Menu
▾
▴
Re: [SignServer-develop] Problem generate SSL for https for SignServer jboss7
|
From: Markus K. <ma...@pr...> - 2017-01-09 09:37:03
|
On 01/06/2017 04:33 PM, Jose Alberto wrote: > Hi. > > I am use SignServer 4.0, i have integrate with HSM for pkcs11. > > And various worker. all work fine. without problem. > > > For this moment, my certificate for https copy from PKI (EJBCA). > tomcat.keystore and trusstore.keystore And i use the certificate pcks12 > of EJBCA. for solve the autentication. > > > The Problem: I want generate certificate personalized for https of > SignServer. But always error on Firefox (always chrome and IE) for > example: > > SEC_ERROR_INADEQUATE_KEY_USAGE > > > I use keytool, generate csr for csr upload on ejbca, ejbca download > jks, but no run. > > I use direct ejbca, download jks, but no run. > > > What is the process for generate SSL for Jboss using EJBCA? > > Thanks. > > Sorry for my English. > > -- > ############################# > # Sistema Operativo: Debian # > # Caracas, Venezuela # > ############################# > Hi Jose, It sounds like the certificate you have issued are not valid for TLS server authentication. Probably it is missing the appropriate key usage and/or the external key usage for TLS server authentication. This is more of an EJBCA mailing list question I suppose but when issuing your certificate from EJBCA you can use the SERVER certificate profile (or a profile cloned from it). That profile should already have working key usage and extended key usage set. Cheers, Markus Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. https://www.primekey.se/technologies/products-overview/ https://www.primekey.se/service-support/support/ RSA(R) Conference 2017 ---------------------- San Francisco | February 13-17 | Moscone Center Come visit us in booth #627 at RSA Conference 2017! Want a free expo pass? Click https://www.rsaconference.com/events/us17/register and use the code: XE7PRMKEY |
