Menu
▾
▴
Re: [Ejbca-develop] Adding admin user certificates
|
From: Michael P. <M.P...@pa...> - 2014-12-09 16:05:21
|
I'm not sure in which format the key is: ---SNIP--- root@server /tmp # cat defaultKey.pem :( -----BEGIN PUBLIC KEY----- MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjth4dOk72dVII56T/EJ0 tmC11daQtJynfmrxcV0gDrxfd/6qTTlNY9jwcAo/C/q/5Cvon2nn7URILmDrlibv BiHS0ScHtA4OEj6y7pXil7Go59aO8n/qgr7NCGSYIEUVDa+6bCACTOISsEgzO6/L MUzNcSMHA4mI7DgQeffGBWrEsB9TlOHxBCnF3cqQ9aFGzp6Foewv4kk/iVff/eZm xKUk4OMTWgQadIQC/fpj0VyKAeppwwogJahV3GP6CPiALVPbiOvfBxMr6Pem1Udw NcNQSZ4ihgDDdIXbFXyqDjMoKQgF0D5PHUEOIfmZ08cgk9qULUK3OwBhgOwmCIPQ GQIDAQAB -----END PUBLIC KEY----- root@server /tmp # openssl x509 -in defaultKey.pem -inform PEM -out defaultKey.crt -outform DER unable to load certificate 140050112972616:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:703:Expecting: TRUSTED CERTIFICATE 1 root@server /tmp # openssl x509 -in defaultKey.pem -inform DER -out defaultKey.crt -outform DER :( unable to load certificate 139951552452424:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: 139951552452424:error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509 ---SNAP--- Any suggestions? cheers nomike -----Ursprüngliche Nachricht----- Von: Tomas Gustavsson [mailto:to...@pr...] Gesendet: Dienstag, 9. Dezember 2014 15:55 An: ejb...@li... Betreff: Re: [Ejbca-develop] Adding admin user certificates It's just that keytool needs the certificate in DER format, not PEM. There is also the command "ant javatruststore" in EJBCA. /Tomas On 2014-12-09 15:43, Michael Postmann wrote: > Thanks for the suggestion. > > However I'm not able to import the CA-Certificate into the truststore. > The SubCA was created in EJBCA. > > I opened the corresponding crypto token and downloaded the public key aliased "defaultKey" and got a file in ".pem" format. > I transferred this file back to the server and tried to import it using keytool, but only got an error message: > > ---SNIP--- > # keytool -import -trustcacerts -file /tmp/defaultKey.pem -keystore > p12/truststore.jks -storepass changeit -alias pkiadminuserca keytool > error: java.lang.Exception: Input not an X.509 certificate > ---SNAP--- > > I do not have to import the private key of the SubCA into the truststore, do I? > > cheers > nomike > > -----Ursprüngliche Nachricht----- > Von: Tomas Gustavsson [mailto:to...@pr...] > Gesendet: Dienstag, 9. Dezember 2014 14:45 > An: ejb...@li... > Betreff: Re: [Ejbca-develop] Adding admin user certificates > > You need to update the JBoss truststore to trust new CA certificates. > > http://ejbca.org/docs/userguide.html#Administrators%20issued%20by%20ex > ternal%20CAs > > Regards, > Tomas > ----- > Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. > http://www.primekey.se/Products/EJBCA+PKI/ > http://www.primekey.se/Services/Support/ > > On 2014-12-09 14:23, Michael Postmann wrote: >> Hi! >> >> I've created a new internal RootCA for our company and a SubCA for >> issuing SSL Client certificates for accessing the EJBCA admin panel >> which will be provided to the individual users. >> >> I've created one such test certificate and imported it into my local >> Firefox keystore. When I now try to access the EJBCA-Admin GUI, >> Firefox asks me which certificate I'd like to use. However it only >> offers the "SuperAmin" certificate and not the one I've just created. >> >> Does EJBCA somehow tell the Browser to only ask the user for a >> limited set of certificates (e.g. signed by a specific CA)? Is this configurable? >> >> cheers >> >> nomike >> >> >> >> --------------------------------------------------------------------- >> - >> -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT >> Server from Actuate! Instantly Supercharge Your Business Reports and >> Dashboards with Interactivity, Sharing, Native Excel Exports, App >> Integration & more Get technology previously reserved for >> billion-dollar corporations, FREE >> http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg. >> clktrk >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > ---------------------------------------------------------------------- > -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT > Server from Actuate! Instantly Supercharge Your Business Reports and > Dashboards with Interactivity, Sharing, Native Excel Exports, App > Integration & more Get technology previously reserved for > billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg. > clktrk _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > ---------------------------------------------------------------------- > -------- Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT > Server from Actuate! Instantly Supercharge Your Business Reports and > Dashboards with Interactivity, Sharing, Native Excel Exports, App > Integration & more Get technology previously reserved for > billion-dollar corporations, FREE > http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg. > clktrk _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > ------------------------------------------------------------------------------ Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server from Actuate! Instantly Supercharge Your Business Reports and Dashboards with Interactivity, Sharing, Native Excel Exports, App Integration & more Get technology previously reserved for billion-dollar corporations, FREE http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
