|
»
Strange error messages: CA 'AdminCA1' doesn't exists.
|
View:
New views
2 Messages
—
Rating Filter:
Alert me
|
 |
Strange error messages: CA 'AdminCA1' doesn't exists.
by cristinapro
::
Rate this Message:
Hi,
We have a PKI structure like: -CA: AdminCA1 -RA: myra - end entity with certificate issued by AdminCA1 -RA Administrator Group with RA Administrator Role, AuthorizedCA = AdminCA1 and access to /ca/AdminCA1 and /administrator resources -myra end entity is added to the above administrator group We use External RA API and signing with the myra certificate. We have 2 complementary errors: 1)When processing a BD message with 2 submessages: - PKCS10Request() - createOrEdituserRequest() we got a strange error message: CA 'AdminCA1' doesn't exists. 2)If endentity was created by myra user from Admin Interface but call to revoke is made via ext ra messaging for a message like: RevocationRequest() we got another error message: Administrator not authorized to CA -1688117755 that existing user test_ra:32 was created with. Actually AdminCA1 has the id=1688117755. Is it possible that the Extra api uses name [AdminCA1] and EJBCA CA - RA service processor uses Id-s [1688117755 ] for CA identification? Is it a missconfiguration of CA or RA endentity? Best Regards, Cristina |
|
|
Re: Strange error messages: CA 'AdminCA1' doesn't exists.
by Johan Eklund
::
Rate this Message:
Hi, You don't say which versions of EJBCA and ExtRA you use. 1) It you use debug logging there might be interesting information surrounding your error. For example does it happen for the createOrEdituserRequest() or the PKCS10Request()? 2) the same here with debug logs, it would show exactly when the error happns. I don't think there can be an issue with mixing up names and Ids. Does the myra user have access to the needed RA functions in the administrator group? Regards, Tomas ----- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact info@... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ cristinapro wrote: > Hi, > > We have a PKI structure like: > > -CA: AdminCA1 > -RA: myra - end entity with certificate issued by AdminCA1 > -RA Administrator Group with RA Administrator Role, AuthorizedCA = AdminCA1 > and access to /ca/AdminCA1 and /administrator resources > -myra end entity is added to the above administrator group > > We use External RA API and signing with the myra certificate. We have 2 > complementary errors: > > 1)When processing a BD message with 2 submessages: > - PKCS10Request() > - createOrEdituserRequest() > > we got a strange error message: CA 'AdminCA1' doesn't exists. > > 2)If endentity was created by myra user from Admin Interface but call to > revoke is made via ext ra messaging for a message like: RevocationRequest() > > we got another error message: Administrator not authorized to CA -1688117755 > that existing user test_ra:32 was created with. > > Actually AdminCA1 has the id=1688117755. > Is it possible that the Extra api uses name [AdminCA1] and EJBCA CA - RA > service processor uses Id-s [1688117755 ] for CA identification? > Is it a missconfiguration of CA or RA endentity? > > Best Regards, > Cristina > ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Ejbca-develop mailing list Ejbca-develop@... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
| Free embeddable forum powered by Nabble | Forum Help |
