Menu
▾
▴
Re: [Ejbca-develop] Getting CA certificates in PKCS#7
|
From: ejbca-support <ejb...@pr...> - 2012-09-06 06:33:16
|
On 2012-09-06 06:58, Julien PASQUIER wrote: Hi Julien, > I would like to get directly the PKCS#7 file containing the CA chain from an EJBCA URL like this: > https://.../ejbca/publicweb/webdist/certdist?cmd=cachain&caid=-1822512352&format=*pkcs7* > > Is it possible to add this new functionnality in a next release of EJBCA? It definitely is but I would rather recommend you (and EJBCA dev) using OpenSSL and expose the PKCS #7 blob on a *public* web server as a static file. Regards, Anders tech support > > Regards, > Julien > > Le 05/09/2012 14:56, ejbca-support a écrit : >> On 2012-09-05 11:09, Julien PASQUIER wrote: >>> Hello, >>> >>> I would like to specify in the AIA (Authority Information Access) extension of an end entity certificate the URL of a PKCS#7 file containing CA certificates (issuer of the end entity and parent's certificates up to the root CA). It seems to be that EJBCA is able to get CA certificates in PEM but not in PKCS#7 "certs-only" which is required by the RFC 5280 (page 49): >>> >>> Where the information is available via HTTP or FTP, accessLocation >>> MUST be a uniformResourceIdentifier and the URI MUST point to either >>> a single DER encoded certificate as specified in [RFC2585] or a >>> collection of certificates in a BER or DER encoded "certs-only" CMS >>> message as specified in [RFC2797]. >>> >>> How can I get CA certificates in CMS/PKCS#7 "certs-only" from EJBCA ? >> I don't know either but OpenSSL seems to be what you are looking for: >> >> http://langui.sh/2009/03/20/creating-a-pkcs7-p7b-using-openssl >> >> Cheers, >> Anders >> tech support >> >>> Regards, >>> Julien >>> >>> >>> ------------------------------------------------------------------------------ >>> Live Security Virtual Conference >>> Exclusive live event will cover all the ways today's security and >>> threat landscape has changed and how IT managers can respond. Discussions >>> will include endpoint security, mobile security and the latest in malware >>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >>> >>> >>> >>> _______________________________________________ >>> Ejbca-develop mailing list >>> Ejb...@li... >>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>> >> > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
