import cert into cacerts
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
import cert into cacerts
by Nicola Percacciante
::
Rate this Message:
|
|
|
Re: import cert into cacerts
by Johan Eklund
::
Rate this Message:
Hi Nicola,
I think step 9 of http://www.ejbca.org/installation.html#Install has the answer you are looking for. Since EJBCA 3.5.x you don't need to install EJBCA as root anymore (often required to manipulate "cacarts" in the JRE directory). Instead a truststore is deployed into the Tomcat running inside JBoss. The command from the install-guide will add the CA-certificate to p12/truststore.jks and then deploy the file. Restart of JBoss is still required. Best Regards, Johan Eklund Nicola Percacciante skrev: > Hi > i have create a new root CA and new CA admin for the CA > i red into .swf file that > "if you want to create a admin group signed by a Root CA not already > imported into JRE cacerts file....described README" > > I tried to do that command > /usr/share/ejbca# bin/ejbca.sh ca getrootcert GruppoLAT_CA gruppolat.der > -der > /usr/share/ejbca# keytool -import -alias GruppoLAT_CA -trustcacerts > -file ./gruppolat.der -keystore <?????> > > What is the right cacerts file ? > "/etc/java-1.5.0-sun/security/cacerts" or "/etc/ejbca/p12/truststore.jks" > > > -- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: import cert into cacerts
by Nicola Percacciante
::
Rate this Message:
|
|
|
Re: import cert into cacerts
by Johan Eklund
::
Rate this Message:
Hi Nicola,
Hmm.. strange. This should only add the new CA certificate to the truststore.. =/ For information on how to reverse the order please look at the notes on "certtools.dnorderreverse" in conf/ejbca.properties for how to revserse the order for the initial CA. For any other CA you create uncheck the checkbox "Use LDAP DN order (experimental to switch off)" to enable reverse order for that particular CA and all certificates issued by this CA. Best Regards, Johan Eklund Nicola Percacciante skrev: > Hi Johan > i tried to do and restart jboss .... > ant -Dca.name="My CA Name" javatruststore > > > I lost admin web, i reinstall a fresh copy of EJBCA :( > > Is it possible to change the order of the subject DN during the CA > creation process ? > Example: > Subject DN: CN=My CA,DC=domain,DC=local,C=IT > The first field that i found in my ca cert is C=IT, instead of CN=My CA. > When i import CA certs in my appliance, the name that i see in the > list is "IT", because the C field is the first af the Subject DN created. > > Sorry for my english. > > > > Johan Eklund ha scritto: >> Hi Nicola, >> >> I think step 9 of http://www.ejbca.org/installation.html#Install has >> the answer you are looking for. >> >> Since EJBCA 3.5.x you don't need to install EJBCA as root anymore >> (often required to manipulate "cacarts" in the JRE directory). >> Instead a truststore is deployed into the Tomcat running inside >> JBoss. The command from the install-guide will add the CA-certificate >> to p12/truststore.jks and then deploy the file. Restart of JBoss is >> still required. >> >> Best Regards, >> Johan Eklund >> >> Nicola Percacciante skrev: >>> Hi >>> i have create a new root CA and new CA admin for the CA >>> i red into .swf file that >>> "if you want to create a admin group signed by a Root CA not already >>> imported into JRE cacerts file....described README" >>> >>> I tried to do that command >>> /usr/share/ejbca# bin/ejbca.sh ca getrootcert GruppoLAT_CA >>> gruppolat.der -der >>> /usr/share/ejbca# keytool -import -alias GruppoLAT_CA -trustcacerts >>> -file ./gruppolat.der -keystore <?????> >>> >>> What is the right cacerts file ? >>> "/etc/java-1.5.0-sun/security/cacerts" or >>> "/etc/ejbca/p12/truststore.jks" >>> >>> >>> >> >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> Check out the new SourceForge.net Marketplace. >> It's the best place to buy or sell services for >> just about anything Open Source. >> http://sourceforge.net/services/buy/index.php >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > > -- > > Saluti > Nicola Percacciante > > Digital Network s.r.l. > Viale Spartaco Lavagnini, 41 > 50129 - Firenze > P.I.: 05159080489 > > Tel. 055-051.75.56/7 > Fax. 055-56.09.900 > Cel. 348-65.40.472 > > supporto tecnico on line > https://assistenza.digital-network.it > > -- > "Le informazioni trasmesse sono da intendere solo per la persona e/o > società a cui sono indirizzate, possono contenere documenti > confidenziali e/o materiale riservato. Qualsiasi modifica, inoltro, > diffusione o altro utilizzo, relativo alle informazioni trasmesse, da > parte di persone e/o società, diversi dai destinatari indicati, è > proibito ai sensi della legge 196/2003. Se Lei ha ricevuto questa mail > per errore, per favore contatti il mittente e cancelli queste > informazioni da ogni computer." > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > Check out the new SourceForge.net Marketplace. > It's the best place to buy or sell services for > just about anything Open Source. > http://sourceforge.net/services/buy/index.php > ------------------------------------------------------------------------ > > _______________________________________________ > Ejbca-develop mailing list > Ejbca-develop@... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > -- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://download.primekey.se/documents/ejbca_subscription.pdf http://download.primekey.se/documents/ejbca_training.pdf ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It's the best place to buy or sell services for just about anything Open Source. http://sourceforge.net/services/buy/index.php _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: import cert into cacerts
by Tomas Gustavsson
::
Rate this Message:
|
smime.p7s (3K) 
| Free Forum Powered by Nabble | Forum Help |