Menu
▾
▴
Re: [Ejbca-develop] Adding admin user certificates
|
From: Tomas G. <to...@pr...> - 2014-12-09 14:54:48
|
It's just that keytool needs the certificate in DER format, not PEM. There is also the command "ant javatruststore" in EJBCA. /Tomas On 2014-12-09 15:43, Michael Postmann wrote: > Thanks for the suggestion. > > However I'm not able to import the CA-Certificate into the truststore. > The SubCA was created in EJBCA. > > I opened the corresponding crypto token and downloaded the public key aliased "defaultKey" and got a file in ".pem" format. > I transferred this file back to the server and tried to import it using keytool, but only got an error message: > > ---SNIP--- > # keytool -import -trustcacerts -file /tmp/defaultKey.pem -keystore p12/truststore.jks -storepass changeit -alias pkiadminuserca > keytool error: java.lang.Exception: Input not an X.509 certificate > ---SNAP--- > > I do not have to import the private key of the SubCA into the truststore, do I? > > cheers > nomike > > -----Ursprüngliche Nachricht----- > Von: Tomas Gustavsson [mailto:to...@pr...] > Gesendet: Dienstag, 9. Dezember 2014 14:45 > An: ejb...@li... > Betreff: Re: [Ejbca-develop] Adding admin user certificates > > You need to update the JBoss truststore to trust new CA certificates. > > http://ejbca.org/docs/userguide.html#Administrators%20issued%20by%20external%20CAs > > Regards, > Tomas > ----- > Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. > http://www.primekey.se/Products/EJBCA+PKI/ > http://www.primekey.se/Services/Support/ > > On 2014-12-09 14:23, Michael Postmann wrote: >> Hi! >> >> I've created a new internal RootCA for our company and a SubCA for >> issuing SSL Client certificates for accessing the EJBCA admin panel >> which will be provided to the individual users. >> >> I've created one such test certificate and imported it into my local >> Firefox keystore. When I now try to access the EJBCA-Admin GUI, >> Firefox asks me which certificate I'd like to use. However it only >> offers the "SuperAmin" certificate and not the one I've just created. >> >> Does EJBCA somehow tell the Browser to only ask the user for a limited >> set of certificates (e.g. signed by a specific CA)? Is this configurable? >> >> cheers >> >> nomike >> >> >> >> ---------------------------------------------------------------------- >> -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT >> Server from Actuate! Instantly Supercharge Your Business Reports and >> Dashboards with Interactivity, Sharing, Native Excel Exports, App >> Integration & more Get technology previously reserved for >> billion-dollar corporations, FREE >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg. >> clktrk >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ------------------------------------------------------------------------------ > Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server > from Actuate! Instantly Supercharge Your Business Reports and Dashboards > with Interactivity, Sharing, Native Excel Exports, App Integration & more > Get technology previously reserved for billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
