Menu
▾
▴
Re: [SignServer-develop] Problem generate SSL for https for SignServer jboss7
|
From: Jose A. <j....@gm...> - 2017-01-09 16:47:57
|
Thanks Markus. I Solved. I create certificate SSL with the Profile-Certificate default EJBCA: SERVER with the AC-Internal (was created when first install new). Always 2 SUBCA (child of CA ROOT) But, one of the 2 SUBCA, show error with SSL. And this is something that I must solve. settings when was create subca. You are rigth when said: it is topic of EJBCA and no SignServer. Sorry. Thanks. On Mon, Jan 9, 2017 at 5:36 AM, Markus Kilås <ma...@pr...> wrote: > On 01/06/2017 04:33 PM, Jose Alberto wrote: > > Hi. > > > > I am use SignServer 4.0, i have integrate with HSM for pkcs11. > > > > And various worker. all work fine. without problem. > > > > > > For this moment, my certificate for https copy from PKI (EJBCA). > > tomcat.keystore and trusstore.keystore And i use the certificate pcks12 > > of EJBCA. for solve the autentication. > > > > > > The Problem: I want generate certificate personalized for https of > > SignServer. But always error on Firefox (always chrome and IE) for > > example: > > > > SEC_ERROR_INADEQUATE_KEY_USAGE > > > > > > I use keytool, generate csr for csr upload on ejbca, ejbca download > > jks, but no run. > > > > I use direct ejbca, download jks, but no run. > > > > > > What is the process for generate SSL for Jboss using EJBCA? > > > > Thanks. > > > > Sorry for my English. > > > > -- > > ############################# > > # Sistema Operativo: Debian # > > # Caracas, Venezuela # > > ############################# > > > > Hi Jose, > > It sounds like the certificate you have issued are not valid for TLS > server authentication. Probably it is missing the appropriate key usage > and/or the external key usage for TLS server authentication. > > This is more of an EJBCA mailing list question I suppose but when > issuing your certificate from EJBCA you can use the SERVER certificate > profile (or a profile cloned from it). That profile should already have > working key usage and extended key usage set. > > Cheers, > Markus > > > Save time and money with an Enterprise support subscription. Please see > www.primekey.se for more information. > https://www.primekey.se/technologies/products-overview/ > https://www.primekey.se/service-support/support/ > > > RSA(R) Conference 2017 > ---------------------- > San Francisco | February 13-17 | Moscone Center > > Come visit us in booth #627 at RSA Conference 2017! > Want a free expo pass? Click > https://www.rsaconference.com/events/us17/register and use the code: > XE7PRMKEY > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, SlashDot.org! http://sdm.link/slashdot > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop > -- ############################# # Sistema Operativo: Debian # # Caracas, Venezuela # ############################# |
