tag:blogger.com,1999:blog-7933348372264971621.comments2023-08-21T14:49:31.278+02:00EJBCA - Open Source Enterprise PKItomashttp://www.blogger.com/profile/15030707839569169791noreply@blogger.comBlogger133125tag:blogger.com,1999:blog-7933348372264971621.post-57410869959733571322020-12-16T10:48:49.236+01:002020-12-16T10:48:49.236+01:00Hi, if you have a support question, please post it...Hi, if you have a support question, please post it to our Community Jira.Mikehttps://www.blogger.com/profile/12035860384919845157noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-32617262848242766342020-12-04T09:59:23.255+01:002020-12-04T09:59:23.255+01:00No sure I understand what you ask for As signature...No sure I understand what you ask for As signature algorithms EJBCA supports RSA, DSA, ECDSA. Now it also supports EdDSA (RFC8032).tomashttps://www.blogger.com/profile/15030707839569169791noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-68398678867437848012020-12-04T09:45:07.221+01:002020-12-04T09:45:07.221+01:00Thank You for the answers.
I have just noticed a ...Thank You for the answers.<br /><br />I have just noticed a news article about the pre-release of EJBCA CE 7.4.0 :<br />https://www.ejbca.org/news/pre-release-get-ejbca-community-7-4-0-before-its-official-release/<br /><br />The article mentions "Support for EdDSA (Ed25519 and Ed448) curves".<br /><br />Could You clarify?Johnnyhttps://www.blogger.com/profile/15473354812313219619noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-44329403639392761352020-12-03T10:36:24.882+01:002020-12-03T10:36:24.882+01:001. Yes, using the Java PKCS#11 provider. It's ...1. Yes, using the Java PKCS#11 provider. It's well documented.<br />2. Not in any near future no. EdDSA requires a new customizeable PKCS#11 provider, which is only part of EE.tomashttps://www.blogger.com/profile/15030707839569169791noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-48519167735157509922020-12-03T10:01:22.658+01:002020-12-03T10:01:22.658+01:00Thank You for this interesting post!
I would like...Thank You for this interesting post!<br /><br />I would like to ask about EJBCA Community Edition:<br /><br />1. Does EJBCA-CE support HSMs?<br />2. Will EJBCA-CE support EdDSA?Johnnyhttps://www.blogger.com/profile/15473354812313219619noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-68048706577611460702020-12-03T09:59:57.995+01:002020-12-03T09:59:57.995+01:00Thank You for this interesting post!
I would like...Thank You for this interesting post!<br /><br />I would like to ask about EJBCA Community Edition:<br /><br />1. Does EJBCA-CE support HSMs?<br />2. Will EJBCA-CE support EdDSA?Johnnyhttps://www.blogger.com/profile/15473354812313219619noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-64908889854635706052020-09-11T12:00:15.129+02:002020-09-11T12:00:15.129+02:00Hi, I created a Managemant certificate, then add i...Hi, I created a Managemant certificate, then add it to the SuperAdmin member. But it wasn't active for approval. I can not do approve using new certificate. Anonymoushttps://www.blogger.com/profile/00530802269599857533noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-45454048300052977022020-04-27T07:12:25.451+02:002020-04-27T07:12:25.451+02:00You can find all documentation and installation in...You can find all documentation and installation instructions at https://www.ejbca.org/, it has everything you need. If you need professional services and support, that can also be provided. Please check the website for information.<br /><br />Regards,<br />Tomas<br />tomashttps://www.blogger.com/profile/15030707839569169791noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-90310683974828919662020-04-26T20:24:57.023+02:002020-04-26T20:24:57.023+02:00I'm new to EJBCA, can you tell me what service...I'm new to EJBCA, can you tell me what service i have to use for RA like OCSPDinakar RHCAhttps://www.blogger.com/profile/08760120638897254414noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-12405732613474310592019-07-11T09:35:43.681+02:002019-07-11T09:35:43.681+02:00Thanks for the suggestions. I added a slightly mod...Thanks for the suggestions. I added a slightly modified version to the next release of the documentation.<br /><br />---<br />OCSP High Availability (HA)<br /><br />A typical configuration when using External OCSP responders uses two or more OCSP responder nodes. To assure that failure of one node does not affect other nodes, each OCSP responder node can maintains it's own database. By using it's own database you can assure truly high availability because the nodes are completely independent and you can do maintenance on one node, including the database, without affecting uptime of the OCSP service as a whole. Similarly each OCSP responder node can use it's own HSM.<br /><br />OCSP responder nodes can also use a common HA database and a HA cluster of HSM, if that suits your organization better.<br /><br />Each OCSP responder node can produce transaction and audit logging as documented elsewhere.<br />tomashttps://www.blogger.com/profile/15030707839569169791noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-63527348795690974162019-07-09T03:29:26.636+02:002019-07-09T03:29:26.636+02:00I was reading this because it clearly exposes the ...I was reading this because it clearly exposes the rationale to get HA for the OCSP service as several different independent nodes, instead of, for example, using an HA database (as it could be done for CA nodes) and actually, I think that the following documentation should be somehow in https://doc.primekey.com/ejbca/ejbca-introduction/external-ocsp-responders:<br /><br />> A typical configuration for OCSP uses two or more OCSP responder nodes. Each OCSP responder keeps it's own database. By using it's own database you can assure truly high availability because the nodes are completely independent and you can do maintenance on one node, including the database, without affecting uptime of the service. The OCSP responder nodes should be connected to a set of HSMs in a high availability setup, if one HSM breaks, another keeps the service running albeit with less available performance.<br />> Each OCSP responder will produce full transaction and audit logging. Audit logging is needed in order to maintain trust, since a validation service such as OCSP is about trust. Transaction logging will be needed if you want to keep records of users of the service either for billing purposes or to keep statistics.<br />Jaime Hablutzelhttps://www.blogger.com/profile/15657168447769486678noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-60133233909315561572019-06-27T09:27:44.317+02:002019-06-27T09:27:44.317+02:00Thanks, I updated the post (impressive that you re...Thanks, I updated the post (impressive that you read these old posts :-))tomashttps://www.blogger.com/profile/15030707839569169791noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-25049451512596869532019-06-26T19:25:28.357+02:002019-06-26T19:25:28.357+02:00Just a minor correction. The post says:
> This...Just a minor correction. The post says:<br /><br />> This profile builds on the usage of http get instead of http put which is the default transport used.<br /><br />But it should say "post" instead of "put" (see RFC 2560, "A.1.1 Request").Jaime Hablutzelhttps://www.blogger.com/profile/15657168447769486678noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-79204381511219012712019-05-30T18:27:02.195+02:002019-05-30T18:27:02.195+02:00Loved this post! Thanks for all the information. ...Loved this post! Thanks for all the information. And this? <br /><br />"(bad coffee leads to bad code - you can quote me on that)"<br /><br />I definitely will. :)<br /><br />Cheers.hokiejanehttps://www.blogger.com/profile/14084765617125479173noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-85912609146712035742019-05-17T18:42:23.197+02:002019-05-17T18:42:23.197+02:00Hi,
In the coming couple of days, we're mainl...Hi,<br /><br />In the coming couple of days, we're mainly having some issues with SourceForge at the moment.<br /><br />Cheers,<br />MikeMikehttps://www.blogger.com/profile/12035860384919845157noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-244219652677170952019-05-13T07:43:12.692+02:002019-05-13T07:43:12.692+02:00According to this blog EJBCA 6.15.2 Community Edit...According to this blog EJBCA 6.15.2 Community Edition is an upcoming release. When is it scheduled for public access?Vazmutenhttps://www.blogger.com/profile/08030777707950990555noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-56435573447394790832019-03-11T14:52:58.977+01:002019-03-11T14:52:58.977+01:00Hi Jamie,
Thanks, must have fallen off while savi...Hi Jamie,<br /><br />Thanks, must have fallen off while saving or editing. <br /><br />Cheers,<br />MikeMikehttps://www.blogger.com/profile/12035860384919845157noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-34355724454257326542019-03-08T19:46:41.200+01:002019-03-08T19:46:41.200+01:00It seems that an image is missing as there is a co...It seems that an image is missing as there is a colon and no content after. <br /><br />Please see the image at https://i.imgur.com/5B1PvPl.png.Jaime Hablutzelhttps://www.blogger.com/profile/15657168447769486678noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-30250110307604068352019-02-20T13:26:51.105+01:002019-02-20T13:26:51.105+01:00Ah, thanks! Corrected!Ah, thanks! Corrected!Mikehttps://www.blogger.com/profile/12035860384919845157noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-14927420081816829642019-02-19T17:09:53.499+01:002019-02-19T17:09:53.499+01:00There is a typo. Where it says:
The loss of JEE7 ...There is a typo. Where it says:<br /><br /><i>The loss of <b>JEE7</b> support means that we've taken the chance to upgrade persistence definition files and library schemas to JEE7 standards. </i><br /><br />It should say: <br /><br /><i>The loss of <b>JEE6</b> support means that we've taken the chance to upgrade persistence definition files and library schemas to JEE7 standards. </i>Jaime Hablutzelhttps://www.blogger.com/profile/15657168447769486678noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-29685117897136488432018-12-05T14:04:38.110+01:002018-12-05T14:04:38.110+01:00A good guide for doing the same with Yubico:
https...A good guide for doing the same with Yubico:<br />https://developers.yubico.com/YubiHSM2/Usage_Guides/OpenSSL_with_pkcs11_engine.html<br />tomashttps://www.blogger.com/profile/15030707839569169791noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-90157992036949723572018-11-19T09:34:02.384+01:002018-11-19T09:34:02.384+01:00Sorry bout that. Updated the link now to:
https://...Sorry bout that. Updated the link now to:<br />https://download.primekey.se/docs/EJBCA-Enterprise/latest/ACME.html<br /><br />Thanks for the report.tomashttps://www.blogger.com/profile/15030707839569169791noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-64691634992602657192018-11-19T07:16:11.735+01:002018-11-19T07:16:11.735+01:00You posted this link: http://confluence.primekey.c...You posted this link: http://confluence.primekey.com/display/EJBCADS/.ACME+v6.15.0<br /><br />in your post but it isn't accessible.VikasGhttps://www.blogger.com/profile/07477982315664487245noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-22928887254138698002018-10-09T16:48:26.513+02:002018-10-09T16:48:26.513+02:00Most likely not, it was several person-months of w...Most likely not, it was several person-months of work, so we'd be tossing a ton of cash down the drain if we gave it to Community. At the very least, we'd like to use it for some time to gain an edge on the competitors selling our own product as theirs. <br /><br />We don't quite have a deal like that I'm afraid, it would be far too difficult to regulate, and we don't play with the same margins as Atlassian has. <br /><br />Cheers,<br />MikeMikehttps://www.blogger.com/profile/12035860384919845157noreply@blogger.comtag:blogger.com,1999:blog-7933348372264971621.post-59233095001439295422018-10-09T16:45:25.696+02:002018-10-09T16:45:25.696+02:00Hi Vikas,
Afraid 6.14.1 is an Enteprise Edition o...Hi Vikas,<br /><br />Afraid 6.14.1 is an Enteprise Edition only release. If you want access to it, please contact sales@primekey.com <br /><br />Cheers,<br />MikeMikehttps://www.blogger.com/profile/12035860384919845157noreply@blogger.com