how can load my certificates they are on post

[Manuel Rodriguez Coria]

i want modify the demo pdfsigner
so where i must to chango in pdfsigner demo
for load the certificate that i have on a db in postgres..
any help is good

[Manuel Rodriguez Coria]

I WANT LOAD MY CERTIFICATE DATA ON SAMPLE MODULE PDFSIGNER…
IN demo-part-config.properties…..
this are the fields that i must change???

WORKERGENID1.KEYDATA=
WORKERGENID1.SIGNERCERTCHAIN=

if yes where i can found if i use a database in ejbca for store my certification data….?

[Tomas Gustavsson]

I recommend using a pkcs12 keystore instead. For an example how to configure a pkcs12 keystore see mrtdsodsigner/soft-part-config.properties.

Cheers,
Tomas

[Manuel Rodriguez Coria]

thanks for still help me tomas…..

the database is necessary ..how can do this on db?

[Tomas Gustavsson]

I'm sorry but don't understand. You don't have to do anything with the database to get a pkcs12 file and edit demo-part-config.properties.

[Manuel Rodriguez Coria]

when i install ejbca with postgres i not creates any p12 folder or any p12 file…so

all certificate that i create are in table "certificatedata" ..so

i think base64cert column of this table i must copy to WORKERGENID1.SIGNERCERTCHAIN= of demo-part-config.properties for make a fast test of pdfsigner but with my own certificate….do you understand me?

the real question maybe is how can test with "my own" certificate the pdfsigner demo? what must to change…

[Tomas Gustavsson]

No you can't do like that. Perhaps the cert is base64 encoded but you don't have the private key do you?

first learn how to issue a pkcs12 keystore from ejbca then use that. A hint is to look at the "keystore type" when adding end entities.

[Manuel Rodriguez Coria]

this i want ask  where i can find private key on this tables of postgres..

[Tomas Gustavsson]

You can't it's not there.

[Manuel Rodriguez Coria]

is any way for get "certication data" from a database and replace the properties data on the sample of pdfsigner??

my future sample i have a lot of signers …so i want select this on the database his certificates…

[Manuel Rodriguez Coria]

this is ok ?

[Tomas Gustavsson]

You need the private key. the best way to get the certificate and private key is to generate pkcs12 tokens as I mentioned, and configure them on the pdf signer according to the example I gave,

[Tomas Gustavsson]

I already responded no to that. There is no way you can get the private key from that database, it does not exist.

[Manuel Rodriguez Coria]

understood…sorry if i repeat this,,,
I'll see your recommendations…

but do not understand how pdfsigner demo is loading the certificate ..
I suppose that these two properties, or am I wrong?

WORKERGENID1.KEYDATA=
WORKERGENID1.SIGNERCERTCHAIN=

so i

[Manuel Rodriguez Coria]

this my conf…
#-----------------SIGNER PROPERTIES-------------------------#

#GLOB.WORKERGENID1.CLASSPATH = org.signserver.module.pdfsigner.PDFSigner
#GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.SoftCryptoToken
# Properties for a PKCS12 soft sign token
GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.P12CryptoToken
WORKERGENID1.KEYSTOREPATH=D:\\signserver_lgpl_v21_version_3_1_1\\p12
WORKERGENID1.KEYSTOREPASSWORD=ejbca

WORKERGENID1.NAME=PDFSigner
WORKERGENID1.AUTHTYPE=NOAUTH
#WORKERGENID1.KEYDATA=AAAAojCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAr51qmfzZb/ma1IU/LcRu7w9mHayNLxVKJhLanwbki67Jj1zYYmp81wPV3TxC2npc/xmv3MxkPeBPO910nHz0dtsBQ42912EDd9zJvJS+CwM6zCl/Vx4tPjrHacPYZBxvSmCjVZDpetot+WMImgx1eL7xIDnCRSpLDx3epfvYyvUCAwEAAQAAAnowggJ2AgEAMA0GCSqGSIb3DQEBAQUABIICYDCCAlwCAQACgYEAr51qmfzZb/ma1IU/LcRu7w9mHayNLxVKJhLanwbki67Jj1zYYmp81wPV3TxC2npc/xmv3MxkPeBPO910nHz0dtsBQ42912EDd9zJvJS+CwM6zCl/Vx4tPjrHacPYZBxvSmCjVZDpetot+WMImgx1eL7xIDnCRSpLDx3epfvYyvUCAwEAAQKBgA8AJUDuBiy4Z29Lym/AXbFx4Ukbmhuxd9n0tlPrJM6BqZnjVmBhtDQxka0KHrPGy/bGXO1BUDaw2FPGwNU1HzR7dgf0iYu58ZJSzMPieSOb6qFhmdnG4cvgkfvsJkfdnQc4jJNXT1NtrJhCDveEcblbVz/Kck4gkPa0MvnuF7ppAkEA5/Wnue/l6l4h944rrWtW2lDHb1U3Lz3BGc4gT82cV6txe66yXiuNmiRIuKatvTED7dMkJGs/z/stS4eEitpr0wJBAMHQ02jourOXVGpCTYgQqjvV7dnvzQk0Uwo0zj+3jMfs4AwzqMhXjEFooUUrnVBmTlq9E1QT9B5Deg0qIDQYmRcCQQDGTqmXeDZq2RFXEG/c8kCtopPuZb8pHzWgdy3+q/z2orcBk4ggpEGKP20AmFc+wNHoGDP1As/qYoYF5ZT2FOhLAkA8N6+XpsdrSRdXNGZ2YgciNCOEVPc1ZuZuA14ZeePpsfUilWJZbKoNIH8KyLRF6KNrmddJhjGQvZJMSMxco0/dAkA3UxHfjCqkDSl0k7rbuhaJIBshlCXIpQCJfCnJnzVpJj/TR65hMSy1/0m6tDMjpVbRwkkHzbYlNKTrZ9bXxXAl
#WORKERGENID1.SIGNERCERTCHAIN=MIICtjCCAZ6gAwIBAgIIEqzqEmAJ91AwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMDkwNTEzMTI1NDIzWhcNMTEwNTEzMTI1NDIzWjAhMRIwEAYDVQQDDAlwZGZzaWduZXIxCzAJBgNVBAYTAlNFMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCvnWqZ/Nlv+ZrUhT8txG7vD2YdrI0vFUomEtqfBuSLrsmPXNhianzXA9XdPELaelz/Ga/czGQ94E873XScfPR22wFDjb3XYQN33Mm8lL4LAzrMKX9XHi0+Osdpw9hkHG9KYKNVkOl62i35YwiaDHV4vvEgOcJFKksPHd6l+9jK9QIDAQABo2AwXjAdBgNVHQ4EFgQUwFC0AY4l7vHyeGSr+RJAigXrVFcwDAYDVR0TAQH/BAIwADAfBgNVHSMEGDAWgBTMgpc8np+teLhm2bUcyCC5X1wJwDAOBgNVHQ8BAf8EBAMCBeAwDQYJKoZIhvcNAQEFBQADggEBAHFVyainF3Ris5K3qiVfULih5Cm7xsmHFRJf2qPZNsUcVscgvrJFcX/zuyLC4wjIuqqOVKcP3Wp2ufyC/4bV3bhjo2KEGRPvfeh9JAAGhj1E6DOUxZXtYRQcB2VLvRpdSSruVGvpsJpzunWvVgpZI3M7lhJldEfVxq9+81B3yOPMF6w6eIUx14jv1+FUvXvPK1n6Jvo7lo5MJ3J++dvVxI7u9ifeXfk3vFtgy4zLT9tONBEzfNR1CZPDsQx5GCtBjv1bwyI72wfA9HYiYYzeGVlmZSRy5tsd/u3FTO0UNvuXqCsYAA9Wai+NcxfwFCyoqi3Zlz4XYXN3ZWlhlmYS6PA\=;MIIDUzCCAjugAwIBAgIIKvuaicGKsjUwDQYJKoZIhvcNAQEFBQAwNzERMA8GA1UEAwwIQWRtaW5DQTExFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMDgxMTI0MTIwMDUwWhcNMTgxMTIyMTIwMDUwWjA3MREwDwYDVQQDDAhBZG1pbkNBMTEVMBMGA1UECgwMRUpCQ0EgU2FtcGxlMQswCQYDVQQGEwJTRTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAIG+Lo4CGuFXfsJF0Py5k9zAWaPUtqBpBBZ+O7V8Mj0JoJgPxzkneohDp2B66+/sbw3/MTDJhmhBNG0kGViT1gzEAMiZ7KS1UqT1FTMNhkb+ODhEgvhzqWZnFoKf4t6lV4/lzZRMKT7OFY7gVBRQKR5LqX8YDDGZwMgQ/Xb0NsCDGPFenfmstWsJMaFghd4LC6iMfGtxvLblnqGJDDrU3is+0c/f70sBSVf4IBCaXQ3XFPouAh+dZqgFy1NYymBPh4eXr6OuG8tjO7NrRU1xIkC3QVDNyKp756rNxwh1uFxP3AWr2RQDFj14ree0CkKTnIeK4QwQdZunN4V1Zc5b0ScCAwEAAaNjMGEwHQYDVR0OBBYEFMyClzyen614uGbZtRzIILlfXAnAMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUzIKXPJ6frXi4Ztm1HMgguV9cCcAwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBBQUAA4IBAQApUHb6jiI6BGGUDj4/vxQVHq4pvcp2XnZpCgkk55a3+L3yQfnkog5CQ/XbMhLofmw1NR+snBURiMzUDmjH40ey96X/S5M+qYTE/6eQ/CDURBBeXvAR7JfdTMeuzh4nHNKn1EeN0axfOQCkPLl4swhogeh0PqL9LTlp5nhfVkasKeit41wuuOIJkOW4AA+ZG+O6LOHWhsI6YH80m4XkHeF8nQNkcTy+bE1fKpSBICZW5RxRT8uwjIxoAKN+w0J4Zlow9G9cZVcxDtB/H14OE2ZQXmDYd9UyFcFJzcicJ3qforXTWGHYo63gV+8OT8s5x7DuvosToPtn89JR1nb8E/sx
WORKERGENID1.KEYDATA=a0d7vBxt3YtrtIT48CVv9yPlKzU
WORKERGENID1.SIGNERCERTCHAIN=MIICbTCCAVWgAwIBAgIIdoeAzXDRKSAwDQYJKoZIhvcNAQEFBQAwNDEOMAwGA1UEAwwFVUFKTVMxFTATBgNVBAoMDEVKQkNBIFNhbXBsZTELMAkGA1UEBhMCU0UwHhcNMTAwNTE3MTIxMzAyWhcNMTIwNTE2MTIxMzAyWjAoMSYwJAYDVQQDDB1BR1VJUlJFIFVSUVVJWlUgQVJJRUwgQU5UT05JTzA0MA0GCSqGSIb3DQEBAQUAAyMAMCACGQCHeIfmbjQpJCq6LCeV1MzEJURP93RLxHUCAwEAAaN/MH0wHQYDVR0OBBYEFGtHe7wcbd2La7SE+PAlb/cj5Ss1MAwGA1UdEwEB/wQCMAAwHwYDVR0jBBgwFoAUOz+Bx80e4Yz9FA+/l+ozOExa4JYwDgYDVR0PAQH/BAQDAgXgMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDANBgkqhkiG9w0BAQUFAAOCAQEAZWaYbGyftL5c9gzcbMpamt60H6Lx6TSsbb7yN9KEZXndZEyFv0dMQX12FBWLuR3b7Ian+85glYM/K5jT6Qup9V1/PUCT/zKQ52m7KLKapXluV5QuxdM7Gd+gsVKxfE1GUEDJV2DmJhHxd06Us/Q5D+Am3QTluQLbUuwCt+APEgBBMu//EVDPLySMONhCH7U/YDSda708S6LM2Epq4Z1eUBZs9QgxTQRjeaGBshYfKFP5LQkBl1PfoBvtLXjiB/6G8dlVYev0dOeJSKyHlmLbA6qmJRX1yYerpNPJgz22DXopmKWkNYNBXOOtV26NbW5ocu/NNPzyUC0PhXBrVuCRZA
# default is "Signed by SignServer"
#WORKERGENID1.REASON=Signed by SignServer
WORKERGENID1.REASON=Revision de documento by mavirroco
its good or i must comment something?

[Tomas Gustavsson]

No that is not good. You did what I said you CAN NOT DO. Keydata must be a RSA private key. You have simply entered a base64 encoded string, not a base64 encoded private key.

GENERATE PKCS12 KEYSTORE FOR THE USER! This is a file in the filesystem. Forget about the database!

[Manuel Rodriguez Coria]

new configuration,,,
GLOB.WORKERGENID1.SIGNERTOKEN.CLASSPATH = org.signserver.server.cryptotokens.P12CryptoToken
WORKERGENID1.KEYSTOREPATH=D:\\signserver_lgpl_v21_version_3_1_1\\p12
WORKERGENID1.KEYSTOREPASSWORD=ejbca
WORKERGENID1.NAME=PDFSigner
WORKERGENID1.AUTHTYPE=NOAUTH
WORKERGENID1.REASON=Revision de documento by mavirroco
WORKERGENID1.LOCATION=Tarija Bolivia

[Tomas Gustavsson]

You just point you keystorepath to a directory, not a p12 file.

Let me ask you a few questions to try to help you better:
1. do you understand the concept with private and public keys? And certificates?
2. do you know what a pkcs12 file is?
3. do you know the concept of a keystore?
4. Did you manage to sign pdf files with the demo pdf signer?

Regards,
Tomas

[Manuel Rodriguez Coria]

1. yes i understand
2. yes its my concept i understand p12 files are interchage information personal
3. a little
4. yes i run this ok on default way..