Re: [Ejbca-develop] Replacing Temporary Certificates

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Tue, 2004-04-20 at 04:10, Philip Vendil wrote:

> Hi
> 
> 1. Do you get the same error when you try to go the the noclientcert port
> 8442/ejbca? Which CA have issued the administrator certificate? Is the new CA
> cert importet into IE?

Essentially yes.  It does not ask for the client cert to use.  Otherwise
identical.
I'm sorry, when I wrote this last evening I was quite tired.  The newly
created CA is identical to the temp created during the startup (ca.sh
init) except that I have included the OSCP and CRT stuff.  The Tomcat
cert created during the startup (setup-adminweb.sh) is identical to the
cert created with the new CA.  I imported the new CA cert into cacerts,
I placed the new Tomcat cert accordingly so JBoss can use it.  I
imported the new CA into IE (6.0).  The only thing about this import is
that the Friendly name is empty.

New Tomcat Cert contents are identical to the temp setup (which works)
The contents of the New CA Cert that are different than the temp CA are
as follows:
Subject CN=Cert name (different then temp cert, the rest of the dn is
identical)
Name                   Object Identifier
-                       1.3.6.1.5.5.7.1.1    http:....../status/oscp
CRL Distribution Points    2.5.29.31         
http:......cmd=crl&issuer=CN=.....
Extended Key Usage      2.5.29.37          (OSCP 1.3.6.1.5.5.7.3.9)

> 2. The lag of the authorization module is intended to be this way in an effort
> to enhance performance. All authorizationdata is cached in memory for speed, and
> the cache isn't updated instantly. I could alter the update interval if the
> behaviour is annoying.

It's not so annoying once I understand what's happening.  Perhaps an XML
setting would be nice, but not necessary.

> 3. I will look at the cancel button when I have time.
> 
> Philip

Any help is greatly appreciated.

Thanks!

Gerard

> Gerard Gagliano <ge...@si...> said:
> 
> > Hi,
> >
> > I have be working on separating what I create from the bootstrap
> > 'temporary' certificates that are created when I initially set up EJBCA.
> > Using: EJBCA 3.0 b2, JBoss 3.2.3, Java 1.4.0, Firefox, IE
> >
> > There are several things occurring that I would greatly appreciate some
> > help regarding.
> >
> > ) I cannot seem to create a new Tomcat certificate (from a new CA) that
> > successfully is accepted by Firefox and IE.  I add the Root to my
> > cacerts file and Firefox accepts it.  IE will not accept it and gives a
> > worthless error message 'The Page Cannot be Displayed', suggesting that
> > the server is not found or a DNS Error.  The certs look identical.  The
> > differences in the CA are OSCP and CRL definitions.
> >
> > ) When I create an administrator group administrator, it appears as
> > though there is a lag getting the data into the database.  It is
> > possible for me to create the administrator, shut down my browser and
> > start it back up, and EJBCA reports that I do not have privileges.  I
> > can wait a minute and try it again, and I successfully gain access.
> >
> > ) While in 'Edit Access Rules', pressing Cancel does nothing.
> >
> > The last one is of no consequence and should be fixed when there's
> > nothing else to do. :-)
> >
> > Any help all on the 1st one is greatly appreciated.
> >
> > Thanks in advance.
> >
> > Gerard
> >
> >
> 
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop