>> >>> >>> stupidtss wrote: >>>> This post is a little bit off-topic. Please accept my apologies. >>>> >>>> I am new to programming, and I was assigned to work on the CVCA Key >>>> Management Protocol for SPOC. >>>> >>>> One of the input parameter required (for the RequestCertificate message) >>>> is the "certificate request". Can anyone here point me the way on how >>>> to >>>> construct and handle this "certificate request"? Thanks very much. >>>> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and stay >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> http://p.sf.net/sfu/devconference >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > |
