Activity for SMVN
-
SMVN modified a comment on discussion Open Discussion
Thanks for your update! If it is the case, then we will be in trouble when integrating with multiple AD Server. For example: I'm providing Certificate Authority for two different customers: A and B and both of them request me to publish their user certificate to the appropriate AD Server A and B. Then in this case, I've to create two different Certificate Profiles just to publish user certificate to proper AD Server. It will become massive because in most case, my customer might request different...
-
Thanks for your update! If it is the case, then we will be in trouble when integrating with multiple AD Server. For example: I'm providing Certificate Authority for two different customers: A and B and both of them request me to publish their user certificate to the appropriate AD Server A and B. Then in this case, I've to create two different Certificate Profiles just to publish user certificate to proper AD Server. It will become massive because in most case, my customer might request different...
-
Uppp, can someone help to answer my concern?
-
Hi all, I'm using EJBCA to configure a publisher (Microsoft AD Publisher) and see in the EJBCA documentation that : Once created, a Publisher is active when it has been selected in a CA or a Certificate Profile. The situation is, I would like to configure my CA that whenever an end entity certificate is enrolled by this CA, the issued certificate will be published to my Microsoft Active Directory server. In order to do that, first I need to create an AD Publisher. The problem is: When I configure...
-
Hi all, I'm using EJBCA to configure a publisher (Microsoft AD Publisher) and see in the EJBCA documentation that : Once created, a Publisher is active when it has been selected in a CA or a Certificate Profile. The situation is, I would like to configure my CA that whenever an end entity certificate is enrolled by this CA, the issued certificate will be published to my Microsoft Active Directory server. In order to do that, first I need to create an AD Publisher. The problem is: When I configure...
-
Hi Tomas, Thank you very much, you're correct. Just wondering, DS certificate mean Document Signing certificate. Am I right? If yes, then it sounds normal to check to this check-box
-
Hi there there is an option for responseType by using ejbcaws.certificateRequest method. Use PKCS7WITHCHAIN to get the full certificate chain that include certificate of Root and Intermediate CAs
-
try this: try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) { outputStream.write(BEGIN_CERTIFICATE.getBytes()); outputStream.write(certData); outputStream.write(END_CERTIFICATE.getBytes()); return outputStream.toByteArray(); } Replacing BEGIN_CERTIFICATE by BEGIN PKCS7 instead
-
Hi there, I'm trying to generate ECDSA keypair from Ejbca admin web. One strange issue I got is: When I generate keypair to PKCS#11 crypto token: Despite I forced to choose key specification to prime256v1 / secp256r1 / P-256, Ejbca still generate key pair with specification is P-256 / prime256v1 / secp256r1. Then when I create CA from this keypair, I always get unnamed curve public key When I generate keypair to SOFT crypto token: Despite I forced to choose key specification to P-256 / prime256v1...
-
Can someone from PK can answer this question? Today, i tried SignServer 5.7 and realized that these properties are available in PDFSigner Request Metadata. It is really strange when it is added and removed over release versions
-
Hello, I'm checking the documentation of SignServer, there are two sources provided by PrimeKey. From the internet: https://doc.primekey.com/signserver/ From my SignServer instance: https://localhost:8443/signserver/doc/Workers_Page.html The problem is now i'm getting some diffences between these two sources related to PDFSigner: From the internet source, I still see the Request Metadata is available for PDFSigner (see the attachment). I still can see the value of REASON, LOCATION... are available...
-
Update. Anyone getting the same issue?
-
Update. Anyone getting the same issue?
-
Hello guys, I'm following this guide line to setup SignServer with Wildfly 10. https://doc.primekey.com/signserver/signserver-installation/application-server-setup/wildfly-10+-and-jboss-eap-7-1+ After signserver.ear deployed to wildfly successfully, i can use signserver cli to set the wsadmins to allowany Thing is good, then i can access admin web. Now I'd like to add my client certificate to wsadmins via Admin Web. But I always get the error as the picture This is what i get from wildfly log. 18:03:24,330...
-
Hello guys, I'm following this guide line to setup SignServer with Wildfly 10. https://doc.primekey.com/signserver/signserver-installation/application-server-setup/wildfly-10+-and-jboss-eap-7-1+ After signserver.ear deployed to wildfly successfully, i can use signserver cli to set the wsadmins to allowany Thing is good, then i can access admin web. Now I'd like to add my client certificate to wsadmins via Admin Web. But I always get the error as the picture This is what i get from wildfly log. 18:03:24,330...
-
Hi there, Today i tried EJBCA 7.4.0 Enterprise (r35253) with Utimaco Simulator HSM, everything is OK. My application generates key to HSM and SignServer can create cryptotoken worker from there. So i think there is an issue with SoftHSM, not sure with specified SignServer version or not. Thanks for your help
-
New update, i just tested the same approach with SignServer EE 4.1.1, it works properly. My new created crypto token get status ACTIVE. The scenario is SignServer EE 5.4.0.Final with SoftHSM => Not OK SignServer EE 4.1.1 with Utimaco Simulator => OK So what is wrong with me, SignServer EE 5.4.0.Final or of SoftHSM. Can you please have a look?
-
New update, i just tested the same approach with SignServer EE 4.1.1, it works properly. My new created crypto token get status ACTIVE. The scenario is SignServer EE 5.4.0.Final with SoftHSM => Not OK SignServer EE 4.1.1 with Utimaco Simulator => OK So is it an issue of SignServer EE 5.4.0.Final or of SoftHSM. Can you please have a look?
-
New update, i just tested the same approach with SignServer EE 4.1.1, it works properly. My new created crypto token get status ACTIVE. So is it an issue of SignServer EE 5.4.0.Final. Can you please have a look?
-
As far as i know, both SignServer and ejbcaClientToolBox uses cesecore-common for this key management. Then when i use ejbcaClientToolBox, it is able to load my key here 2020-10-08 04:10:51,713 DEBUG [org.cesecore.keys.token.CachingKeyStoreWrapper] KeyStore has alias: myKeyAlias By right, signserver should be albe to load my key too. Any suggestion please? My SignServer verion is SignServer EE 5.4.0.Final with cesecore-common-7.0.0.1 While my ejbcaClientToolBox, i built from EJBCA 7.4.0 Enterprise...
-
As far as i know, both SignServer and ejbcaClientToolBox uses cesecore-common for this key management. Then when i use ejbcaClientToolBox, it is able to load my key here 2020-10-08 04:10:51,713 DEBUG [org.cesecore.keys.token.CachingKeyStoreWrapper] KeyStore has alias: myKeyAlias By right, signserver should be albe to load my key too. Any suggestion please?
-
This is for certificate imported CK_ATTRIBUTE priAttr2 = new CK_ATTRIBUTE(); priAttr2.type = PKCS11Constants.CKA_CLASS; priAttr2.pValue = PKCS11Constants.CKO_CERTIFICATE; certificates.add(priAttr2); CK_ATTRIBUTE priAttr3 = new CK_ATTRIBUTE(); priAttr3.type = PKCS11Constants.CKA_CERTIFICATE_TYPE; priAttr3.pValue = PKCS11Constants.CKC_X_509; certificates.add(priAttr3); CK_ATTRIBUTE priAttr4 = new CK_ATTRIBUTE(); priAttr4.type = PKCS11Constants.CKA_VALUE; priAttr4.pValue = certificateFromBytes.getEncoded();...
-
This is for certificate imported CK_ATTRIBUTE priAttr2 = new CK_ATTRIBUTE(); priAttr2.type = PKCS11Constants.CKA_CLASS; priAttr2.pValue = PKCS11Constants.CKO_CERTIFICATE; certificates.add(priAttr2); CK_ATTRIBUTE priAttr3 = new CK_ATTRIBUTE(); priAttr3.type = PKCS11Constants.CKA_CERTIFICATE_TYPE; priAttr3.pValue = PKCS11Constants.CKC_X_509; certificates.add(priAttr3); CK_ATTRIBUTE priAttr4 = new CK_ATTRIBUTE(); priAttr4.type = PKCS11Constants.CKA_VALUE; priAttr4.pValue = certificateFromBytes.getEncoded();...
-
This is my setting for public key CK_ATTRIBUTE pubAttr1 = new CK_ATTRIBUTE(); pubAttr1.type = PKCS11Constants.CKA_KEY_TYPE; pubAttr1.pValue = PKCS11Constants.CKK_RSA; publicKeyAttrs.add(pubAttr1); CK_ATTRIBUTE pubAttr2 = new CK_ATTRIBUTE(); pubAttr2.type = PKCS11Constants.CKA_CLASS; pubAttr2.pValue = PKCS11Constants.CKO_PUBLIC_KEY; publicKeyAttrs.add(pubAttr2); CK_ATTRIBUTE pubAttr3 = new CK_ATTRIBUTE(); pubAttr3.type = PKCS11Constants.CKA_MODULUS_BITS; pubAttr3.pValue = 1024; publicKeyAttrs.add(pubAttr3);...
-
This is my setting for private key CK_ATTRIBUTE priAttr1 = new CK_ATTRIBUTE(); priAttr1.type = PKCS11Constants.CKA_KEY_TYPE; priAttr1.pValue = PKCS11Constants.CKK_RSA; privateKeys.add(priAttr1); CK_ATTRIBUTE priAttr2 = new CK_ATTRIBUTE(); priAttr2.type = PKCS11Constants.CKA_CLASS; priAttr2.pValue = PKCS11Constants.CKO_PRIVATE_KEY; privateKeys.add(priAttr2); CK_ATTRIBUTE priAttr3 = new CK_ATTRIBUTE(); priAttr3.type = PKCS11Constants.CKA_PRIVATE; priAttr3.pValue = PKCS11Constants.TRUE; privateKeys.add(priAttr3);...
-
This is for certificate imported CK_ATTRIBUTE priAttr2 = new CK_ATTRIBUTE(); priAttr2.type = PKCS11Constants.CKA_CLASS; priAttr2.pValue = PKCS11Constants.CKO_CERTIFICATE; certificates.add(priAttr2); CK_ATTRIBUTE priAttr3 = new CK_ATTRIBUTE(); priAttr3.type = PKCS11Constants.CKA_CERTIFICATE_TYPE; priAttr3.pValue = PKCS11Constants.CKC_X_509; certificates.add(priAttr3); CK_ATTRIBUTE priAttr4 = new CK_ATTRIBUTE(); priAttr4.type = PKCS11Constants.CKA_VALUE; priAttr4.pValue = certificateFromBytes.getEncoded();...
-
This is for certificate imported CK_ATTRIBUTE priAttr2 = new CK_ATTRIBUTE(); priAttr2.type = PKCS11Constants.CKA_CLASS; priAttr2.pValue = PKCS11Constants.CKO_CERTIFICATE; certificates.add(priAttr2); CK_ATTRIBUTE priAttr3 = new CK_ATTRIBUTE(); priAttr3.type = PKCS11Constants.CKA_CERTIFICATE_TYPE; priAttr3.pValue = PKCS11Constants.CKC_X_509; certificates.add(priAttr3); CK_ATTRIBUTE priAttr4 = new CK_ATTRIBUTE(); priAttr4.type = PKCS11Constants.CKA_VALUE; priAttr4.pValue = certificateFromBytes.getEncoded();...
-
This is my setting for public key CK_ATTRIBUTE pubAttr1 = new CK_ATTRIBUTE(); pubAttr1.type = PKCS11Constants.CKA_KEY_TYPE; pubAttr1.pValue = PKCS11Constants.CKK_RSA; publicKeyAttrs.add(pubAttr1); CK_ATTRIBUTE pubAttr2 = new CK_ATTRIBUTE(); pubAttr2.type = PKCS11Constants.CKA_CLASS; pubAttr2.pValue = PKCS11Constants.CKO_PUBLIC_KEY; publicKeyAttrs.add(pubAttr2); CK_ATTRIBUTE pubAttr3 = new CK_ATTRIBUTE(); pubAttr3.type = PKCS11Constants.CKA_MODULUS_BITS; pubAttr3.pValue = 1024; publicKeyAttrs.add(pubAttr3);...
-
This is my setting for private key CK_ATTRIBUTE priAttr1 = new CK_ATTRIBUTE(); priAttr1.type = PKCS11Constants.CKA_KEY_TYPE; priAttr1.pValue = PKCS11Constants.CKK_RSA; privateKeys.add(priAttr1); CK_ATTRIBUTE priAttr2 = new CK_ATTRIBUTE(); priAttr2.type = PKCS11Constants.CKA_CLASS; priAttr2.pValue = PKCS11Constants.CKO_PRIVATE_KEY; privateKeys.add(priAttr2); CK_ATTRIBUTE priAttr3 = new CK_ATTRIBUTE(); priAttr3.type = PKCS11Constants.CKA_PRIVATE; priAttr3.pValue = PKCS11Constants.TRUE; privateKeys.add(priAttr3);...
-
Hi @malu9369 , thank you for your feedback Yes, the name of my cryptoworker is the same with my key alias in this example. I always did like that and there is no problem with it For viewing token entries: By SignServer admin GUI, i cannot see the function to show this By using CLI, my alias key is not available in the list of result :( For iaik, my process is: generating keypair, generate pkcs10, enroll a certificate and import back to HSM (you can see by using SUN PKCS11 provider, the alias is available)...
-
Hi @malu9369 , thank you for your feedback Yes, the name of my cryptoworker is the same with my key alias in this example. For viewing token entries: By SignServer admin GUI, i cannot see the function to show this By using CLI, my alias key is not available in the list of result :( For iaik, my process is: generating keypair, generate pkcs10, enroll a certificate and import back to HSM (you can see by using SUN PKCS11 provider, the alias is available) So, is there anything wrong with my process?...
-
Hi @malu9369 , thank you for your feedback Yes, the name of my cryptoworker is the same with my key alias in this example. For viewing token entries: By SignServer admin GUI, i cannot see the function to show this By using CLI, my alias key is not available there :( For iaik, yes i generate keypair, generate pkcs10, enroll a certificate and import back to HSM (you can see by using SUN PKCS11 provider, the alias is available) So, is there anything wrong with my process? I also tried with ejbcaClientToolbox,...
-
Hi @malu9369 , thank you for your feedback Yes, the name of my cryptoworker is the same with my key alias in this example. For viewing token entries: By SignServer admin GUI, i cannot see the function to show this By using CLI, my alias key is not available there :( For iaik, yes i generate keypair, generate pkcs10, enroll a certificate and import back to HSM (you can see by using SUN PKCS11 provider, the alias is available) So, is there anything wrong with my process? I also tried with ejbcaClientToolbox,...
-
Hi @netmackan, thank you for your feedback Yes, the name of my cryptoworker is the same with my key alias in this example. For viewing token entries: By SignServer admin GUI, i cannot see the function to show this By using CLI, my alias key is not available there :( For iaik, yes i generate keypair, generate pkcs10, enroll a certificate and import back to HSM (you can see by using SUN PKCS11 provider, the alias is available) So, is there anything wrong with my process? I also tried with ejbcaClientToolbox,...
-
Hi guys, There is one question that I'm setting up my SignServer with a HSM. I generated keypair by iaik PKCS#11 to HSM, outside of SignServer Setting up the generated keypair woith a key alias, I test with SUN PKCS11 provider to find the key with alias, is available there. It is also able to sign by my own application. Trying to create a crypto token worker from SignServer with configuration like this SLOTLABELVALUE=0 IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker DEFAULTKEY=keyAlias...
-
Any idea for this, please help me by discuss here if somthing is unclear
-
Hi guys, There is one question that I'm setting up my SignServer with a HSM. I generated keypair by iaik PKCS#11 to HSM, outside of SignServer Setting up the generated keypair woith a key alias, I test with SUN PKCS11 provider to find the key with alias, is available there. It is also able to sign by my own application. Trying to create a crypto token worker from SignServer with configuration like this SLOTLABELVALUE=0 IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker DEFAULTKEY=keyAlias...
-
Hi guys, There is one question that I'm setting up my SignServer with a HSM. I generated keypair by PKCS#11, import certificate to HSM Setting up the key alias, I tried my SUN PKCS11 provider and the key with alias is available there. It is able to sign with my data. Trying to create a crypto token worker from SignServer with information like this SLOTLABELVALUE=0 IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker DEFAULTKEY=keyAlias SHAREDLIBRARYNAME=SoftHSM TYPE=CRYPTO_WORKER CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.PKCS11CryptoToken...
-
Hi guys, There is one question that I'm setting up my SignServer with a HSM. I generated keypair by PKCS#11, import certificate to HSM Setting up the key alias, I tried my SUN PKCS11 provider and the key with alias is available there. It is able to sign with my data. Trying to create a crypto token worker from SignServer with information like this SLOTLABELVALUE=0 IMPLEMENTATION_CLASS=org.signserver.server.signers.CryptoWorker DEFAULTKEY=keyAlias SHAREDLIBRARYNAME=SoftHSM TYPE=CRYPTO_WORKER CRYPTOTOKEN_IMPLEMENTATION_CLASS=org.signserver.server.cryptotokens.PKCS11CryptoToken...
-
Hi Tomas, Fully agree with you about that
-
Hi Tomas, Yes, so sorry for missing that part. Thanks and best regards!
-
Hi Tomas, It is great, i just removed the user certificate from certchains then it works. The reason i put the whole cert chain to this method is signserver webservice has a similar function like this and it is ok with the full cert chain. Thank you very much for your support!
-
Here it is EJBCA 7.4.0 Enterprise (r35253)
-
Hi Tomas, thank you for your reply, actually i'm asking here for quick support because in order to work with primekey support, i must request another team to process that. For the space at DN name, i just checked again, it is my typing error. You can see in the log of application, there is no space at that position ==================================== 2020-09-14 06:59:07,317 DEBUG [org.cesecore.util.CertTools] (default task-13) Looking in cacertmap for 'CN=testExternalCA02,O=MySSL,C=US ====================================...
-
Hi all, I'm using EJBCA WS to create an external CA like this First, I create an external CA by using WebService: createExternallySignedCa EJBCA will response me a CSR From this CSR, I will enroll certificate from an external CA => I got PKCS7 certificate chain. From there, if I use EJBCA Admin web to upload PKCS7 file => it is ok [cid:image001.png@01D68AC2.55557240] But, when I use EJBCA WS method caCertResponse, getting the following info and error: 2020-09-14 06:59:07,300 DEBUG [org.cesecore.util.CertTools]...
-
Hi @Tomas Gustavssontomas.gustavsson@primekey.com Yes, i've thought about that way. But my concern is by using certificate information to retrieve ủser, which property that i use to ensure my user is unique For example, common name can be duplicated by ejbaca Best regards! Tải Outlook for iOShttps://aka.ms/o0ukef Từ: Tomas Gustavsson anatom@users.sourceforge.net Đã gửi: Wednesday, September 2, 2020 12:50:01 PM Đến: [ejbca:discussion] 123123@discussion.ejbca.p.re.sourceforge.net Chủ đề: [ejbca:discussion]...
-
fixed already
-
https://download.primekey.com/docs/EJBCA-Enterprise/6_11_1/ws/org/ejbca/core/protocol/ws/client/gen/EjbcaWS.html#createCA-java.lang.String-java.lang.String-java.lang.String-long-java.lang.String-java.lang.String-int-java.lang.String-java.util.List-java.util.List- This is the api docs for EJBCA WS
-
Hi there, I'm using EJBCA WS for my application. The question is, can I retrieve the end entity object or UserDataVOWS from my certificate's serial number? I see on the admin web, we can search end entity by cert sn in HEX. But there is no method equivalent in EJBCA WS Am I missing something?
-
Hi all, I’m using EJBCA and SignServer Enterprise Edition and trying to use Peer Connector feature follows this instruction. https://doc.primekey.com/signserver/signserver-operations/certificate-renewals-using-peer-systems Everything is fine before this step: Issuing the First Certificate When I access Remote Key Bindings tab, I cannot see any item here for selection There are something I can check The configuration at EJBCA and SignServer for Peer connection is ok. I can ping from EJBCA to SignServer....
1