Activity for Maxence MOHR alias fladnaG
-
Maxence MOHR alias fladnaG modified a comment on discussion Help
Hi Tomas, Of course Tomas, go ahead! :) Nitrokey HSM is cool, because it is definitely the best quality price ratio of all existing HSMs, and when working in a company where budget is limited, it is just perfect. It has downsides (for now limited to RSA 2048b and ECDSA 320b, but a better version might come out soon). A collegue of mine gave me few things to tweak in my tutorial. I'll see in the weekend to fix all he gave me to fix. Then you'll be able to include parts in EJBCA documentation ;-)
-
Hi Tomas, Of course Tomas, go ahead! :) Nitrokey HSM is cool, because it is definitely the best quality price ratio of all existing HSMs, and when working in a company where budget is limited, it is just perfect. It has downsides (for now limited to RSA 2048b and ECDSA 320b, but a better version might come out soon). A collegue of mine gave me few things to tweak. I'll see in the weekend to fix all he gave me to fix. Then you'll be able to include parts in EJBCA documentation ;-)
-
Hi guys, I wrote a full tutorial from a freshly installed Debian Stretch to a fully working CA using EJBCA and a forwarded Nitrokey. The goal of this tutorial is to build a relatively secure and cheap PKI for your business, organization or personal use, by : Installing and basically securing a full PKI software, EJBCA, on a Debian Stretch VM, Securely forwarding a HSM through the Internet from your office to the VM for EJBCA use through SSH Check it out here, it is a 4 part tutorial, estimated working...
-
Hi Tomas, No, i don't know any client that deperatly requires it. I noticed when i was doing a full certificate check on https://certificate.revocationcheck.com/ to test and fine tune X509 CRL distribution points, OCSP checks, etc and this came as a warning. Then i read a lot ^_^ Indeed, it is a SHOULD, so not mandatory. :-) Have a good day ! Max
-
Hi EJBCA team, Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solution for Small and Medium Enterprises which needs a PKI. Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer :) I'm here to ask/advice for a modification request for your next release: CRL download URLs, such as https://(redacted)/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=(redacted)...
-
Hi EJBCA team, Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solutions for Small and Medium Enterprises which needs a PKI. Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer :) I'm here to ask/advice for a modification request for your next release: CRL download URLs, such as https://(redacted)/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=(redacted)...
-
Hi EJBCA team, Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solutions for Small and Medium Enterprises which needs a PKI. Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer :) I'm here to ask/advice for a modification request for your next release: CRL download URLs, such as https://(redacted)/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=(redacted)...
-
Hi EJBCA team, Again, thank you for this wonderful product, i'm using it a lot and will present it in a conference in Marseille, France as a good PKI solutions for Small and Medium Enterprises which needs a PKI. Also, @anatom, thanks for the new setup instructions based on a previous discussion we had few months ago, they are a lot clearer :) I'm here to ask/advice for a modification request for your next release: CRL download URLs, such as https://(redacted)/ejbca/publicweb/webdist/certdist?cmd=crl&issuer=CN=(redacted)...
-
Same here, EJBCA 6.10.1.2 Community (r27920) using Nitrokey HSM. Cannot manually generate CRL.
-
I'm writing down a tutorial, but to help you, i managed to install it quite easily: create a dedicated user for EJBCA, like 'worker'. root# adduser worker root# su - worker worker$ cd ~ worker$ wget <link to EJBCA downloadable ZIP file> -O ./ejbca.zip worker$ unzip ejbca.zip worker$ nano ejbca_ce_6_10_1_2/bin/extra/ejbca-setup.sh worker$ ./ejbca_ce_6_10_1_2/bin/extra/ejbca-setup.sh and it will work. I think your problem is that the user launching ./ejbca_ce_6_10_1_2/bin/extra/ejbca-setup.sh in /opt...
-
I'm writing down a tutorial, but to help you, i managed to install it quite easily: create a dedicated user for EJBCA, like 'worker'. root# adduser worker root# su - worker worker$ cd ~ worker$ wget <link to EJBCA downloadable ZIP file> -O ./ejbca.zip worker$ unzip ejbca.zip worker$ nano ejbca_ce_6_10_1_2/bin/extra/ejbca-setup.sh worker$ ./ejbca_ce_6_10_1_2/bin/extra/ejbca-setup.sh and it will work. I think your problem is that the user launching ./ejbca_ce_6_10_1_2/bin/extra/ejbca-setup.sh in /opt...
-
Installed into another machine. Unable to reproduce the bug by shutting down - up again. Forget about it, sorry. I must have broken something with all my tries before. Sorry b'out this, and have a very nice day. Max
-
Hi I have a problem and don't know if i should start a new thread or continue on this one. From what i understand, to start/stop/restart EJBCA (and Wildfly), the commands are: - Start $ cd <installdir> $ nohup wildfly/bin/standalone.sh -b 0.0.0.0 > /dev/null 2> /dev/null & Stop $ cd <installdir> $ ./wildfly/bin/jboss-cli.sh --connect :shutdown Restart $ cd <installdir> $ ./wildfly/bin/jboss-cli.sh --connect :restart (maybe missing in the quick start guide as well) Trying to test the "restart" feature...
-
Hi Samuel, the same for me. I've the old habit to run from their location too :-) The script to detect the directory problem could be a way indeed. But it may be needed to modify the Quick Install Guide as well for less confusion ;-)
-
Hello Tomas, this is an idea of an improvement for theQuick Start Guide. Hope it will fit your requirements and help a bit users. :-) Best regards, Max <QSG> Quick Start Guide There are different ways to quick start EJBCA for different users. For testing purposes only, a VirtualBox VM that can be downloaded from Download section. For testing or production purposes, you can install EJBCA with a provided quick setup script to run locally. Note: Further below are legacy quick start guides for Ubuntu...
-
Hello Tomas, this is an idea of an improvement for theQuick Start Guide. Hope it will fit your requirements and help a bit users. :-) Best regards, Max Note: SF has problems with the numbered lists, it always restarts from 1, but i think you'll get it. <QSG> Quick Start Guide There are different ways to quick start EJBCA for different users. For testing purposes, a VM that can be downloaded from Download section. For testing or production purposes, we provide a scripted installation to be run locally...
-
Hello everybody, I'm a new user (testing for my company) and really want to use your software. We're glad that there's a easy setup script, but it seems it's not that easy, or i clearly missed something. I'm following the guide from here : https://www.ejbca.org/docs/installation.html#Quick%20Start%20Guide Here's what i've done. Machine VM running up to date Ubuntu 16.04 LTS VM running up to date Debian Stretch, MariaDB Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu (x86_64) using readline...
-
Hi Tomas, I may have a suggestion for this. I'm at work right now, i'll draft this in the evening ! ;-) May i add a big "thank you" to all the EJBCA team. I played a bit with the test instance i've created, and it works flawlessly. Have a nice day ! Max
-
Hi, It wasn't clear for me (and i really thought i already tried like this) that needed to run like ./ejbca_ce_6_10_1_2/bin/extra/ejbca-setup.sh It seems I got it to run :D Memo for myself: RTFM Thank you very much for the help, it's really appreciated :)
-
List of opened ports at the end of the script Maybe it helps. user@pki:~/ejbca_ce_6_10_1_2/bin/extra$ sudo lsof -i -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME sshd 1024 root 3u IPv4 11937 0t0 TCP *:22 (LISTEN) sshd 1024 root 4u IPv6 11939 0t0 TCP *:22 (LISTEN) apache2 1030 root 4u IPv6 14342 0t0 TCP *:80 (LISTEN) apache2 1030 root 6u IPv6 14346 0t0 TCP *:443 (LISTEN) exim4 1088 Debian-exim 3u IPv4 11950 0t0 TCP localhost:25 (LISTEN) exim4 1088 Debian-exim 4u IPv6 11951 0t0 TCP localhost:25...
-
Hello everybody, I'm a new user (testing for my company) and really want to use your software. We're glad that there's a easy setup script, but it seems it's not that easy, or i clearly missed something. I'm following the guide from here : https://www.ejbca.org/docs/installation.html#Quick%20Start%20Guide Here's what i've done. Machine VM running up to date Ubuntu 16.04 LTS VM running up to date Debian Stretch, MariaDB Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu (x86_64) using readline...
-
Attached logs (end of logs, where the problem occurs)
-
List of opened ports at the end of the script Maybe it helps. user@pki:~/ejbca_ce_6_10_1_2/bin/extra$ lsof -i -P COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME java 5510 user 362u IPv4 305775 0t0 TCP *:8009 (LISTEN) java 5510 user 370u IPv4 305776 0t0 TCP *:4447 (LISTEN) java 5510 user 374u IPv4 305777 0t0 TCP localhost:9990 (LISTEN) java 5510 user 375u IPv4 305778 0t0 TCP localhost:50446->localhost:3306 (ESTABLISHED) java 5510 user 403u IPv4 305779 0t0 TCP localhost:50448->localhost:3306 (ESTABLISHED)...
-
Hello everybody, I'm a new user (testing for my company) and really want to use your software. We're glad that there's a easy setup script, but it seems it's not that easy, or i clearly missed something. I'm following the guide from here : https://www.ejbca.org/docs/installation.html#Quick%20Start%20Guide Here's what i've done. Machine VM running up to date Ubuntu 16.04 LTS VM running up to date Debian Stretch, MariaDB Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu (x86_64) using readline...
-
Attached logs (end of logs, where the problem occurs)
-
Hello everybody, I'm a new user (testing for my company) and really want to use your software. We're glad that there's a easy setup script, but it seems it's not that easy, or i clearly missed something. I'm following the guide from here : https://www.ejbca.org/docs/installation.html#Quick%20Start%20Guide Here's what i've done. Machine -> VM running up to date Ubuntu 16.04 LTS -> VM running up to date Debian Stretch, MariaDB Ver 15.1 Distrib 10.1.26-MariaDB, for debian-linux-gnu (x86_64) using readline...
1
