Hi, The EJBCA discussion channel has officially moved here: https://github.com/Keyfactor/ejbca-ce/discussions For Bitnami VM you need to askBitnami support. We have no insight in how their VM works, they create that themselves You can find the official EJBCA Container on DockerHub, https://hub.docker.com/r/keyfactor/ejbca-ce
Hi I have EJBCA CE bitnami VM Where i can find the keystore and truestore passwords? keytool -list -keystore /opt/bitnami/wildfly/standalone/configuration/keystore.jks -storepass 'pass' i try all the passwords from web.properties file and also 'ejbca', 'foo123' and password from bitnami_credentials file but all these pass are incorrect "Keystore was tampered with, or password was incorrect" how i can find the correct password? I have access to MariaDB (using the password from bitnami_credential file),...
Hi I have EJBCA CE bitnami VM Where i can find the keystore and truestore passwords? keytool -list -keystore /opt/bitnami/wildfly/standalone/configuration/keystore.jks -storepass <pass></pass> i try all the passwords from web.properties file and also 'ejbca', 'foo123' and password from bitnami_credentials file but all these pass are incorrect "Keystore was tampered with, or password was incorrect" how i can find the correct password? I have access to MariaDB (using the password from bitnami_credential...
Hello, I'm try to install EJBCA but i have an error when i try to execute the procedure "Generate a keypair and create a CSR using JBoss CLI" from https://doc.primekey.com/ejbca/ejbca-installation/application-servers/wildfly-26#WildFly26-UseanHSM. When i try to execute the command: "/opt/wildfly/bin/jboss-cli.sh --connect '/subsystem=elytron/key-store=httpsKSInHSM:generate-certificate-signing-request(alias=tlsKey0001, path=keystore/csr.pem, relative-to=jboss.server.config.dir, signature-algorithm=SHA256withRSA)"...
Follow on GitHub: https://github.com/Keyfactor/ejbca-ce/discussions/528
Hi, I'm trying to install EJBCA on my PC, but every time I restart the server after installation I get these two errors. I use: openjdk-11jdk mariadb-server latest ejbca version There 2 errors are: [image: f.png] and the second one is [image: a.png] EDIT: The server.log says ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: WildFly Full 26.0.0.Final (Wildfly COre 18.0.0.Final) started (with errors) in 5039ms - Started 338 of 610 services (29 services failed or missing dependencies, 341 services...
Hi, I'm trying to install EJBCA on my PC, but every time I restart the server after installation I get these two errors. I use: openjdk-11jdk mariadb-server latest ejbca version EDIT: The server.log says ERROR [org.jboss.as] (Controller Boot Thread) WFLYSRV0026: WildFly Full 26.0.0.Final (Wildfly COre 18.0.0.Final) started (with errors) in 5039ms - Started 338 of 610 services (29 services failed or missing dependencies, 341 services are lazy, passive or on-demand). I mean, it looks like it started...
hi all, i'm using latest Wildfly 31+EJBCA v8.2.0.1 When i start deploy the ejbca.ear, it return the following error msg: "{ \"WFLYCTL0080: Failed services\" => { \"jboss.deployment.subunit.\\"ejbca.ear\\".\\"adminweb.war\\".INSTALL\" => \"WFLYSRV0153: Failed to process phase INSTALL of subdeployment \\"adminweb.war\\" of deployment \\"ejbca.ear\\" Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEJB0405: No Jakarta Enterprise Beans found with interface of type 'org.ejbca.core.ejb.EjbBridgeSessionLocal'...
hi all, i'm using latest Wildfly 31+EJBCA v8.2.0.1 When i start deploy the ejbca.ear, it return the following error msg: "{ \"WFLYCTL0080: Failed services\" => { \"jboss.deployment.subunit.\\"ejbca.ear\\".\\"adminweb.war\\".INSTALL\" => \"WFLYSRV0153: Failed to process phase INSTALL of subdeployment \\"adminweb.war\\" of deployment \\"ejbca.ear\\" Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEJB0405: No Jakarta Enterprise Beans found with interface of type 'org.ejbca.core.ejb.EjbBridgeSessionLocal'...
hi all, i'm using latets Wildfly 31+EJBCA v8.2.0.1 When i start deploy the ejbca.ear, it return the following error msg: "{ \"WFLYCTL0080: Failed services\" => { \"jboss.deployment.subunit.\\"ejbca.ear\\".\\"adminweb.war\\".INSTALL\" => \"WFLYSRV0153: Failed to process phase INSTALL of subdeployment \\"adminweb.war\\" of deployment \\"ejbca.ear\\" Caused by: org.jboss.as.server.deployment.DeploymentUnitProcessingException: WFLYEJB0405: No Jakarta Enterprise Beans found with interface of type 'org.ejbca.core.ejb.EjbBridgeSessionLocal'...
Please post here: https://github.com/Keyfactor/ejbca-ce/discussions
Hi, we have a problem, we are building an ejbca keyfactor/ejbca-ce:7.11.0 container, when I start our container it can't connect to our external database: **2024-02-15 08:41:17,560+0000 INFO [/opt/keyfactor/bin/start.sh] (process:1) Waiting for external database 'jdbc:mariadb://xxx.xxx.xxx.xxx:3000/database?characterEncoding=UTF-8?verifyServerCertificate=false&SSLMode=true&requireSSL=true' to become available. 2024-02-15 08:41:21,654+0000 INFO [org.apache.commons.beanutils.FluentPropertyBeanIntrospector]...
My VA server has the CertificateData table constantly synced with my CA. I have imported all the active CA certs on my CA into my VA as external CAs. Yet in the server.log i constantly see: No CertificateData found with fingerprint 049a1b0baf74aea8a811f24c8d72dba59a4e029b for 'CN=SUBCAOCSP' issued by 'CN=SUBCA'. Yet if i Query the ejbca.CertificateData table on my VA: MariaDB [ejbca]> select fingerprint from CertificateData; +------------------------------------------+ | fingerprint | +------------------------------------------+...
My VA server has the CertificateData table constantly synced with my CA. I have imported all the active CA certs on my CA into my VA as external CAs. Yet in the server.log i constantly see: No CertificateData found with fingerprint 049a1b0baf74aea8a811f24c8d72dba59a4e029b for 'CN=SUBCAOCSP' issued by 'CN=SUBCA'. Yet if i Query the ejbca.CertificateData table: MariaDB [ejbca]> select fingerprint from CertificateData; +------------------------------------------+ | fingerprint | +------------------------------------------+...
Closing this thread, moved to GitHub.
Hi, I have 2 instances. A CA and a VA. Within the CA server i have created a ssh key for the wildfly user. I can use this key to scp files to a directory on my VA without it asking for a password, everything is working fine. However, within the admin GUI in ejbca in the Publisher section, this fails. It can find the key, and the permissions for the key are fine. However it tells me that the CRL/Certificate location is inaccessable. I know this location exists on my VA and is accessable, because I...
Dev: Please create a new issue in GitHub. https://github.com/Keyfactor/ejbca-ce/discussions Deleting these.
Hi Alexandre, can you move this topic to GitHub? https://github.com/Keyfactor/ejbca-ce/discussions
Hi Dev, this is not realated to the topic of this issue. Please post questions under a new thread, on GitHub. https://github.com/Keyfactor/ejbca-ce/discussions
ant runinstall Buildfile: /opt/ejbca/build.xml customejbca.message: [echo] No custom changes to merge. appserver.error.message: runinstall: check:bootstrapdone: ejbca:prompt: [input] skipping input as property ca.name has already been set. [input] skipping input as property ca.dn has already been set. [input] skipping input as property ca.keytype has already been set. [input] skipping input as property ca.keyspec has already been set. [input] skipping input as property ca.signaturealgorithm has already...
Hi, Is possible to change the supported algorithm in pkcs#12 to AES-256-CBC? Thanks in advance
Hello Tomas, thanks for your reply. I will monitor the progress on GitHub. In the meantime I reverted back to tag 8.0.0, so that I can continue evaluating CMP with EJBCA. Best Regards, Christian
You can see this issue, and continue the discussion in that channel. https://github.com/Keyfactor/ejbca-ce/issues/473
Hello, I downloaded the docker container of EJBCA and I try to setup CMP now. However, when I try to connect with OpenSSL to CMP, I get this error in OpenSSL: CMP info: sending IR CMP error: received error:code=404, reason=Not Found CMP error: error receiving:server=http://localhost:80 CMP error: transfer error:request sent: IR, expected response: IP And that error in HTTP <title>Error</title>CMP alias 'cmp' does not exist What's also strange is, that in EJBCA I cannot configure any CMP aliases....
Hi, Can you post this to the GitHub discussions. With some more details such as what version of EJBCA you are using, what version of application server, version of Java, and such. https://github.com/Keyfactor/ejbca-ce/discussions
how to fix this error 2024-01-16 15:23:40,022 INFO [org.jboss.as.jpa] (MSC service thread 1-7) WFLYJPA0002: Read persistence.xml for ejbca 2024-01-16 15:23:41,611 INFO [org.jipijapa] (MSC service thread 1-1) JIPIORMV6020260: Second level cache enabled for ejbca.ear#ejbca 2024-01-16 15:23:41,702 INFO [org.infinispan.CONTAINER] (ServerService Thread Pool -- 170) ISPN000556: Starting user marshaller 'org.wildfly.clustering.infinispan.marshalling.jboss.JBossMarshaller' 2024-01-16 15:23:42,243 INFO [org.jboss.weld.deployer]...
Hi everyone, I am following the quick start guide for EJBCA container with client certificate authenticated access: https://doc.primekey.com/ejbca/tutorials-and-guides/quick-start-guide-start-ejbca-container-with-client-certificate-authenticated-access On step 5, after introducing the .p12 certificate onto my browser and trying to access https://localhost/ejbca/adminweb/ , I am asked with a certificate. When giving the certificate, instead of the page loading, I get a Secure connection failed error...
Hi, Please continue the discussion here: https://github.com/Keyfactor/ejbca-ce/discussions There are many docker related discussions there.
Please continue the discussion here: https://github.com/Keyfactor/ejbca-ce/discussions There are many docker and env discussions there.
Hi, sorry for posting here so often but I have a few questions with the tls="later" mode with ejbca docker setup. Question 1: How can I use "later" mode but replace the self-signed auto tls cert it makes with one that has been made by a management ca I have on another server? I dont like that this cert says "keyfactor docker quickstart" under organization, but i dont know how to get around this. Question 2: It seems the env variables PASSWORD_ENCRYPTION_KEY, CA_KEYSTOREPASS are not being utilized...
Hi, sorry for posting here so often but I have a few questions with the tls="later" mode with ejbca docker setup. Question 1: How can I use "later" mode but replace the self-signed auto tls cert it makes with one that has been made by a management ca I have on another server? I dont like that this cert says "keyfactor docker quickstart" under organization, but i dont know how to get around this. Question 2: It seems the env variables PASSWORD_ENCRYPTION_KEY, CA_KEYSTOREPASS are not being utilized...
Hi, sorry for posting here so often but I have a few questions with the tls="later" mode with ejbca docker setup. Question 1: How can I use "later" mode but replace the self-signed auto tls cert it makes with one that has been made by a management ca I have on another server? I dont like that this cert says "keyfactor docker quickstart" under organization, but i dont know how to get around this. Question 2: It seems the env variables PASSWORD_ENCRYPTION_KEY, CA_KEYSTOREPASS are not being utilized....
Hi, sorry for posting here so often but I have a few questions with the tls="later" mode with ejbca docker setup. Question 1: How can I use "later" mode but replace the self-signed auto tls cert it makes with one that has been made by a management ca I have on another server? I dont like that this cert says "keyfactor docker quickstart" under organization either. Question 2: It seems the env variables PASSWORD_ENCRYPTION_KEY, CA_KEYSTOREPASS are not being utilized. Only when I used the default "ejbca"...
Hi, sorry for posting here so often but I have a few questions with the tls="later" mode with ejbca docker setup. Question 1: How can I use "later" mode but replace the self-signed auto tls cert it makes with one that has been made by a management ca I have on another server? Question 2: It seems the env variables PASSWORD_ENCRYPTION_KEY, CA_KEYSTOREPASS are not being utilized. Only when I used the default "ejbca" password was I able to activate the intial crypto token during setup. I also mounted...
When I try and create a Management CA with Docker it does not seem to be taking my env variables. I want to change the CA name and issuer. I am missing something on how to change this?
Thanks for the report. This will be fixed and a new zip file uploaded. Thanks again!
Ok sorry I was so used to the normal admin portal link in a traditional ejbca installtion using the 8443 port that i kept trying to visit that. The docker link for some reason is just https://myip/ejbca/adminweb without the 8443. Sorry.
Hi Tomas, With regards to a docker installation, is docker compose logs -f the only way to view logs in this case? This show the server.log in the standalone directory, but they are not showing anything pertinent. Are there other logs? Thanks!
Hi, the latest release ejbca_ce_8_2_0_1.zip contains the documentation 3 time: doc/dist doctemp doc.zip While doctemp directory is the same as doc.zip the doc/dist directory contains more then doctemp. I guess doc.zip and the doctemp directory could be removed which would reduce 100MB. Or is there any use of doctemp dir and doc.zip? best regards stefan
Yes, using a Galera cluster is extremely common. It's a base component of the Keyfactor HW and SW Appliances. There are hundreds of Galera cluster installations out there. There should be logs somewhere. A 404 doesn't occur unless yo use the wrong URL, or something failed to deploy, and failed deployments will be visible in the log.
Hi, I have an Apache proxy server and 3 ejbca servers. The ejbca servers have mariadb installed and replicate simultaneously with galera. I installed ejbca with docker on the first server and was able to access the admin panel. No errors in the logs. Then I installed ejbca with docker on the second server, and tried to access ejbca admin on the second server but hit a 404. The first server also started to give a 404 immediately after even though it was working just fine before. Stoping the docker...
Hi, I have an Apache proxy server and 3 ejbca servers. The ejbca servers have mariadb installed and replicate simultaneously with galera. I installed ejbca with docker on the first server and was able to access the admin panel. No errors in the logs. Then I installed ejbca with docker on the second server, and tried to access ejbca admin on the second server but hit a 404. The first server also started to give a 404 immediately after even though it was working just fine before. Stoping the docker...
Hi, I have an Apache proxy server and 3 ejbca servers. The ejbca servers have mariadb installed and replicate simultaneously with galera. I installed ejbca with docker on the first server and was able to access the admin panel. No errors in the logs. Then I installed ejbca with docker on the second server, and tried to access ejbca admin on the second server but hit a 404. The first server also gave a 404 immediately after. Stoping the docker containers and restarting still results in a 404. Im assuming...
Hi, I have an Apache proxy server and 3 ejbca servers. The ejbca servers have mariadb installed and replicate simultaneously with galera. I installed ejbca with docker on the first server and was able to access the admin panel. No errors in the logs. Then I installed ejbca with docker on the second server, and tried to access ejbca admin on the second server but hit a 404. The first server also gave a 404 immediately after. Stoping the docker containers and restarting still results in a 404. Im assuming...
No
Then you have to dig into Java SSL debugging, which can be complicated. But you can get it to debug every decision it makes and everything that happens. But indeed RSASSA-PSS is tricky in the Java PKCS#11 provider, it's not commonly used I believe, hence issues.
EJBCA Community 8.2 is released
EJBCA Community 8.2 is released
EJBCA Community 8.2 is released
Hi Tomas, Been using a JDK1.8.0_381 B-09 and later switched to OpenJDK 8U272 after reading the release notes . that's the version where the upgraded sunpkcs11 to v2.40. Yes using 4096 bit keys. Restarted wildfly and can see during the init phase, it is picking the right java run time (8u272). Didn't seem to have fixed the issue. the error still persists.
Your JDK was already higher than 272 wasn't it. You don't have to downgrade that will not help. Are you using 4096 bit keys? You only have to restart JBoss/WildFly.
Supposing hardware was not a limiting factor, does the community edition have any hard coded limits on the amount of certificates that can be issued in a certain time frame?
Hi Tomas, thank you for the response. Indeed I have come across your notes just now, saying its only been fixed in OpenJDK8U272. We had to perform a whole set of regression tests for apps before we can move to 11. Its in the pipeline. When using the Java PKCS#11 Provider (PKCS#11 Crypto Token in EJBCA), support for RSASSA-PSS was implemented in OracleJDK 8u241, OpenJDK 8u272, and 11.0.6. In the Java PKCS#11 provider, things have been seen to break in different versions though, for example RSASSA-PSS...
RSASSA-PSS support in the Java PKCS#11 provider has been shaky. See here: https://doc.primekey.com/ejbca/ejbca-integration/hardware-security-modules-hsm#HardwareSecurityModules(HSM)-Using_SHA256WithRSAandMGF1_(RSASSA-PSS)UsingSHA256WithRSAandMGF1(RSASSA-PSS) An upgrade of EJBCA might help for some things, like moving to Java 11.. I know I have tested this before. But indeed, as the link says, it only worked/works with 4096 bit RSA keys. Don't know if they have fixed that bug, if they have I suspect...
Hi, We are using a EJBCA 7.0.0 with JDK1.8.0_381 B-09. Bouncy castle version 1.60 ; When using either the UI or command line to create a CSR with SHA256withRSAandMGF1, an error saying as below is thrown. Written a unit test to check whether this algorithm is supported and it signs. What is missing here. Is this a bug ? Creating a CA signed by an external CA, creating certificate request. Exception in thread "main" javax.ejb.EJBException: java.lang.RuntimeException: org.bouncycastle.operator.OperatorCreationException:...
Hi, We are using a EJBCA 7.0.0 with JDK1.8.0_381 B-09. When using either the UI or command line to create a CSR with SHA256withRSAandMGF1, an error saying as below is thrown. Written a unit test to check whether this algorithm is supported and it signs. What is missing here. Is this a bug ? Creating a CA signed by an external CA, creating certificate request. Exception in thread "main" javax.ejb.EJBException: java.lang.RuntimeException: org.bouncycastle.operator.OperatorCreationException: cannot...
This does not sound relevant for this old thread, from 2016. See here for newer discussions. https://github.com/Keyfactor/ejbca-ce/discussions
Hi, you have created the Test Websevice on ejbca? Can you share the detail?
I'm experiencing this issue as well. Is the site DOWN??
Hello, the documentation website "doc.primekey.com" is not accessible. Greetings from Stefan Harbich
Hello, my dears, unfortunately I can no longer access my admin website because my https certificate has expired. That's why I have to renew my certificate via the cli. How can I do that? Greetings from Stefan Harbich
Hello, my dears, Unfortunately I can no longer access my admin website because my https certificate has expired. That's why I have to renew my certificate via the cli. How can I do that? Greetings from Stefan Harbich
Hello, my dears, i want to renew an expired certificate using the CLI. I can't find the command line for this. Can you support me? Greetings from Stefan Harbich
Hello there, we're using EJBCA 7.11 and offer our users the option to specify a custom certificate expiration date: But when an RA admin then wants to renew this particular certificate, there's no option to set a custom certificate expiration date for this renewal. Neither when setting the end entity to new, nor when approving this renewal request. Using the new RA UI there's an Edit Data button when reviewing the renewal request and EJBCA even recognizes that the previous certificate had But even...
I recently deployed EJBCA version8.0 community edition with wildfly 24 and everything seems to be working fine. But under Protocol configuration I see REST End Entity Management as unavailable for both v1 & v2 It was not the case with Ejbca 7.11. Did something change or am I missing something?
There are lots of great tutorial videos on the KeyfactorCommunity YouTube channel on how to use the container. https://www.youtube.com/@KeyfactorCommunity
I suggest that you try the container, and then you can look at how that is configured, and if you absolutely need to build from source you can replicate that configuration. https://hub.docker.com/r/keyfactor/ejbca-ce
Hi Tomas. I suspected that, otherwise there would probably be a lot more complaints. It's because i use 2-port separation with firewalld to forward 443 to 8443. I disabled the firewall and went directly to domain.example:8443/ejbca/adminweb/ but same problem. (I reverted back to using ECDSA) I have this enabled in web.properties. I believe it's only used to make correct redirection when clicking on links that lead to the admin space: httpserver.external.privhttps=443 I have spent months on this and...
Can you post the question to the new discussion forum on GitHub. https://github.com/Keyfactor/ejbca-ce/discussions Cheers, TOmas
Hi, I wanted to re-issue a certificate issued a while back because I needed to reinstall and had lost the private key. However, I think I've made a mistake. I first thought by revoking it, I could then renew it but of course the certificate is still there. In an effort to tidy up, I found the certificate in the end entity and deleted it there, but this has probably made it worse: I cannot generate the certificate as it says the old one is still there, but how do I tidy it up or configure the system...
I have non repudiation in my superadmin certificate, it's an old one, and it works fine. So that should not be the issue. I see your URL you put above is port 443, so do you have a proxy in front of wildfly (which typically runs on port 8443). Try to go against wildfly directly https on port 8443.
Thank you Tomas. As a temporary workaround, I tried to use RSA instead, but I get the same problem. I can see under Key Usage: X509v3 extensions: X509v3 Basic Constraints: critical CA:FALSE X509v3 Authority Key Identifier: 65:A5:F3:BB:FF:7F:C4:10:18:43:FA:4F:6C:5B:49:05:79:C7:01:71 X509v3 Extended Key Usage: TLS Web Client Authentication, E-mail Protection X509v3 Subject Key Identifier: 80:AC:A5:B9:B9:EB:7D:3B:D8:3E:F2:76:CB:E7:E2:5B:AF:BF:F8:5D X509v3 Key Usage: critical Digital Signature, Non Repudiation,...
Thanks. I noted a ticket the use of EC for the initial superadmin with the ENDUSER certificate profile.
query posted on github see below link. https://github.com/Keyfactor/ejbca-ce/discussions/342
Please ask questions here from now: https://github.com/Keyfactor/ejbca-ce/discussions
I checked the CA/B Forum Baseline and it indeed says that Key Encipherment is not allowed on ECC. Thank you so much, I would never have figured that out on my own. The question now is how do I prevent Key encpherment and email protection from being set on the superadmin cert during deployment? In my opinion; if the keytype is set to ECC, the script should not set Key encipherment in the first place. Next time i will post in the new forum.
Dear All, I have created an EJBCA CE 8.0 environment through docker using KeyFactor image with default h2 DB and created few CAs/End Entity Profiles/Certificate Profiles and issued certificates. Now I want to switch the DB from h2 to mysql or mariadb without losing the data that is I dont want to lose my data from this change and want to have all of my previous data to be imported in new DB (mysql or mariadb) so can any one guide me step wise how can I do this. Any urgent help shall highly be appreciated....
Dear All, I have installed EJBCA CE 8.0 from keyfactor using docker with standard commands with TLS enabled setting. Now how can I deploy DigiCert commercial SSL on the deployed running instance so that default SSL keystore can be replaced and I can avoid SSL browser warnings while accessing the adminweb and ra portals. Secondly I don't want to disturb my deployed version settings and just want to change the SSL keystore which is my requirement. Platform Details are: Ubuntue version 22 EJBCA Image...
Please find the new forum here: https://github.com/Keyfactor/ejbca-ce/discussions Not sure about this, might be that the server rejects your client certificate as it contains some invalid key usage. Key Enciperment is not a valid key usage for EC keys. You can see browser requirements in CA/B Forum Baseline Requirements. For EC keys you should only have Digital Signature for a web authentication certificate. Also you should limit extended key usage to Client Authentication, and not use the same certificate...
Try to set httpsserver.hostname in conf/web.properties
any idea from anyone+
any idea from anyone+
I have seen this error being discussed before but none of the solutions have worked for me. I have been at it for days and I still have no clue what's wrong. I'm browsing to https://ejbca-server/ejbca/adminweb. I have installed the superadmin certificate in my browser, cleared all cookies, old certs and so forth. The CA certificate is also added to the browser before proceeding. I get to choose my certificate in Brave, Microsoft Edge and in Firefox, yet it still says: "Authorization Denied No client...
When your Root CA is an External CA, you should select signed by "External" when creating the Sub CA in EJBCA. See here: https://doc.primekey.com/ejbca/ejbca-operations/ejbca-operations-guide/ca-operations-guide/managing-cas/creating-an-issuing-ca-signed-by-an-external-root
Hi, I need help, I'm unable to sign an intermediary CA that was created in EJBCA program using an external Root CA that was created from EasyRSA. I can successfully import the External Root CA to the EJBCA and view it on EJBCA Public Web under Fetch CA certificates but not in "Signed by" while creating a CA and even on RA web. This is a personal project so I don't have any HSM or dedicated root or CA server hence, this whole application is running under one PC which is running on a public IP where...
Hey all, I am very new to EJBCA and have started learning purely from the documentation available on keyfactor's website. After reading and doing some POCs with EJBCA, I am now gearing up to setup EJBCA for uat/prod environment and hence, I am seeking expert advise/pointers from this community. Here are some of the points on which I need advise: Deployment: Till now, during POC, I have used containers for 1 DB, 1 EJBCA container or 2 EJBCA containers without DB for separated root CA and sub CA. This...
Hi PeerConnectors is an Enterprise feature. You will get much better responses by contacting Keyfactor support. https://support.keyfactor.com/ Cheers, Tomas
The error message above is from the CA. The error from VA Im getting as below: Administrator Certificate is issued by external CA and not present in the database.;remoteip=1;forwardedip=
Hi All, Im trying to setup peer system between CA and VA. In my VA, I already deploy with set web.reqcertindb=false, then I enrolled VA SSL cert from CA, then copy to /opt/wildfly/standalone/configuration/keystore/keystore.p12, scp trustore from CA to VA /opt/wildfly/standalone/configuration/keystore/trustrore.p12. Import CA cert to VA cer. But then when I try to peer Im getting error as below(deleting the IP address for safety purpose): 2023-08-14 09:58:29,741 INFO [org.cesecore.util.provider.EkuPKIXCertPathChecker]...
I would just upgrade you old 7.4 to the latest version. It might be an issue with the RA Web that was just fixed. You should upgrade anyhow to make sure you don't have any security issues. You can always check the changelog summary to all the things that have changed. https://doc.primekey.com/ejbca/ejbca-release-information/ejbca-release-notes/ejbca-change-log-summary