RE: [Ejbca-develop] RA Admin Web Interface

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Something seems to be failing when I try to create the PEM file with the CA
Certificate (unfortunaly I do not have openssl to try the second method of
creating this), the batch.sh file processes correctly (i.e. no errors) and
creates a "pem" directory in ejbca/ but this is empty so I have nothing to
concatenate.

These are the steps I am following :

keytool -genkey -keyalg RSA -alias raa-alias -keystore .keystore -storepass
1qaz1qaz
	What is your first and last name? :  JOHN DOE
	What is the name of your organizational unit? :  ORG-UNIT
	What is the name of your organization?]:  ORG
	What is the name of your City or Locality? :  SMALLVILLE
	What is the name of your State or Province? :  SMALLSHIRE
	What is the two-letter country code for this unit? :  GB
	Is CN=JOHN DOE, OU=ORG-UNIT, O=ORG, L=SMALLVILLE, ST=SMALLSHIRE,
C=GB correct? :  yes

	Enter key password for <raa-alias>
        	(RETURN if same as keystore password):

keytool -certreq -alias raa-alias -file raa-admin.req -keystore .keystore
-storepass 1qaz1qaz

./ra.sh adduser raa-users 1qaz1qaz "CN=JOHN DOE, OU=ORG-UNIT, O=ORG, C=GB"
"na...@se..." 32
	Trying to add user:
	Username: raa-users
	Password (hashed only): 1qaz1qaz
	DN: CN=JOHN DOE, OU=ORG-UNIT, O=ORG, C=GB
	Email: na...@se...
	Type: 32
	User 'raa-users' has been added.

	Note: If batch processing should be possible,
	also use 'ra setclearpwd raa-users <pwd>'.

./ra.sh setuserstatus raa-users 10

./ca.sh processreq raa-users 1qaz1qaz raa-admin.req raa-admin.pem
	Processing cert request:
	Username: raa-users
	Password: 1qaz1qaz
	Request file: raa-admin.req
	Wrote certificate (PEM-format) to file raa-admin.pem

./ra.sh setclearpwd raa-users 1qaz1qaz
	Setting clear text password 1qaz1qaz for user raa-users

[NOTES : sh ./batch.sh -pem searches for users with status 10 (new)
following the above creates a user with status 40]
./ra.sh setuserstatus raa-users 10
	New status for user raa-users is 10

sh ./batch.sh -pem
	0    [main] INFO  se.anatom.ejbca.batch.BatchMakeP12  - Generating
PEM-files.
	7    [main] INFO  se.anatom.ejbca.batch.BatchMakeP12  - Generating
for all NEW.
	285  [main] INFO  se.anatom.ejbca.batch.BatchMakeP12  - Generating
keys for raa-users
	11421 [main] INFO  se.anatom.ejbca.batch.BatchMakeP12  - Created P12
for raa-users.
	11486 [main] INFO  se.anatom.ejbca.batch.BatchMakeP12  - 1 new users
generated successfully - :raa-users
	11487 [main] INFO  se.anatom.ejbca.batch.BatchMakeP12  - Generating
for all FAILED.
	11568 [main] INFO  se.anatom.ejbca.batch.BatchMakeP12  - 0 new users
generated successfully -

At this stage the "pem" directory created in ejbca/ but this is empty

-----Original Message-----
From: Tomas Gustavsson [mailto:to...@pr...]
Sent: 03 July 2002 05:23
To: Manuel Reyes
Cc: ejb...@li...
Subject: RE: [Ejbca-develop] RA Admin Web Interface

While it is 'herrvendil' who is doing the work on the admin panel, I can
still answer quesitons :-)

> "Download the CA certificate, transfer to PEM-format and concatenate the
> certificates together in 'tomcat.pem.'"

When I import the certificates with keytool I must have one file
containing both the ra-admins certificate and the CA-certificate. If I try
to import them one by one using keytool, it complains.
When getting the CA-certificate using ca.sh/cmd it is stored in raw
DER-encoded format, so (at least I) must make it into PEM-format (using
for instance openssl) and then put both certificates together in one file,
tomcat.pem as I called it.
Eventually the CA-certificate will be possible to store in PEM-format as
well...

> Following the steps detailed previously to this one, I now have a
tomcat.req
> and a tomcat.pem in my EJBCA directory

And the tomcat.pem should contain both the ra-admins certificate and the
CA-certificate.

Regards,
Tomas