Discussion:
[Ejbca-develop] Validation Authority Publisher with DB Integrity Protection enabled
Willi Trace
2016-12-29 12:35:22 UTC
Permalink
Hello,

I have a setup with one VA as OCSP responder and one CA which
has configured Validation Authority Publisher to publish CRLs and issued
certificated to VA.

VA has enabled database integrity protection.

The problem is that when CRL or certificate is published from CA to VA
database, it will not have rowprotection and the VA will handle this as
exception, thus not working.

How to handle this? Is there any way how to add rowprotection when
publishing through VAlidation Authority Publisher? I don't want to disable
database protection on VA.

With regards,
WT
Tomas Gustavsson
2017-01-02 09:16:31 UTC
Permalink
Hi Willi,

If you are using database integrity protection you are using EJBCA
Enterprise?

In that case you should contact PrimeKey Support to get a good
resolution, which there is for Enterprise.

Kind regards,
Tomas
**********
PrimeKey Solutions AB
Lundagatan 16, 171 63 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********
Post by Willi Trace
Hello,
I have a setup with one VA as OCSP responder and one CA which
has configured Validation Authority Publisher to publish CRLs and issued
certificated to VA.
VA has enabled database integrity protection.
The problem is that when CRL or certificate is published from CA to VA
database, it will not have rowprotection and the VA will handle this as
exception, thus not working.
How to handle this? Is there any way how to add rowprotection when
publishing through VAlidation Authority Publisher? I don't want to
disable database protection on VA.
With regards,
WT
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
Willi Trace
2017-01-02 09:21:53 UTC
Permalink
Hello Tomas,

I am using Community version of EJBCA with rewritten VA Publisher from
older release of Community version.

Does it mean, that in Enterprise version, the database protection in VA
Publisher works (is implemented)?

WT
Post by Tomas Gustavsson
Hi Willi,
If you are using database integrity protection you are using EJBCA
Enterprise?
In that case you should contact PrimeKey Support to get a good
resolution, which there is for Enterprise.
Kind regards,
Tomas
**********
PrimeKey Solutions AB
Lundagatan 16, 171 63 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se
Twitter: twitter.com/primekeyPKI
**********
Post by Willi Trace
Hello,
I have a setup with one VA as OCSP responder and one CA which
has configured Validation Authority Publisher to publish CRLs and issued
certificated to VA.
VA has enabled database integrity protection.
The problem is that when CRL or certificate is published from CA to VA
database, it will not have rowprotection and the VA will handle this as
exception, thus not working.
How to handle this? Is there any way how to add rowprotection when
publishing through VAlidation Authority Publisher? I don't want to
disable database protection on VA.
With regards,
WT
------------------------------------------------------------
------------------
Post by Willi Trace
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
Tomas Gustavsson
2017-01-02 09:31:20 UTC
Permalink
Hi,

What version of Community?

Yes, in Enterprise database protection works with publishing.

Regards,
Tomas
Post by Willi Trace
Hello Tomas,
I am using Community version of EJBCA with rewritten VA Publisher from
older release of Community version.
Does it mean, that in Enterprise version, the database protection in VA
Publisher works (is implemented)?
WT
Hi Willi,
If you are using database integrity protection you are using EJBCA
Enterprise?
In that case you should contact PrimeKey Support to get a good
resolution, which there is for Enterprise.
Kind regards,
Tomas
**********
PrimeKey Solutions AB
Lundagatan 16, 171 63 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se <http://www.primekey.se>
Twitter: twitter.com/primekeyPKI <http://twitter.com/primekeyPKI>
**********
Post by Willi Trace
Hello,
I have a setup with one VA as OCSP responder and one CA which
has configured Validation Authority Publisher to publish CRLs and
issued
Post by Willi Trace
certificated to VA.
VA has enabled database integrity protection.
The problem is that when CRL or certificate is published from CA to VA
database, it will not have rowprotection and the VA will handle
this as
Post by Willi Trace
exception, thus not working.
How to handle this? Is there any way how to add rowprotection when
publishing through VAlidation Authority Publisher? I don't want to
disable database protection on VA.
With regards,
WT
------------------------------------------------------------------------------
Post by Willi Trace
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
<https://lists.sourceforge.net/lists/listinfo/ejbca-develop>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
<https://lists.sourceforge.net/lists/listinfo/ejbca-develop>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
Willi Trace
2017-01-02 09:39:01 UTC
Permalink
Hello Tomas,

I am using EJBCA Community 6.5.0.

WT
Post by Tomas Gustavsson
Hi,
What version of Community?
Yes, in Enterprise database protection works with publishing.
Regards,
Tomas
Post by Willi Trace
Hello Tomas,
I am using Community version of EJBCA with rewritten VA Publisher from
older release of Community version.
Does it mean, that in Enterprise version, the database protection in VA
Publisher works (is implemented)?
WT
<javascript:;>
Post by Willi Trace
Hi Willi,
If you are using database integrity protection you are using EJBCA
Enterprise?
In that case you should contact PrimeKey Support to get a good
resolution, which there is for Enterprise.
Kind regards,
Tomas
**********
PrimeKey Solutions AB
Lundagatan 16, 171 63 Solna, Sweden
Mob: +46 (0)707421096
Internet: www.primekey.se <http://www.primekey.se>
Twitter: twitter.com/primekeyPKI <http://twitter.com/primekeyPKI>
**********
Post by Willi Trace
Hello,
I have a setup with one VA as OCSP responder and one CA which
has configured Validation Authority Publisher to publish CRLs and
issued
Post by Willi Trace
certificated to VA.
VA has enabled database integrity protection.
The problem is that when CRL or certificate is published from CA
to VA
Post by Willi Trace
Post by Willi Trace
database, it will not have rowprotection and the VA will handle
this as
Post by Willi Trace
exception, thus not working.
How to handle this? Is there any way how to add rowprotection when
publishing through VAlidation Authority Publisher? I don't want to
disable database protection on VA.
With regards,
WT
------------------------------------------------------------
------------------
Post by Willi Trace
Post by Willi Trace
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
<https://lists.sourceforge.net/lists/listinfo/ejbca-develop>
------------------------------------------------------------
------------------
Post by Willi Trace
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
<https://lists.sourceforge.net/lists/listinfo/ejbca-develop>
------------------------------------------------------------
------------------
Post by Willi Trace
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
Loading...