Menu
▾
▴
Re: [Ejbca-develop] How to stand up a standalone EJBCA OCSP Responder (not using the OVA)?
|
From: o h. <oh...@ya...> - 2019-06-25 15:27:03
|
Hi,
In the Adminweb, under the "Manage Crypto Tokens" I see a line for the ManagementCA, but there is a red X in 'Active'.
I think that I need to Activate it, but it looks like I need an authentication code or something to do that.
How can I activate the crypto token?
Thanks,Jim
On Tuesday, June 25, 2019, 9:33:47 AM UTC, Tomas Gustavsson <to...@pr...> wrote:
An EJBCA installed as a CA can work as a VA as well. You can create OCSP
key binding for other CAs. There is documentation for OCSP on database
structures and such if you want to manually sync databases (you can work
with your VA in many different ways)
One feature related to VAs, making it automated, is Peer Systems. This
automation is an Enterprise feature however.
https://www.ejbca.org/docs/Peer_Systems.html
Regards,
Tomas
---
PrimeKey Tech Days 2019
Stockholm, Sweden
17-18 September
www.primekey.com/tech-days
On 2019-06-25 11:14, o haya via Ejbca-develop wrote:
> Hi,
>
> It took me the whole weekend plus most of today/tonight, but I was now
> able to build EJBCA under JBOSS 7.2.
>
> Unfortunately, I didn't see your response, so I took the "Install EJBCA
> as CA with a Management CA" branch on this page:
>
> https://www.ejbca.org/docs/Installing_EJBCA.html
>
> instead of the "Install EJBCA as an RA or VA" branch, so I am going to
> have to try again with the VA installation.
>
> So, to be clear, you think that if I install the EJBCA as VA, that will
> allow us to have an OCSP Responder that can support multiple CRLs from
> different CAs?
>
> Is that correct?
>
> Thanks,
> Jim
>
>
>
> On Tuesday, June 25, 2019, 8:32:25 AM UTC, Tomas Gustavsson
> <to...@pr...> wrote:
>
>
> Hi,
>
> Yes, a VA is what you a looking for, at least that's what it sounds like.
>
> Regards,
> Tomas
> ---
> PrimeKey Tech Days 2019
> Stockholm, Sweden
> 17-18 September
> www.primekey.com/tech-days
>
>
> On 2019-06-21 14:35, o haya via Ejbca-develop wrote:
>> [Re-sending to the mailing list because I think I was sending to the
>> wrong place... plus I wasn't seeing my post on the archives.]
>>
>>
>> Hi,
>>
>> Previously, we had worked with the EJBCA OCSP responder by using the
>> EJBCA OVA and then configuring an OCSP Responder.
>>
>> Now, we want to try to stand up a new, standalone EJBCA OCSP Responder.
>>
>> By "standalone", I mean an OCSP Responder, only without the EJBCA CA
>> functionality, where the OCSP Responder can host/support the OCSP
>> Responder functionality for CRLs from multiple ("external") CAs.
>>
>> I've been looking through the EJBCA documentation, but I am not sure how
>> to accomplish that?
>>
>> I have found this page:
>>
>> https://www.ejbca.org/docs/Installing_EJBCA.html
>>
>> And I was wondering if the 3rd bullet, "Install EJBCA as an RA or VA",
>> is what I need to follow, and setup EJBCA as a VA (Validation Authority?)?
>>
>> If not, can someone point me to the procedure for standing up such "a
>> standalone EJBCA OCSP Responder"?
>>
>> Thanks,
>> Jim
>
>>
>>
>>
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
> <mailto:Ejb...@li...>
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> <mailto:Ejb...@li...>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
|
