Hi
I wrote a program that uses CA web service to generate cetificate. According to "https://developer.mozilla.org/en-US/docs/JavaScript_crypto" it calls window.crypto.generateCRMFRequest(…) and after that call crmfRequest webservice from CA. but in importUserCertificates(…) I have to pass certificate in CMMF format. if I understood, EJBCA can accept CRMF request, but can not generate CMMF certificate. How can I convert returned certificate to CMMF format?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-10-20
Hi,
As the URL says this scheme is only supported by Firefox and therefore there 's no built-in support in EJBCA for it.
But we do recognize CRMF as input format to for example WebServices. On output we current only support X509 or PKCS #7.
I would recommend you to not use CRMF but rather use <keygen> which is already a part of EJBCA's public web.
Anyway, If you must use the Firefox javascript functions it is easy writing a servlet that does that (see DemoCetrtServlet), including the CMMF coding. However, I can't find a good definition of CMMF, can you?
Cheers,
Anders
tech support
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Anonymous
-
2012-10-24
Hi,
Thanks for reply. Yes I used <keygen> that is a part of HTML5 and it works. But the JavaScript Crypto class has more flexibility. For example I can specify key length in code.
I wrote a servlet that get the certificate from CA via Web Service and I know that I should change the format of returned certificate and then pass it to browser (JavaScript). But unfortunately I couldn't find good sample code or library for converting to CMMF.
The best thing that I found is "org.mozilla.jss.pkix.cmmf" package (http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/pkix/cmmf/package-summary.html), but it is so complex ;-) . Do you have any good sample from this package for converting CMMF response?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hi
I wrote a program that uses CA web service to generate cetificate. According to "https://developer.mozilla.org/en-US/docs/JavaScript_crypto" it calls window.crypto.generateCRMFRequest(…) and after that call crmfRequest webservice from CA. but in importUserCertificates(…) I have to pass certificate in CMMF format. if I understood, EJBCA can accept CRMF request, but can not generate CMMF certificate. How can I convert returned certificate to CMMF format?
Hi,
As the URL says this scheme is only supported by Firefox and therefore there 's no built-in support in EJBCA for it.
But we do recognize CRMF as input format to for example WebServices. On output we current only support X509 or PKCS #7.
I would recommend you to not use CRMF but rather use <keygen> which is already a part of EJBCA's public web.
Anyway, If you must use the Firefox javascript functions it is easy writing a servlet that does that (see DemoCetrtServlet), including the CMMF coding. However, I can't find a good definition of CMMF, can you?
Cheers,
Anders
tech support
Hi,
Thanks for reply. Yes I used <keygen> that is a part of HTML5 and it works. But the JavaScript Crypto class has more flexibility. For example I can specify key length in code.
I wrote a servlet that get the certificate from CA via Web Service and I know that I should change the format of returned certificate and then pass it to browser (JavaScript). But unfortunately I couldn't find good sample code or library for converting to CMMF.
The best thing that I found is "org.mozilla.jss.pkix.cmmf" package (http://www.mozilla.org/projects/security/pki/jss/javadoc/org/mozilla/jss/pkix/cmmf/package-summary.html), but it is so complex ;-) . Do you have any good sample from this package for converting CMMF response?