William Lindberg

Hi Tomas. I suspected that, otherwise there would probably be a lot more complaints. It's because i use 2-port separation with firewalld to forward 443 to 8443. I disabled the firewall and went directly to domain.example:8443/ejbca/adminweb/ but same problem. (I reverted back to using ECDSA) I have this enabled in web.properties. I believe it's only used to make correct redirection when clicking on links that lead to the admin space: httpserver.external.privhttps=443 I have spent months on this and...

Thank you Tomas. As a temporary workaround, I tried to use RSA instead, but I get the same problem. I can see under Key Usage: X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: 65:A5:F3:BB:FF:7F:C4:10:18:43:FA:4F:6C:5B:49:05:79:C7:01:71 X509v3 Extended Key Usage: TLS Web Client Authentication, E-mail Protection X509v3 Subject Key Identifier: 80:AC:A5:B9:B9:EB:7D:3B:D8:3E:F2:76:CB:E7:E2:5B:AF:BF:F8:5D X509v3 Key Usage: critical Digital Signature, Non Repudiation,...

I checked the CA/B Forum Baseline and it indeed says that Key Encipherment is not allowed on ECC. Thank you so much, I would never have figured that out on my own. The question now is how do I prevent Key encpherment and email protection from being set on the superadmin cert during deployment? In my opinion; if the keytype is set to ECC, the script should not set Key encipherment in the first place. Next time i will post in the new forum.

I have seen this error being discussed before but none of the solutions have worked for me. I have been at it for days and I still have no clue what's wrong. I'm browsing to https://ejbca-server/ejbca/adminweb. I have installed the superadmin certificate in my browser, cleared all cookies, old certs and so forth. The CA certificate is also added to the browser before proceeding. I get to choose my certificate in Brave, Microsoft Edge and in Firefox, yet it still says: "Authorization Denied No client...