|
»
»
»
How generate a certificate without the private key
|
View:
New views
18 Messages
—
Rating Filter:
Alert me
|
 |
How generate a certificate without the private key
by Anais
::
Rate this Message:
Hi,
I'm a newby in the EJBCA world and i would like to know how generate a certificate whitout the private key because my user must generate his keys himself and only given his public key to ask a certificate and only his public key. I already have searched on this forum by i don't have found any positive answer. Perhaps somebody has seen it before. thanks for your answer. |
|
|
Re: How generate a certificate without the private key
by Tomas Gustavsson
::
Rate this Message:
Hi Anais, This it what you normally do, you send in a certificate request with only the public key. If you go to public web for example you can enroll with your browser, or choose "server certificate" to paste a PKCS#10 certificate request (with only the public key). When adding users in EJBCA you choose the keystore type "User generated", which means that the user generates the his keys. Cheers, Tomas ----- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf Anais wrote: > Hi, > > I'm a newby in the EJBCA world and i would like to know how generate a > certificate whitout the private key because my user must generate his keys > himself and only given his public key to ask a certificate and only his > public key. > I already have searched on this forum by i don't have found any positive > answer. > Perhaps somebody has seen it before. > > thanks for your answer. ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: How generate a certificate without the private key
by Anais
::
Rate this Message:
thanks Tomas for your answer.
It seems better in my mind but where is located the public key in ejbca. For example, if i want to give my public key how can i do and how can i generate my public key ? thanks Anaïs
|
|
|
Re: How generate a certificate without the private key
by Johan Eklund
::
Rate this Message:
Hi Anais, The basics of PKI is asymmetric encryption and X.509 certificates. When you generate a key pair you generate the private and the public key at the same time. The public key is sent in a certificate signing request to the CA. The CA issues a certificate that contains the public key. What kind of client software will you be using? This client software will be responsible for generating the key pair. Regards, Tomas Anais wrote: > thanks Tomas for your answer. > It seems better in my mind but where is located the public key in ejbca. For > example, if i want to give my public key how can i do and how can i generate > my public key ? > > thanks > Anaïs > > > Tomas Gustavsson wrote: >> >> Hi Anais, >> >> This it what you normally do, you send in a certificate request with >> only the public key. If you go to public web for example you can enroll >> with your browser, or choose "server certificate" to paste a PKCS#10 >> certificate request (with only the public key). >> >> When adding users in EJBCA you choose the keystore type "User >> generated", which means that the user generates the his keys. >> >> Cheers, >> Tomas >> ----- >> PrimeKey Solutions offers a commercial EJBCA support subscription and >> training for EJBCA. Please see www.primekey.se or contact >> info@... for more information. >> http://download.primekey.se/documents/ejbca_subscription.pdf >> http://download.primekey.se/documents/ejbca_training.pdf >> >> Anais wrote: >>> Hi, >>> >>> I'm a newby in the EJBCA world and i would like to know how generate a >>> certificate whitout the private key because my user must generate his >>> keys >>> himself and only given his public key to ask a certificate and only his >>> public key. >>> I already have searched on this forum by i don't have found any positive >>> answer. >>> Perhaps somebody has seen it before. >>> >>> thanks for your answer. >> ------------------------------------------------------------------------- >> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >> Studies have shown that voting for your favorite open source project, >> along with a healthy diet, reduces your potential for chronic lameness >> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: How generate a certificate without the private key
by Anais
::
Rate this Message:
Hi,
I don't have choosen my client software. I just want to know how give the public key to EJBCA in order to EJBCA create my certificate when i click on "create browser certificate" or "create server certificate". thanks
|
|
|
Re: How generate a certificate without the private key
by Tomas Gustavsson
::
Rate this Message:
If you will be using a browser you don't have to bother with that. The browser handles that automatically for you. If your client generates the keys and creates a PKCS#10 certificate request, the public key will be in that request. There are many ways you can send such a request to EJBCA, but if you use "create server certificate" you simply copy-paste the PKCS#10 certificate request into the text field on the web page. The PKCS#10 requets contains the public key. /Tomas Anais wrote: > Hi, > > I don't have choosen my client software. > I just want to know how give the public key to EJBCA in order to EJBCA > create my certificate when i click on "create browser certificate" or > "create server certificate". > > thanks > > Johan Eklund wrote: >> >> Hi Anais, >> >> The basics of PKI is asymmetric encryption and X.509 certificates. >> When you generate a key pair you generate the private and the public key >> at the same time. The public key is sent in a certificate signing >> request to the CA. The CA issues a certificate that contains the public >> key. >> >> What kind of client software will you be using? This client software >> will be responsible for generating the key pair. >> >> Regards, >> Tomas >> >> >> Anais wrote: >>> thanks Tomas for your answer. >>> It seems better in my mind but where is located the public key in ejbca. >>> For >>> example, if i want to give my public key how can i do and how can i >>> generate >>> my public key ? >>> >>> thanks >>> Anaïs >>> >>> >>> Tomas Gustavsson wrote: >>>> Hi Anais, >>>> >>>> This it what you normally do, you send in a certificate request with >>>> only the public key. If you go to public web for example you can enroll >>>> with your browser, or choose "server certificate" to paste a PKCS#10 >>>> certificate request (with only the public key). >>>> >>>> When adding users in EJBCA you choose the keystore type "User >>>> generated", which means that the user generates the his keys. >>>> >>>> Cheers, >>>> Tomas >>>> ----- >>>> PrimeKey Solutions offers a commercial EJBCA support subscription and >>>> training for EJBCA. Please see www.primekey.se or contact >>>> info@... for more information. >>>> http://download.primekey.se/documents/ejbca_subscription.pdf >>>> http://download.primekey.se/documents/ejbca_training.pdf >>>> >>>> Anais wrote: >>>>> Hi, >>>>> >>>>> I'm a newby in the EJBCA world and i would like to know how generate a >>>>> certificate whitout the private key because my user must generate his >>>>> keys >>>>> himself and only given his public key to ask a certificate and only his >>>>> public key. >>>>> I already have searched on this forum by i don't have found any >>>>> positive >>>>> answer. >>>>> Perhaps somebody has seen it before. >>>>> >>>>> thanks for your answer. >>>> ------------------------------------------------------------------------- >>>> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >>>> Studies have shown that voting for your favorite open source project, >>>> along with a healthy diet, reduces your potential for chronic lameness >>>> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejbca-develop@... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>>> >> ------------------------------------------------------------------------- >> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >> Studies have shown that voting for your favorite open source project, >> along with a healthy diet, reduces your potential for chronic lameness >> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: How generate a certificate without the private key
by Anais
::
Rate this Message:
Hi Thomas,
I think i understand ! If i use the browser everithing is automatically but if i use the "create server sertificate" i must give myself the public key, isn't it ? So, i have 2 questions : first : how can i generate my "server certificate" with the cli ? second : wich client software is the better to generate the 2 keys ? thanks very much for answers ! Anaïs
|
|
|
Re: How generate a certificate without the private key
by Tomas Gustavsson
::
Rate this Message:
Correct. first : the EJBCA cli does not generate keys for you. The application (for example apache using openssl) is where you generate the keys. second : what do you want to use the certificate for? The application generates the keys. Do you want certificates for an apache webserver? An IIS webserver? A PDF document signing application? There is no way to answer such a question. The application you want to secure is the better to generate the 2 keys. /Tomas Anais wrote: > Hi Thomas, > > I think i understand ! > If i use the browser everithing is automatically but if i use the "create > server sertificate" i must give myself the public key, isn't it ? > So, i have 2 questions : > first : how can i generate my "server certificate" with the cli ? > second : wich client software is the better to generate the 2 keys ? > > thanks very much for answers ! > Anaïs > > > Tomas Gustavsson wrote: >> >> If you will be using a browser you don't have to bother with that. The >> browser handles that automatically for you. >> If your client generates the keys and creates a PKCS#10 certificate >> request, the public key will be in that request. >> There are many ways you can send such a request to EJBCA, but if you use >> "create server certificate" you simply copy-paste the PKCS#10 >> certificate request into the text field on the web page. >> The PKCS#10 requets contains the public key. >> >> /Tomas >> >> >> Anais wrote: >>> Hi, >>> >>> I don't have choosen my client software. >>> I just want to know how give the public key to EJBCA in order to EJBCA >>> create my certificate when i click on "create browser certificate" or >>> "create server certificate". >>> >>> thanks >>> >>> Johan Eklund wrote: >>>> Hi Anais, >>>> >>>> The basics of PKI is asymmetric encryption and X.509 certificates. >>>> When you generate a key pair you generate the private and the public key >>>> at the same time. The public key is sent in a certificate signing >>>> request to the CA. The CA issues a certificate that contains the public >>>> key. >>>> >>>> What kind of client software will you be using? This client software >>>> will be responsible for generating the key pair. >>>> >>>> Regards, >>>> Tomas >>>> >>>> >>>> Anais wrote: >>>>> thanks Tomas for your answer. >>>>> It seems better in my mind but where is located the public key in >>>>> ejbca. >>>>> For >>>>> example, if i want to give my public key how can i do and how can i >>>>> generate >>>>> my public key ? >>>>> >>>>> thanks >>>>> Anaïs >>>>> >>>>> >>>>> Tomas Gustavsson wrote: >>>>>> Hi Anais, >>>>>> >>>>>> This it what you normally do, you send in a certificate request with >>>>>> only the public key. If you go to public web for example you can >>>>>> enroll >>>>>> with your browser, or choose "server certificate" to paste a PKCS#10 >>>>>> certificate request (with only the public key). >>>>>> >>>>>> When adding users in EJBCA you choose the keystore type "User >>>>>> generated", which means that the user generates the his keys. >>>>>> >>>>>> Cheers, >>>>>> Tomas >>>>>> ----- >>>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and >>>>>> training for EJBCA. Please see www.primekey.se or contact >>>>>> info@... for more information. >>>>>> http://download.primekey.se/documents/ejbca_subscription.pdf >>>>>> http://download.primekey.se/documents/ejbca_training.pdf >>>>>> >>>>>> Anais wrote: >>>>>>> Hi, >>>>>>> >>>>>>> I'm a newby in the EJBCA world and i would like to know how generate >>>>>>> a >>>>>>> certificate whitout the private key because my user must generate his >>>>>>> keys >>>>>>> himself and only given his public key to ask a certificate and only >>>>>>> his >>>>>>> public key. >>>>>>> I already have searched on this forum by i don't have found any >>>>>>> positive >>>>>>> answer. >>>>>>> Perhaps somebody has seen it before. >>>>>>> >>>>>>> thanks for your answer. >>>>>> ------------------------------------------------------------------------- >>>>>> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >>>>>> Studies have shown that voting for your favorite open source project, >>>>>> along with a healthy diet, reduces your potential for chronic lameness >>>>>> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >>>>>> _______________________________________________ >>>>>> Ejbca-develop mailing list >>>>>> Ejbca-develop@... >>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>>>> >>>>>> >>>> ------------------------------------------------------------------------- >>>> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >>>> Studies have shown that voting for your favorite open source project, >>>> along with a healthy diet, reduces your potential for chronic lameness >>>> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejbca-develop@... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>>> >> ------------------------------------------------------------------------- >> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >> Studies have shown that voting for your favorite open source project, >> along with a healthy diet, reduces your potential for chronic lameness >> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: How generate a certificate without the private key
by Anais
::
Rate this Message:
Hi,
I need this application for secure files (for example a letter). My customers send me their letters with my driver and i do differents actions on this letters. So i need to find a light and simple software to my customer generates his keys on his computer and then i need to find a way to create a certificate on line that's why the cli is very easy to me to integrate in my driver. I need to use EJBCA without to be in local.
|
|
|
Re: How generate a certificate without the private key
by Tomas Gustavsson
::
Rate this Message:
Using EJBCA for issuing such certificates should be quite easy. Finding the right client application to meet your needs will be the hard part. Unfortunately I can't help you with that. I think there are numerous programs available if you search for example sourceforge.net. Regards, Tomas Anais wrote: > Hi, > > I need this application for secure files (for example a letter). > My customers send me their letters with my driver and i do differents > actions on this letters. > So i need to find a light and simple software to my customer generates his > keys on his computer and then i need to find a way to create a certificate > on line that's why the cli is very easy to me to integrate in my driver. I > need to use EJBCA without to be in local. > > > Tomas Gustavsson wrote: >> >> Correct. >> first : the EJBCA cli does not generate keys for you. The application >> (for example apache using openssl) is where you generate the keys. >> >> second : what do you want to use the certificate for? The application >> generates the keys. Do you want certificates for an apache webserver? An >> IIS webserver? A PDF document signing application? There is no way to >> answer such a question. The application you want to secure is the better >> to generate the 2 keys. >> >> /Tomas >> >> >> >> Anais wrote: >>> Hi Thomas, >>> >>> I think i understand ! >>> If i use the browser everithing is automatically but if i use the "create >>> server sertificate" i must give myself the public key, isn't it ? >>> So, i have 2 questions : >>> first : how can i generate my "server certificate" with the cli ? >>> second : wich client software is the better to generate the 2 keys ? >>> >>> thanks very much for answers ! >>> Anaïs >>> >>> >>> Tomas Gustavsson wrote: >>>> If you will be using a browser you don't have to bother with that. The >>>> browser handles that automatically for you. >>>> If your client generates the keys and creates a PKCS#10 certificate >>>> request, the public key will be in that request. >>>> There are many ways you can send such a request to EJBCA, but if you use >>>> "create server certificate" you simply copy-paste the PKCS#10 >>>> certificate request into the text field on the web page. >>>> The PKCS#10 requets contains the public key. >>>> >>>> /Tomas >>>> >>>> >>>> Anais wrote: >>>>> Hi, >>>>> >>>>> I don't have choosen my client software. >>>>> I just want to know how give the public key to EJBCA in order to EJBCA >>>>> create my certificate when i click on "create browser certificate" or >>>>> "create server certificate". >>>>> >>>>> thanks >>>>> >>>>> Johan Eklund wrote: >>>>>> Hi Anais, >>>>>> >>>>>> The basics of PKI is asymmetric encryption and X.509 certificates. >>>>>> When you generate a key pair you generate the private and the public >>>>>> key >>>>>> at the same time. The public key is sent in a certificate signing >>>>>> request to the CA. The CA issues a certificate that contains the >>>>>> public >>>>>> key. >>>>>> >>>>>> What kind of client software will you be using? This client software >>>>>> will be responsible for generating the key pair. >>>>>> >>>>>> Regards, >>>>>> Tomas >>>>>> >>>>>> >>>>>> Anais wrote: >>>>>>> thanks Tomas for your answer. >>>>>>> It seems better in my mind but where is located the public key in >>>>>>> ejbca. >>>>>>> For >>>>>>> example, if i want to give my public key how can i do and how can i >>>>>>> generate >>>>>>> my public key ? >>>>>>> >>>>>>> thanks >>>>>>> Anaïs >>>>>>> >>>>>>> >>>>>>> Tomas Gustavsson wrote: >>>>>>>> Hi Anais, >>>>>>>> >>>>>>>> This it what you normally do, you send in a certificate request with >>>>>>>> only the public key. If you go to public web for example you can >>>>>>>> enroll >>>>>>>> with your browser, or choose "server certificate" to paste a PKCS#10 >>>>>>>> certificate request (with only the public key). >>>>>>>> >>>>>>>> When adding users in EJBCA you choose the keystore type "User >>>>>>>> generated", which means that the user generates the his keys. >>>>>>>> >>>>>>>> Cheers, >>>>>>>> Tomas >>>>>>>> ----- >>>>>>>> PrimeKey Solutions offers a commercial EJBCA support subscription >>>>>>>> and >>>>>>>> training for EJBCA. Please see www.primekey.se or contact >>>>>>>> info@... for more information. >>>>>>>> http://download.primekey.se/documents/ejbca_subscription.pdf >>>>>>>> http://download.primekey.se/documents/ejbca_training.pdf >>>>>>>> >>>>>>>> Anais wrote: >>>>>>>>> Hi, >>>>>>>>> >>>>>>>>> I'm a newby in the EJBCA world and i would like to know how >>>>>>>>> generate >>>>>>>>> a >>>>>>>>> certificate whitout the private key because my user must generate >>>>>>>>> his >>>>>>>>> keys >>>>>>>>> himself and only given his public key to ask a certificate and only >>>>>>>>> his >>>>>>>>> public key. >>>>>>>>> I already have searched on this forum by i don't have found any >>>>>>>>> positive >>>>>>>>> answer. >>>>>>>>> Perhaps somebody has seen it before. >>>>>>>>> >>>>>>>>> thanks for your answer. >>>>>>>> ------------------------------------------------------------------------- >>>>>>>> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >>>>>>>> Studies have shown that voting for your favorite open source >>>>>>>> project, >>>>>>>> along with a healthy diet, reduces your potential for chronic >>>>>>>> lameness >>>>>>>> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >>>>>>>> _______________________________________________ >>>>>>>> Ejbca-develop mailing list >>>>>>>> Ejbca-develop@... >>>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>>>>>> >>>>>>>> >>>>>> ------------------------------------------------------------------------- >>>>>> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >>>>>> Studies have shown that voting for your favorite open source project, >>>>>> along with a healthy diet, reduces your potential for chronic lameness >>>>>> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >>>>>> _______________________________________________ >>>>>> Ejbca-develop mailing list >>>>>> Ejbca-develop@... >>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>>>> >>>>>> >>>> ------------------------------------------------------------------------- >>>> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >>>> Studies have shown that voting for your favorite open source project, >>>> along with a healthy diet, reduces your potential for chronic lameness >>>> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejbca-develop@... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>>> >> ------------------------------------------------------------------------- >> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! >> Studies have shown that voting for your favorite open source project, >> along with a healthy diet, reduces your potential for chronic lameness >> and boredom. Vote Now at http://www.sourceforge.net/community/cca08 >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: How generate a certificate without the private key
by Anais
::
Rate this Message:
Hi,
Ok. But you seems to knows EJBCA better than me and i still have some shadows. Why did EJBCA ask key lenght in "create browser certificate", "create server certificate" and "create keystore" ? And what exactly is a "keystore" ? thanks very much
|
