From: Tomas G. <to...@pr...> - 2012-09-10 17:55:12
|
When submitting CSRs you must use keystore type "USERGENERATED", everything else means server generated keys. Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 09/10/2012 06:04 PM, Jack D. Pond wrote: > Even more information: > 2012-09-06 17:36:09,802 INFO [org.ejbca.core.model.log.Log4jLogDevice] > (http-0.0.0.0-8443-2) 2012-09-06 17:36:09-04:00, CAId : -1724983956, CA, > EVENT_INFO_REQUESTCERTIFICATE, Administrator : PUBLICWEBUSER : IP > Address : [CA IP Addr], User : SSLVPN_wbcb1490_com, Certificate : No > certificate involved, Comment : Received certificate request for user > SSLVPN_wbcb1490_com for CA [CAId] with certificate profile [cpprofile]. > > 2012-09-06 17:36:09,956 INFO [org.ejbca.core.model.log.Log4jLogDevice] > (http-0.0.0.0-8443-2) 2012-09-06 17:36:09-04:00, CAId : [CAId], CA, > EVENT_INFO_CREATECERTIFICATE, Administrator : PUBLICWEBUSER : IP Address > : [CA IP Addr],User : SSLVPN_wbcb1490_com, Certificate : No certificate > involved, Comment : Illegal key length: 1024. > > *From:*Jack D. Pond [mailto:jac...@ps...] > *Sent:* Monday, September 10, 2012 12:25 PM > *To:* ejb...@li... > *Subject:* Re: [Ejbca-develop] CSR Request Failing in Create Certificate > from CSR, Public Web Interface > > Oh, Little more information: > > java version "1.6.0_24" > > OpenJDK Runtime Environment (IcedTea6 1.11.4) (6b24-1.11.4-1ubuntu0.12.04.1) > > OpenJDK 64-Bit Server VM (build 20.0-b12, mixed mode) > > *From:*Jack D. Pond [mailto:jac...@ps...] > <mailto:[mailto:jac...@ps...]> > *Sent:* Monday, September 10, 2012 12:09 PM > *To:* ejb...@li... > <mailto:ejb...@li...> > *Subject:* [Ejbca-develop] CSR Request Failing in Create Certificate > from CSR, Public Web Interface > > Whether asking for entity PKCS #7 or PEM, get “Invalid Key in request: > Illegal key length: 1024.. Please supply a correct request.” > > Note: If doing batch generation, no problem, generates 2048 key & cert, > so I know the 2048 part on the end entity is correct, but of course then > it’s not using the user created key from the CSR. > > I saw this bug, but assuming since closed, not relevant: > https://jira.primekey.se/browse/ECA-1613?page=com.atlassian.jira.plugin.system.issuetabpanels%3Achangehistory-tabpanel > > Debug Information: CSR: PEM, 2048 bit – obviously, I’m going to throw > this one away. > > -----BEGIN CERTIFICATE REQUEST----- > > MIIC9DCCAdwCAQAwga4xHDAaBgNVBAMTE3NzbHZwbi53YmNiMTQ5MC5jb20xKDAm > > BgkqhkiG9w0BCQEWGXN1cHBvcnRAbGV4dGVjaGF1ZGl0cy5jb20xCzAJBgNVBAYT > > AlVTMRUwEwYDVQQIEwxQZW5uc3lsdmFuaWExFzAVBgNVBAcTDkZhaXJsZXNzIEhp > > bGxzMRIwEAYDVQQKEwlXQkNCIDE0OTAxEzARBgNVBAsTClByb2R1Y3Rpb24wggEi > > MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD5oKhG73qA8JxZNTlLpwOpHX7m > > mlKBjmVSIs8OlJRkEsAFR9WWS2pldVqA3OnANPJNodzDrQzYDeRpl6ZwNuylMcTR > > 9w32A4nobZtpuYlHTWB81dQ5O6vylte6VYr3Rv2J0caRF1S0CTdA64wh2AGl7kng > > zOD5UmGc+vUwgWNHX6buUNURJAOXNegp/0AeCV6JD3WfRfSbXoKF4eDAH/mYRqKw > > 7XXQ/WcPgHqy8HDuaN9AF1f/rEvya8nShZNsaTGgapyfkpn1GUTaIVjW0UaG9tee > > eZag0V1oZLzcBob4dkinz/7FoYB2BSAxwBPsmQlQgWub4EKagZRubTld0O3HAgMB > > AAGgADANBgkqhkiG9w0BAQUFAAOCAQEAukcNs0mkTlehUmrypwCltcEcMxWaYL/n > > xcOUel6nifqh7ulq4ioHqKRVxwdgO83EcQtUkg4OLBnD+WVfzNgANhiQjXj+1wYH > > rTJhYPFFGHQv9dbajSw6ARY77cD02JfLipGJBeEXB7B1DWTJyiaNk6po0ahCfupv > > vvb4iEag+xJO/1biXSibMsUAJkaMlm5ue2oH0lhNt+2u64pxkyRNvHx8Y8sugRBL > > 0FSK3EyBZBYSNPJtUUNQCF/N1eqDIbbnLKo6Z7ALcj/fqMgIcy7nda+mdrWSTFRM > > rfsZyWOZn7L0z1IHeCHk9Cjhc81400ph16lvkmHluy+ABelCUnFXaw== > > -----END CERTIFICATE REQUEST----- > > CSR Details (from) >openssl req -text -noout -in “CertName.csr " > > Certificate Request: > > Data: > > Version: 0 (0x0) > > Subject: > CN=sslvpn.wbcb1490.com/emailAddress=su...@le... > <mailto:CN=sslvpn.wbcb1490.com/emailAddress=su...@le...>, > C=US, ST=Pennsylvania, L=Fairless Hills, O=WBCB 1490, OU=Production > > Subject Public Key Info: > > Public Key Algorithm: rsaEncryption > > Public-Key: (2048 bit) > > Modulus: > > 00:f9:a0:a8:46:ef:7a:80:f0:9c:59:35:39:4b:a7: > > 03:a9:1d:7e:e6:9a:52:81:8e:65:52:22:cf:0e:94: > > 94:64:12:c0:05:47:d5:96:4b:6a:65:75:5a:80:dc: > > e9:c0:34:f2:4d:a1:dc:c3:ad:0c:d8:0d:e4:69:97: > > a6:70:36:ec:a5:31:c4:d1:f7:0d:f6:03:89:e8:6d: > > 9b:69:b9:89:47:4d:60:7c:d5:d4:39:3b:ab:f2:96: > > d7:ba:55:8a:f7:46:fd:89:d1:c6:91:17:54:b4:09: > > 37:40:eb:8c:21:d8:01:a5:ee:49:e0:cc:e0:f9:52: > > 61:9c:fa:f5:30:81:63:47:5f:a6:ee:50:d5:11:24: > > 03:97:35:e8:29:ff:40:1e:09:5e:89:0f:75:9f:45: > > f4:9b:5e:82:85:e1:e0:c0:1f:f9:98:46:a2:b0:ed: > > 75:d0:fd:67:0f:80:7a:b2:f0:70:ee:68:df:40:17: > > 57:ff:ac:4b:f2:6b:c9:d2:85:93:6c:69:31:a0:6a: > > 9c:9f:92:99:f5:19:44:da:21:58:d6:d1:46:86:f6: > > d7:9e:79:96:a0:d1:5d:68:64:bc:dc:06:86:f8:76: > > 48:a7:cf:fe:c5:a1:80:76:05:20:31:c0:13:ec:99: > > 09:50:81:6b:9b:e0:42:9a:81:94:6e:6d:39:5d:d0: > > ed:c7 > > Exponent: 65537 (0x10001) > > Attributes: > > a0:00 > > Signature Algorithm: sha1WithRSAEncryption > > ba:47:0d:b3:49:a4:4e:57:a1:52:6a:f2:a7:00:a5:b5:c1:1c: > > 33:15:9a:60:bf:e7:c5:c3:94:7a:5e:a7:89:fa:a1:ee:e9:6a: > > e2:2a:07:a8:a4:55:c7:07:60:3b:cd:c4:71:0b:54:92:0e:0e: > > 2c:19:c3:f9:65:5f:cc:d8:00:36:18:90:8d:78:fe:d7:06:07: > > ad:32:61:60:f1:45:18:74:2f:f5:d6:da:8d:2c:3a:01:16:3b: > > ed:c0:f4:d8:97:cb:8a:91:89:05:e1:17:07:b0:75:0d:64:c9: > > ca:26:8d:93:aa:68:d1:a8:42:7e:ea:6f:be:f6:f8:88:46:a0: > > fb:12:4e:ff:56:e2:5d:28:9b:32:c5:00:26:46:8c:96:6e:6e: > > 7b:6a:07:d2:58:4d:b7:ed:ae:eb:8a:71:93:24:4d:bc:7c:7c: > > 63:cb:2e:81:10:4b:d0:54:8a:dc:4c:81:64:16:12:34:f2:6d: > > 51:43:50:08:5f:cd:d5:ea:83:21:b6:e7:2c:aa:3a:67:b0:0b: > > 72:3f:df:a8:c8:08:73:2e:e7:75:af:a6:76:b5:92:4c:54:4c: > > ad:fb:19:c9:63:99:9f:b2:f4:cf:52:07:78:21:e4:f4:28:e1: > > 73:cd:78:d3:4a:61:d7:a9:6f:92:61:e5:bb:2f:80:05:e9:42: > > 52:71:57:6b > > Jack D. Pond > Description: Description: C:\Users\Jack D > Pond\AppData\Roaming\Microsoft\Signatures\JDP-PSITEX_files\image001.png > > */"Truth is the summit of being; justice is the application of it to > affairs." -- Ralph Waldo Emerson, (1803-1882)/* > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |