Menu
▾
▴
Re: [Ejbca-develop] Adding admin user certificates
|
From: Michael P. <M.P...@pa...> - 2014-12-09 14:44:01
|
Thanks for the suggestion. However I'm not able to import the CA-Certificate into the truststore. The SubCA was created in EJBCA. I opened the corresponding crypto token and downloaded the public key aliased "defaultKey" and got a file in ".pem" format. I transferred this file back to the server and tried to import it using keytool, but only got an error message: ---SNIP--- # keytool -import -trustcacerts -file /tmp/defaultKey.pem -keystore p12/truststore.jks -storepass changeit -alias pkiadminuserca keytool error: java.lang.Exception: Input not an X.509 certificate ---SNAP--- I do not have to import the private key of the SubCA into the truststore, do I? cheers nomike -----Ursprüngliche Nachricht----- Von: Tomas Gustavsson [mailto:to...@pr...] Gesendet: Dienstag, 9. Dezember 2014 14:45 An: ejb...@li... Betreff: Re: [Ejbca-develop] Adding admin user certificates You need to update the JBoss truststore to trust new CA certificates. http://ejbca.org/docs/userguide.html#Administrators%20issued%20by%20external%20CAs Regards, Tomas ----- Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. http://www.primekey.se/Products/EJBCA+PKI/ http://www.primekey.se/Services/Support/ On 2014-12-09 14:23, Michael Postmann wrote: > Hi! > > I've created a new internal RootCA for our company and a SubCA for > issuing SSL Client certificates for accessing the EJBCA admin panel > which will be provided to the individual users. > > I've created one such test certificate and imported it into my local > Firefox keystore. When I now try to access the EJBCA-Admin GUI, > Firefox asks me which certificate I'd like to use. However it only > offers the "SuperAmin" certificate and not the one I've just created. > > Does EJBCA somehow tell the Browser to only ask the user for a limited > set of certificates (e.g. signed by a specific CA)? Is this configurable? > > cheers > > nomike > > > > ---------------------------------------------------------------------- > -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT > Server from Actuate! Instantly Supercharge Your Business Reports and > Dashboards with Interactivity, Sharing, Native Excel Exports, App > Integration & more Get technology previously reserved for > billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg. > clktrk > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
