Menu
▾
▴
Re: [Ejbca-develop] EJBCA: Writting Certificate to USB Token. How to
|
From: Branko M. <br...@ma...> - 2015-08-23 21:21:49
|
On Thu, 20 Aug 2015 10:06:40 +0700 Toan Tran Tuan <toa...@gm...> wrote: > At the moment, I am configuring and running EJBCA v6.2.0 community version. > I already issued certificates to users by creating entities and let users > retrieve their certificate (P12) from public website. > > However, the next phase I have to implement that is, not allow user > retrieve the certificate from public website, I have to do it myself and > put user's certificate into an USB Token for security issues. > > I read about EJBCA's HSM configuration, but I am not sure what I have to do. > > Is there anybody can help me in this issue please. How about using the browser enrollment with properly configured web browser? Otherwise you could look into using something like OpenSC's pkcs11-tool to generate key, create CSR, then provide this CSR to EJBCA for signing. In either case you would need to set token type for users to "User Generated". This probably has nothing to do with HSM config, btw - this is purely a client-side solution to implement. Best regards -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
