Discussion:
[Ejbca-develop] UserDataVOWS role in certificateRequest() web service call
Nikita Bedmutha
2017-01-25 05:27:40 UTC
Permalink
Hi,

When I tried the SOAP based web service call 'certificateRequest' through
SOAPUI and java code in eclipse to sign a CSR,
we have to send user data(end-entity) i.e. UserDataVOWS along with the
caName and CSR. This call returns a certificate
signed by the requested CA. It seems that, a new end entity(user) is
created on the fly during this call and then certificate
is signed for it and returned.
Now if we make repetitive same calls, without changing user, certificate is
generated each time.
When observed in database, the UserData has that user entry in it, and
seems that user data row is overwritten
each time we make the call. Also the count of certificates issued to this
user increases.

Now when I try to achieve the same thing using web GUI of EJBCA, hitting
the request for Create Certificate from
CSR for the same user used using SOAPUI, it returns :
'Wrong user status! To generate a certificate for a user the user must have
status New, Failed or In process.'

When checked, the user has status 40 (GENERATED), and hence it failed.

So does that mean the certificateRequest() call marks the user NEW each
time we make the call?


Regards,
Nikita Bedmutha
Software Engineer | m: +91 94042 02790 | [image: G]
G <http://www.linkedin.com/in/nikitabedmutha>reat Software Laboratory
<http://www.gslab.com/>
Tomas Gustavsson
2017-01-25 07:57:04 UTC
Permalink
Post by Nikita Bedmutha
So does that mean the certificateRequest() call marks the user NEW each
time we make the call?
Correct. It's inside a transaction so not visible from the outside.

You can read about it in the WS API documentation.
https://www.ejbca.org/docs/ws/org/ejbca/core/protocol/ws/client/gen/EjbcaWS.html

Regards,
Tomas
---
Save time and money with an Enterprise support subscription. Please see
www.primekey.se for more information.
https://www.primekey.se/technologies/products-overview/
https://www.primekey.se/service-support/support/
Post by Nikita Bedmutha
Hi,
When I tried the SOAP based web service call 'certificateRequest'
through SOAPUI and java code in eclipse to sign a CSR,
we have to send user data(end-entity) i.e. UserDataVOWS along with the
caName and CSR. This call returns a certificate
signed by the requested CA. It seems that, a new end entity(user) is
created on the fly during this call and then certificate
is signed for it and returned.
Now if we make repetitive same calls, without changing user, certificate
is generated each time.
When observed in database, the UserData has that user entry in it, and
seems that user data row is overwritten
each time we make the call. Also the count of certificates issued to
this user increases.
Now when I try to achieve the same thing using web GUI of EJBCA, hitting
the request for Create Certificate from
'Wrong user status! To generate a certificate for a user the user must
have status New, Failed or In process.'
When checked, the user has status 40 (GENERATED), and hence it failed.
So does that mean the certificateRequest() call marks the user NEW each
time we make the call?
Regards,
Nikita Bedmutha
Software Engineer | m: +91 94042 02790 | G
G <http://www.linkedin.com/in/nikitabedmutha>reat Software Laboratory
<http://www.gslab.com/>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
Loading...