|
»
Anyone familiar with CVCA Key Management Protocol for SPOC?
|
View:
New views
11 Messages
—
Rating Filter:
Alert me
|
 |
Anyone familiar with CVCA Key Management Protocol for SPOC?
by stupidtss
::
Rate this Message:
This post is a little bit off-topic. Please accept my apologies.
I am new to programming, and I was assigned to work on the CVCA Key Management Protocol for SPOC. One of the input parameter required (for the RequestCertificate message) is the "certificate request". Can anyone here point me the way on how to construct and handle this "certificate request"? Thanks very much. |
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by Johan Eklund
::
Rate this Message:
Hi,
See: http://www.ejbca.org/cvccas.html#Command%20line%20client for information about how to create a certificate request for a DV. I hope that will give the information you are looking for. Kind regards, Tham stupidtss wrote: > This post is a little bit off-topic. Please accept my apologies. > > I am new to programming, and I was assigned to work on the CVCA Key > Management Protocol for SPOC. > > One of the input parameter required (for the RequestCertificate message) is > the "certificate request". Can anyone here point me the way on how to > construct and handle this "certificate request"? Thanks very much. > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by stupidtss
::
Rate this Message:
Thanks.
I use the web Administration interface and create a user called "spoc_certReq", password="password" with "CN=spoc_certReq". All other leave blank. Then when I use the following command, error occur: ...\ejbcawscli>cvcwscli cvcrequest spoc_certReq password "C=, CN=spoc_certReq password "C=, CN=spoc_certReq" null RSA 1024 true certReq Enrolling user: Username: spoc_certReq Subject name: C=, CN=spoc_certReq Sequence: null Signature algorithm: RSA Key spec: 1024 Generating a new request with base filename: certReq No sequence given, using random 5 number sequence: 68036 java.lang.NullPointerException org.ejbca.ui.cli.ErrorAdminCommandException: java.lang.NullPointerException at org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211) at org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30) Caused by: java.lang.NullPointerException at org.ejbca.cvc.ReferenceField.(init)(ReferenceField.java:43) at org.ejbca.cvc.HolderReferenceField.(init)(HolderReferenceField.java:33) at org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:133) ... 1 more What is the problem? Is it a necessary to use "ejbcawsracli" to create user for cvcrequest (I have difficulty in using "ejbcawsracli" to create user as there are many fields that I do not know how to fill in)? Thanks in advance. stupidtss
|
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by Tomas Gustavsson
::
Rate this Message:
Try with a better command: cvcwscli cvcrequest spoc_certReq password "CN=spoc,C=SE" 00001 SHA256WithRSA 1024 true certReq CN is maximum 8 characters, you must have a country code, signature algorithm is SHA256WithRSA etc... Cheers, Tomas stupidtss wrote: > Thanks. > > I use the web Administration interface and create a user called > "spoc_certReq", password="password" with > "CN=spoc_certReq". All other leave blank. > > Then when I use the following command, error occur: > > ...\ejbcawscli>cvcwscli cvcrequest spoc_certReq password "C=, > CN=spoc_certReq password "C=, CN=spoc_certReq" null RSA 1024 true certReq > > Enrolling user: > Username: spoc_certReq > Subject name: C=, CN=spoc_certReq > Sequence: null > Signature algorithm: RSA > Key spec: 1024 > Generating a new request with base filename: certReq > No sequence given, using random 5 number sequence: 68036 > java.lang.NullPointerException > org.ejbca.ui.cli.ErrorAdminCommandException: java.lang.NullPointerException > at > org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211) > at > org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30) > Caused by: java.lang.NullPointerException > at org.ejbca.cvc.ReferenceField.(init)(ReferenceField.java:43) > at > org.ejbca.cvc.HolderReferenceField.(init)(HolderReferenceField.java:33) > at > org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:133) > ... 1 more > > What is the problem? Is it a necessary to use "ejbcawsracli" to create user > for cvcrequest (I have difficulty in using "ejbcawsracli" to create user as > there are many fields that I do not know how to fill in)? > > Thanks in advance. > > stupidtss > > > Johan Eklund wrote: >> Hi, >> >> See: http://www.ejbca.org/cvccas.html#Command%20line%20client for >> information about how to create a certificate request for a DV. >> >> I hope that will give the information you are looking for. >> >> Kind regards, >> Tham >> >> stupidtss wrote: >>> This post is a little bit off-topic. Please accept my apologies. >>> >>> I am new to programming, and I was assigned to work on the CVCA Key >>> Management Protocol for SPOC. >>> >>> One of the input parameter required (for the RequestCertificate message) >>> is >>> the "certificate request". Can anyone here point me the way on how to >>> construct and handle this "certificate request"? Thanks very much. >>> >> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> 30-Day >> trial. Simplify your report design, integration and deployment - and focus >> on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by stupidtss
::
Rate this Message:
Thanks very much for your kind assistance.
I have tried the new command. The following error messages come out. ... ... Generating a new request with base filename: certReq Wrote binary request to: certReq.cvreq Wrote private key in PKCS#8 format to to: certReq.pkcs8 Submitting CVC request for user 'spoc_certReq'. java.lang.Exception: Shared library 'superadmin.jks' does not exist org.ejbca.ui.cli.ErrorAdminCommandException: java.lang.Exception: Shared library 'superadmin.jks' does not exist at org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211) at org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30) at org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.checkIfFIleExits(EJBCAWSRABaseCommand.java:175) at org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.(init)(EJBCAWSRABaseCommand.java:133) at org.ejbca.core.protocol.ws.client.CvcRequestCommand.(init)(CvcRequestCommand.java:70) at org.ejbca.core.protocol.ws.client.EJBCAWSRACommandFactory.getCommand(EJBCAWSRACommandFactory.java:69) at org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:27) In folder \ejbcawscli, certReq.cvreq (311 bytes) and certReq.pkcs8 (634 bytes) are created. Does it means the command is successful and the error can be ignored? stupidtss
|
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by Tomas Gustavsson
::
Rate this Message:
You should read the documentation in the User Guide how to get the Webservice interface of EJBCA up and running. It needs certificate authentication so you need to create a JKS for that, and configure everything in ejbcawsracli.properties. /Tomas stupidtss wrote: > Thanks very much for your kind assistance. > > I have tried the new command. The following error messages come out. > > ... > ... > Generating a new request with base filename: certReq > Wrote binary request to: certReq.cvreq > Wrote private key in PKCS#8 format to to: certReq.pkcs8 > Submitting CVC request for user 'spoc_certReq'. > > java.lang.Exception: Shared library 'superadmin.jks' does not exist > org.ejbca.ui.cli.ErrorAdminCommandException: java.lang.Exception: Shared > library 'superadmin.jks' does not exist > at > org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211) > at > org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30) > at > org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.checkIfFIleExits(EJBCAWSRABaseCommand.java:175) > at > org.ejbca.core.protocol.ws.client.EJBCAWSRABaseCommand.(init)(EJBCAWSRABaseCommand.java:133) > at > org.ejbca.core.protocol.ws.client.CvcRequestCommand.(init)(CvcRequestCommand.java:70) > at > org.ejbca.core.protocol.ws.client.EJBCAWSRACommandFactory.getCommand(EJBCAWSRACommandFactory.java:69) > at > org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:27) > > In folder \ejbcawscli, certReq.cvreq (311 bytes) and certReq.pkcs8 (634 > bytes) are created. Does it means the command is successful and the error > can be ignored? > > stupidtss > > > Tomas Gustavsson wrote: >> >> Try with a better command: >> >> cvcwscli cvcrequest spoc_certReq password "CN=spoc,C=SE" 00001 >> SHA256WithRSA 1024 true certReq >> >> CN is maximum 8 characters, you must have a country code, signature >> algorithm is SHA256WithRSA etc... >> >> Cheers, >> Tomas >> >> >> >> stupidtss wrote: >>> Thanks. >>> >>> I use the web Administration interface and create a user called >>> "spoc_certReq", password="password" with >>> "CN=spoc_certReq". All other leave blank. >>> >>> Then when I use the following command, error occur: >>> >>> ...\ejbcawscli>cvcwscli cvcrequest spoc_certReq password "C=, >>> CN=spoc_certReq password "C=, CN=spoc_certReq" null RSA 1024 true certReq >>> >>> Enrolling user: >>> Username: spoc_certReq >>> Subject name: C=, CN=spoc_certReq >>> Sequence: null >>> Signature algorithm: RSA >>> Key spec: 1024 >>> Generating a new request with base filename: certReq >>> No sequence given, using random 5 number sequence: 68036 >>> java.lang.NullPointerException >>> org.ejbca.ui.cli.ErrorAdminCommandException: >>> java.lang.NullPointerException >>> at >>> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:211) >>> at >>> org.ejbca.core.protocol.ws.client.cvcwscli.main(cvcwscli.java:30) >>> Caused by: java.lang.NullPointerException >>> at org.ejbca.cvc.ReferenceField.(init)(ReferenceField.java:43) >>> at >>> org.ejbca.cvc.HolderReferenceField.(init)(HolderReferenceField.java:33) >>> at >>> org.ejbca.core.protocol.ws.client.CvcRequestCommand.execute(CvcRequestCommand.java:133) >>> ... 1 more >>> >>> What is the problem? Is it a necessary to use "ejbcawsracli" to create >>> user >>> for cvcrequest (I have difficulty in using "ejbcawsracli" to create user >>> as >>> there are many fields that I do not know how to fill in)? >>> >>> Thanks in advance. >>> >>> stupidtss >>> >>> >>> Johan Eklund wrote: >>>> Hi, >>>> >>>> See: http://www.ejbca.org/cvccas.html#Command%20line%20client for >>>> information about how to create a certificate request for a DV. >>>> >>>> I hope that will give the information you are looking for. >>>> >>>> Kind regards, >>>> Tham >>>> >>>> stupidtss wrote: >>>>> This post is a little bit off-topic. Please accept my apologies. >>>>> >>>>> I am new to programming, and I was assigned to work on the CVCA Key >>>>> Management Protocol for SPOC. >>>>> >>>>> One of the input parameter required (for the RequestCertificate >>>>> message) >>>>> is >>>>> the "certificate request". Can anyone here point me the way on how to >>>>> construct and handle this "certificate request"? Thanks very much. >>>>> >>>> ------------------------------------------------------------------------------ >>>> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >>>> 30-Day >>>> trial. Simplify your report design, integration and deployment - and >>>> focus >>>> on >>>> what you do best, core application coding. Discover what's new with >>>> Crystal Reports now. http://p.sf.net/sfu/bobj-july >>>> _______________________________________________ >>>> Ejbca-develop mailing list >>>> Ejbca-develop@... >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >>>> >>>> >> ------------------------------------------------------------------------------ >> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 >> 30-Day >> trial. Simplify your report design, integration and deployment - and focus >> on >> what you do best, core application coding. Discover what's new with >> Crystal Reports now. http://p.sf.net/sfu/bobj-july >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by stupidtss
::
Rate this Message:
I try to create CVC request. Before that, I think I should create an user so that I can use the WS CLI.
Under the "Web Services authentication", I find the following command sample: ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS ejbca ra setclearpwd <1> <2> ejbca batch ejbca admins addadmin "Temporary Super Administrator Group" AdminCA WITHCOMMONNAME QUALCASEINS <1> If my CVC CA is "HK", my DV is HKDV, and there is also a CA called AdminCA1 which is created during installation, which CA should I used in the command above? I have test all three, and only AdminCA1 works. All the other two returns with message saying that CA not found. Should I select AdminCA1 as the name of CA? Furthermore, when I later issue the cvcwscli cvcrequest command, a BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED can be used for cvc. But if I use USERGENERATED in creating the user name, no .JKS is generated and the cvcwscli cvcrequest command returns with an LOGIN_ERROR. Please help. Thanks.
|
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by stupidtss
::
Rate this Message:
[I have also tested with the superadmin account as set in the ejbcawsracli.properties file but also failed (I have already generated the superadmin.jks and placed it in the \ejbcawscli folder (the error is BAD_USER_TOKEN_TYPE).]
|
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by Tomas Gustavsson
::
Rate this Message:
If you have generated a superadmin.jks file you should be all set to use the WS cli. Configure the superadmin.jks in ejbcawsracli.properties and the right password. The command sample is for generating a new administrator keystore to use for WS communication (WS communication is authenticated with client certificate). The admin cert must be from AdminCA, because it must be an x.509 certificate. So you have to separate completely the admin certificates from the CVC certificates. After you have the admin certificate you can use the cvcwscli to create IS certificates. USERGENERATED must be used when adding IS users just as it says. For this you can use the sample commands in http://ejbca.org/cvccas.html Regards, Tomas stupidtss wrote: > I try to create CVC request. Before that, I think I should create an user so > that I can use the WS CLI. > > Under the "Web Services authentication", I find the following command > sample: > > ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS > ejbca ra setclearpwd <1> <2> > ejbca batch > ejbca admins addadmin "Temporary Super Administrator Group" AdminCA > WITHCOMMONNAME QUALCASEINS <1> > > If my CVC CA is "HK", my DV is HKDV, and there is also a CA called AdminCA1 > which is created during installation, which CA should I used in the command > above? I have test all three, and only AdminCA1 works. All the other two > returns with message saying that CA not found. > > Should I select AdminCA1 as the name of CA? > > Furthermore, when I later issue the cvcwscli cvcrequest command, a > BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED can > be used for cvc. But if I use USERGENERATED in creating the user name, no > .JKS is generated and the cvcwscli cvcrequest command returns with an > LOGIN_ERROR. > > Please help. Thanks. > > > stupidtss wrote: >> This post is a little bit off-topic. Please accept my apologies. >> >> I am new to programming, and I was assigned to work on the CVCA Key >> Management Protocol for SPOC. >> >> One of the input parameter required (for the RequestCertificate message) >> is the "certificate request". Can anyone here point me the way on how to >> construct and handle this "certificate request"? Thanks very much. >> > ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by stupidtss
::
Rate this Message:
When I submit the following command "cvcwscli cvcrequest superadmin ejbca "C=HK, CN=HKDV" 00001 SHA256WithRSA 1024 true zzz"
The error LOGIN_ERROR come out saying tha Got request for user with invalid password: superadmin even though the password is correct. If I Edit End Entity in the GUI and save with the correct password again, the error then changed to INTERNAL_ERROR for the first time, the then LOGIN_ERROR for the second time and after. Is there anything wrong with my command above?
|
|
|
Re: Anyone familiar with CVCA Key Management Protocol for SPOC?
by Tomas Gustavsson
::
Rate this Message:
You do not issue IS certificates to superadmin that is plain wrong. Superadmin is not an inspection system. You have to add an inspection system user first, like in the example I pointed to att ejbca.org. ./ejbcawsracli.sh edituser hkdv foo123 false "CN=HKDV,C=HK" NULL NULL DVCA 1 USERGENERATED NEW IS IS /Tomas stupidtss wrote: > When I submit the following command "cvcwscli cvcrequest superadmin ejbca > "C=HK, CN=HKDV" 00001 SHA256WithRSA 1024 true zzz" > The error LOGIN_ERROR come out saying tha Got request for user with invalid > password: superadmin even though the password is correct. > > If I Edit End Entity in the GUI and save with the correct password again, > the error then changed to INTERNAL_ERROR for the first time, the then > LOGIN_ERROR for the second time and after. > > Is there anything wrong with my command above? > > Tomas Gustavsson wrote: >> >> If you have generated a superadmin.jks file you should be all set to use >> the WS cli. >> >> Configure the superadmin.jks in ejbcawsracli.properties and the right >> password. >> >> The command sample is for generating a new administrator keystore to use >> for WS communication (WS communication is authenticated with client >> certificate). The admin cert must be from AdminCA, because it must be an >> x.509 certificate. >> >> So you have to separate completely the admin certificates from the CVC >> certificates. After you have the admin certificate you can use the >> cvcwscli to create IS certificates. USERGENERATED must be used when >> adding IS users just as it says. For this you can use the sample >> commands in http://ejbca.org/cvccas.html >> >> Regards, >> Tomas >> >> >> stupidtss wrote: >>> I try to create CVC request. Before that, I think I should create an >>> user so >>> that I can use the WS CLI. >>> >>> Under the "Web Services authentication", I find the following command >>> sample: >>> >>> ejbca ra adduser <1> <2> "C=..,O=..,CN=<1>" null AdminCA null 1 JKS >>> ejbca ra setclearpwd <1> <2> >>> ejbca batch >>> ejbca admins addadmin "Temporary Super Administrator Group" AdminCA >>> WITHCOMMONNAME QUALCASEINS <1> >>> >>> If my CVC CA is "HK", my DV is HKDV, and there is also a CA called >>> AdminCA1 >>> which is created during installation, which CA should I used in the >>> command >>> above? I have test all three, and only AdminCA1 works. All the other >>> two >>> returns with message saying that CA not found. >>> >>> Should I select AdminCA1 as the name of CA? >>> >>> Furthermore, when I later issue the cvcwscli cvcrequest command, a >>> BAD_USER_TOKEN_TYPE error keeps coming up saying that only USERGENERATED >>> can >>> be used for cvc. But if I use USERGENERATED in creating the user name, >>> no >>> .JKS is generated and the cvcwscli cvcrequest command returns with an >>> LOGIN_ERROR. >>> >>> Please help. Thanks. >>> >>> >>> stupidtss wrote: >>>> This post is a little bit off-topic. Please accept my apologies. >>>> >>>> I am new to programming, and I was assigned to work on the CVCA Key >>>> Management Protocol for SPOC. >>>> >>>> One of the input parameter required (for the RequestCertificate message) >>>> is the "certificate request". Can anyone here point me the way on how >>>> to >>>> construct and handle this "certificate request"? Thanks very much. >>>> >> >> ------------------------------------------------------------------------------ >> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >> is the only developer event you need to attend this year. Jumpstart your >> developing skills, take BlackBerry mobile applications to market and stay >> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >> http://p.sf.net/sfu/devconference >> _______________________________________________ >> Ejbca-develop mailing list >> Ejbca-develop@... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> >> > ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
| Free embeddable forum powered by Nabble | Forum Help |
