Menu
▾
▴
Re: [Ejbca-develop] Ejbca and CSR Approbation
|
From: Tomas G. <to...@pr...> - 2009-10-26 11:45:59
|
It is also possible to build custom workflows using the approval mechanism. We have done such work-flows before where the actual CSR is submitted as a first step and kept across when the administrator approves the addition of the end entity. (this was done in a project and we never got clearence to release the external code under lgpl unfortunately). It wasn't much though and simply demonstrates that you can custom build almost any work-flow with a jsp page and a servlet. /Tomas Markus Kilås wrote: > Hello Maxime, > > EJBCA has a concept called approvals that I think is similar but not > exactly what you are looking for: > http://www.ejbca.org/manual.html#Approving%20Actions > > You could then configure the certificate profile to require approval > when adding an end entity. The request for adding a new end entity will > then have to be approved by another administrator and first after that > can the certificate be downloaded by the user. > > However this validation step is before the end entity is created and not > after the CSR is submited. > > What do you want to have validated at the time of CSR submission? > > The parts that will go into the certificate is taken from the > certificate profile and only the public key is read from the CSR so I am > not sure if there are anything more to validate. > > > Best Regards, > Markus > > > Maxime_V wrote: >> Hello, >> >> I'm currently working on an ejbca demonstration. >> >> The CSR approbation is a feature I would like to demonstrate, but I do not >> know if it's possible to do so with EJBCA (at least I do not know how to do >> it). >> >> I have created and end entity profile and a certificate profile to manage >> server certificates. >> >> I would like that the certificate requesters have their request being >> approved by an ejbca administrator before they could download their new >> certificate. >> >> Currently, when I'm testing it, I go to the public pages == > create >> certificate from CSR, use my end entity user credentitials, add the csr, and >> when I click on the "OK button", I get directly the certificate file ".pem". >> >> How could I add a validation (approbation) step between the csr submission >> and the certificate download ? >> >> Thanks in advance for your help ! >> >> Regards, >> >> Maxime > > |