search

vrk-kpa / xroad-joint-development

Unmaintained repository. Development moved to: https://github.com/nordic-institute/X-Road-development
19 stars 8 forks source link

EJBCA Certificate #232

Closed hainguyen291 closed 5 years ago

hainguyen291 commented 6 years ago

Hi everybody,

I am using my own ejbca certificate to add to Certificate services on Central Server. However, I couldn't use singed certs, which were sent from Security Server to ejbca CA server to be signed, to import to SS. I always get error

audit.log

2018-05-24T09:43:59+07:00 ss INFO [X-Road Proxy UI] 2018-05-24 09:43:59+0700 - {"event":"Import certificate from file failed","user":"ss","reason":"Certificate is not valid","data":{"certFileName":"ss(1).pem","certHash":"25:96:06:86:75:71:78:F7:84:68:4C:45:01:65:47:63:4F:2E:C6:B9","certHashAlgorithm":"SHA-1","keyUsage":"AUTHENTICATION"}}

screenshot_62

Are there anything I need to do with my EJBCA CA before use it to sign certs? Regards, Hai

JyrgenSuvalov commented 6 years ago

Hello Hai,

Can you post the certificates you're using? I.e the CA cert you're using in the central server, the intermediate certificate (if you're using one) and the sign certificate you're trying to import. I think the exception comes from being unable to verify the certificate chain.

Information about your EJBCA end entities would also be helpful, I suppose.

As far as EJBCA is concerned, our capability to support it here is somewhat minimal, but we'll try to help :)

hainguyen291 commented 6 years ago

Hi @JyrgenSuvalov

Attached files are my ocsp.pem file, which I used for Certificate Services on central server. I don't use intermediate certificate. The two others are my sign and auth certificates, which I sent to CA server to request. cert.zip

Btw, are there any instruction to install X-Road via source code downloaded from github?

Thanks, Hai

hainguyen291 commented 6 years ago

@JyrgenSuvalov Do you need more information about this EJBCA?

Regards, Hai

JyrgenSuvalov commented 6 years ago

@hainguyen291 Sorry I haven't replied. I'm afraid I'm currently really not able to provide much help, since I don't have access to an EJBCA myself at the moment.

There's an overview of EJBCA and using it with X-Road here: https://www.auul.pri.ee/wiki/EJBCA_CA_haldamine#X-tee_turvaserveri_sertifikaatide_haldamine (it's in Estonian, but Google translate should help). It's not a quick start guide however.

hainguyen291 commented 6 years ago

@JyrgenSuvalov Thanks for your support.

Best, Hai

petkivim commented 5 years ago

If the problem still persists, please open a new issue in the X-Road Development repository.

Regards, Petteri