The "ManagementCA.crt" Root CA certificate will be the "trusted CAs" seting for the TLS connection. I.e. the CA that the server asks your client for a client certificate from.
Do you have a client certificate issued from your TrustedCA.pem?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The thing is that I used EJBCA to have a ROOTCA profile certificate with the name of "TrustedCA.pem".
My workflow is to use EJBCA to generate a root CA for SignServer and other certificates for signing etc.
Last edit: Archil Gogorishvili 2022-01-11
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Some quick questions:
Have you also issued a client certificate from your TrustedCA and have that installed in the web browser?
Does the browser prompt you to choose your certificate?
Do you get an error message from the browser?
Cheers,
Markus
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Have you also issued a client certificate from your TrustedCA and have that installed in the web browser?
I have the certificate with End Entity profile as TrustedCA(digital signature and key encipherment as key usage and server authentication as extended key usage) and p12 for importing into certificate. If it is not right could you point me on how to do that?
Does the browser prompt you to choose your certificate?
No it doesn't prompt me to choose anything.
Do you get an error message from the browser?
It just shows that I am not logged in.
Thanks
Archil
Last edit: Archil Gogorishvili 2022-01-17
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi Archil, I encountered the same problem with you, I got ManagementCA.pem and p12 file from EJBCA and when start signserver I using ManagemetCA.pem then import p12 file in my browser to tell the browser that I have cert here. But I got error "Connection is not secure, your certificate is invalid". I dont know where it go wrong. Can you solve this problem successfully?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
Can't access to adminweb on the docker installation.
First I generated .pem certificate from EJBCA and named it like
TrustedCA.pem
When I use the volume option like the instruction stated on this link
https://hub.docker.com/r/primekey/signserver-ce
"-v $(pwd)/TrustedCA.pem:/mnt/external/secrets/tls/cas/ManagementCA.crt \"
Log says that can't found :/opt/primekey/secrets/tls/cas/ManagementCA.crt
When I place TrustedCA.pem in that place still cannot access to the
adminweb.
Could you give me a trusted way of spin up SS adminweb.
Thanks
Archil Gogorishvili
The "ManagementCA.crt" Root CA certificate will be the "trusted CAs" seting for the TLS connection. I.e. the CA that the server asks your client for a client certificate from.
Do you have a client certificate issued from your TrustedCA.pem?
The thing is that I used EJBCA to have a ROOTCA profile certificate with the name of "TrustedCA.pem".
My workflow is to use EJBCA to generate a root CA for SignServer and other certificates for signing etc.
Last edit: Archil Gogorishvili 2022-01-11
Hi Archil,
Some quick questions:
Have you also issued a client certificate from your TrustedCA and have that installed in the web browser?
Does the browser prompt you to choose your certificate?
Do you get an error message from the browser?
Cheers,
Markus
HI Marcus
I have the certificate with End Entity profile as TrustedCA(digital signature and key encipherment as key usage and server authentication as extended key usage) and p12 for importing into certificate. If it is not right could you point me on how to do that?
No it doesn't prompt me to choose anything.
It just shows that I am not logged in.
Thanks
Archil
Last edit: Archil Gogorishvili 2022-01-17
Hi Archil, I encountered the same problem with you, I got ManagementCA.pem and p12 file from EJBCA and when start signserver I using ManagemetCA.pem then import p12 file in my browser to tell the browser that I have cert here. But I got error "Connection is not secure, your certificate is invalid". I dont know where it go wrong. Can you solve this problem successfully?