I have an Enterprise EJBCA Deployed and in use and trying to achieve auto certificate emrollemnt for Linux Sever certificates. Please help with this query.
Hi Thomas, If you remember last time i was facing issue with vault-plugin integration to EJBCA on single node but that worked fine with your help. Now i am testing the same integration on Vault cluster which has more than 1 node . I am able to register the plugin successfully but after that its failing to list the secret which errors see attached vault list ejbcav1/" call that returned a 500 error, but not the output of the commands that preceded that.
Thanks a lot Thomas. It worked like a charm. Thanks for always being so helpful. Cheers !.
Hi Tomas, I am able to access the REST API through the URL. Thanks
Hi Thomas, Can you please help here. Thanks
Hi Thomas, I need some help here. I am trying to integrate the EJBCA-VAULT-PLUGIN with EJBCA software appliance. I am successfully able to build the plugin, register and and generate plugin secret. But when i reach the step where i run this command : vault write ejbcav1/config/TLSServer pem_bundle=@admin-bundle.pem url=https://ejbca.example.com:8443/ejbca/ejbca-rest-api/v1 cacerts=@admin-TLS-chain.pem caname=TLSAssuredCA certprofile=TLSServer eeprofile=InternalTLSServer I start getting errors see...
Ok Tomas thanks a lot. You are always very helpful.
Ok Tomas thanks a lot. You are always very helpful.
Hi Thomas, It did work for me "ABC\, Inc." is this way but while the setup goes to the phase while initializing the Crypto token on the EJBCA Appliance it fails. What could be the reason for the failure when the EJBCA is accepting the Subject DN input? Thanks, Ajit
Hi i need some help in getting through the creation of a CA in EJBCA by using comma in the Orgaznation name of the Subject DN of the CA. For Example : Root CA: E=ops@abc.com,CN=ABC Ops Root,OU=Operations,O=ABC, Inc.,L=Redwood City,ST=California,C=US I am unable to create a CA with a , in the Organization name . And i have to put a command as its there in the Organization name.
Hi i need some help in getting through the creation of a CA in EJBCA by using comma in the Orgaznation name of the Subject DN of the CA. For Example : Root CA: E=ops@abc.com,CN=ABC Ops Root,OU=Operations,O=ABC, Inc.,L=Redwood City,ST=California,C=US I am unable to create a CA with a , in the Organization name . And i have to put a command as its there in the Organization name.
Hi Tomas, Need some help with REST API. When i am trying to enroll a cert using REST API i get the below error:- curl -X POST "https://ejbca01.p11.abc.in03.aaa.com/ejbca/ejbca-rest-api/v1/certificate/pkcs10enroll" {"error_code":415,"error_message":"RESTEASY003065: Cannot consume content type"} Please help. Thanks in advance.
Hi Tomas, I have fixed the issue . Thanks anyways. Tc
Hi Tomas, I have fixed the issue . Thanks anyways. Tc
Hi Tomas, Can you please look into my query and reply . Thanks
Hi Tomas, Can you please help with my query? Thanks
Hi Tomas, Can you please help me with my query ? Thanks
The PKCS12 Chain includes the Root CA and the Sub CA cert and its private key.
Hi Tomas, I am facing issue while importing a PCKS12 Certificate CA chain from GUI by using CAImport Keystore option. I have done this before and i know it works fine but getting error this time. Cannot import CA E=ops@qualys.com,CN=Operations Issuing CA,OU=Operations,: Certificate is not self-signed. Check certificate chain in PKCS#12 Please help . Thanks
Thanks a lot Thomas. You have always been a great help to me. Best Regards, Ajit
Thanks a lot Thomas. You have always been a great help to me. Best Regards, Ajit Dubey
Ok so i have imported P12 with "Import CAkeyStore " for Sub CA and used Import CA certificate for Root Certificate . I should be good to go now i guess. My Sub CA shows (Active) and Root CA shows(External) as it doesn't have the private key.
Ok then how can i do it as don't find the import CA option any where. Basically i want to import my Issuing CA with its private key along with the Root CA into the EJBCA. I have done this earlier using P12 file and it had worked but i don't know why its not working this time.
Hi Thomas, I am not using the command line. I did it using the "Import CA Certificate " option in the Certificate Authorities GUI Console. Thanks, Ajit
Please update ?
Hi Thomas, While importing the SubCA P12 Cert Chain file i am getting the error "Error: No certificate could be parsed from byte array. See debug logs for details. " Can you please help with this what could be issue? Earlier i have done this and it had worked . But cant figure out what's the issue this time with CA import . Thanks, Ajit
Thanks i will check and update .
Hi Tomas, I have configured two Publisher services in the EJBCA under System Functions for Publishing and Updating the CRL's of the configured CA's but it does't seem to work so everytime i have to manually publish and update the CRL's. Can you please tell me there is something wrong i am doing as the configuration is pretty simple or community version doesn't support the automatic updation of CRL's through the CRL updater service and i will have do it manually eveytime?
Hi Tomas, I am using community version of EJBCA and i want to achieve the autmation of issuance and revocation of certificates. Can you please suggest some API's offered in the community version which can help me in acheiving the same. Best Regards
Sure. I am posting in the new thread.
Hi Tomas, I am using community version of EJBCA and i want to achieve the autmation of issuance and revocation of certificates. Can you please suggest some API's offered in the community version which can help me in acheiving the same. Best Regards
Awesome . Thanks a lot. Got it. Perfect. Best Regards
Hi Tomas, Thanks for all your help earlier. I have a quick question . I am trying to Sing CSR so i have validated it, it has all the required attributes like CN and SAN deteails etc. Then i have created a certficate profile, an end entity profile and added an end entity as well. Now when i sign the CSR and i check the cetficate it does not have anything matching to the CSR? Am i missing something here.? Please help i am kind of stuck here. Thanks.
Is there a API that can be used for Community version of EJBCA ?
Hi Tomas, Its worked like a charm. Thanks a lot. You are always so helpful. Cheers. Thanks
Thanks a lot i will try this and let you know.
Hi Tomas, I totally understand that. Will take care of it. Can you please look at my query and reply . Thanks
Hi , Can someone please ansewer to my query ? Thanks
Hi , Looking forward to your reply. Can you please answer. Thanks in advance.
Hi Tomas, Need your help with a query. I am trying migrate my current PKI into EJBCA. For that i have imported the Root CA Certificate which was all good. When i try to import the SubCA with its private key in p12 format i get the error "Certificate is not self signed" . Well is there a way i can import my external SubCA PFX in the EJBCA and make it active.? Thanks
Hi I have a EJBCA setup on CentOS I have created an offline Root and a Sub CA when i go on CA Structrues and CRLs and try to create crl for the Sub CA i get the following error : An exception has occurred. Error creating CRL for CA Test SubCA1, message: Can not create Jca content signer: . javax.ejb.EJBTransactionRolledbackException: Error creating CRL for CA Qualys Test SubCA1, message: Can not create Jca content signer: . at org.jboss.as.ejb3.tx.CMTTxInterceptor.invokeInCallerTx(CMTTxInterceptor.java:203)...
Can you suggest how can i do that in Linux. Do i need to make listener.ora file and configure?
Hi Tomas, This is a Test Setup. Database server and And the host server are the same. Everything is hosted on the same machine. Thanks
Hi Tomas , I did start a fresh Wildfly setup and now i am facing some new errors. Athough ant deployear was successfull . ant runinstall fails with the below errors : [java] Exception in thread "main" java.util.ServiceConfigurationError: org.ejbca.ui.cli.infrastructure.command.CliCommandPlugin: Provider org.ejbca.ui.cli.keybind.InternalKeyBindingModifyCommand could not be instantiated [java] at java.util.ServiceLoader.fail(ServiceLoader.java:232) [java] at java.util.ServiceLoader.access$100(ServiceLoader.java:185)...
Hi Tomas, Yes there is no command like ant deploy for wildfly 14 i had used that from an old document which was using Jboss. But rest i have followed the guide step by step which you have mentioned . Please once have a look at the errors which i have posted . I am stuck for quite some time and am not able to fix it. Please help. Thanks
Setup : Wildfly 14 Openjdk 1.8 EJBCA _ce_6_15_2_6 [java] Exception in thread "main" java.util.ServiceConfigurationError: org.ejbca.ui.cli.infrastructure.command.CliCommandPlugin: Provider org.ejbca.ui.cli.keybind.InternalKeyBindingModifyCommand could not be instantiated [java] at java.util.ServiceLoader.fail(ServiceLoader.java:232) [java] at java.util.ServiceLoader.access$100(ServiceLoader.java:185) [java] at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:384) [java] at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)...
Setup : Wildfly 14 Openjdk 1.8 EJBCA _ce_6_15_2_6 [java] Exception in thread "main" java.util.ServiceConfigurationError: org.ejbca.ui.cli.infrastructure.command.CliCommandPlugin: Provider org.ejbca.ui.cli.keybind.InternalKeyBindingModifyCommand could not be instantiated [java] at java.util.ServiceLoader.fail(ServiceLoader.java:232) [java] at java.util.ServiceLoader.access$100(ServiceLoader.java:185) [java] at java.util.ServiceLoader$LazyIterator.nextService(ServiceLoader.java:384) [java] at java.util.ServiceLoader$LazyIterator.next(ServiceLoader.java:404)...