Menu
▾
▴
Re: [Ejbca-develop] RA Admin Web Interface
|
From: Tomas G. <to...@pr...> - 2002-07-04 15:32:57
|
> 1) javax.servlet.ServletException: Client certificate required. > 2) se.anatom.ejbca.webdist.ejbcaathorization.AuthorizationDeniedException: > Client certificate required. > > The only point which I didnt fully understand was : > > 6. Create a PKCS12 file with EJBCA for a user with CN=walter and the RAADMIN > bit (temporarily CN=walter gives adminrights). > > What exactly is the "RAADMIN bit" You must create your 'walter' user with type RAADMIN (32) ra.sh adduser walter foo "C=SE,O=Foo,CN=walter" null 32 The user-type is a bitmask, this is why it says RAADMIN bit, i.e. a user can be both an END_USER, CAADMIN and RAADMIN at the same time. After creating a user with CN=walter you must get a certificate for that user in your browser, this can be done either by: 1. Normal enrollment att http://localhost:8080/apply 2. By batch-creating a p12-file and importing it in the browser (may not work in Mozilla/Netscape for the moment due to unknown reasons, but it will eventually). > Also there seems to be a discrepency in that the initial keytool commands > (point 3) use .keystore, this same keystore name doesnt work in point 3 - > "Import to the keystore" (see [COMMENTS] below for notes), so .keystore > needs to be changed to simply "keystore". This is then renamed (point 4) to > .keystore which I assume would overwrite the .keystore generated at the > beginning of point 3. (I am currently looking at this, and will try using > all keytool commands with simply "keystore", and then renaming) > > Did that last paragraph make sense ? :-) I think it did, thanks for the document! I will use it to update the documentation (next week). Regards, Tomas |
