Willi Trace
2017-06-13 15:17:58 UTC
Hi,
I have External CA imported into my EJBCA called TestSubCA which is
actually issued from TestRootCA, which I have also imported into EJBCA.
I configured ExtRACAServiceWorker with
externalra-caservice.raissuer=TestSubCA.
Every message that is exchanged between RA and EJBCA is signed and
encrypted.
The problem is that imported External RA TestSubCA is not aware of its
chain and is imported only as a Subordinate CA. Also I was trying to import
first TestRootCA certificate and after that TestSubCA certificate, but both
are imported alone, without chaining.
Therefore External RA CA Service is not able to verify signature because it
will not find the chain but only TestSubCA certificate.
How can be external CA certificates imported as a chain?
Thanks.
WT
I have External CA imported into my EJBCA called TestSubCA which is
actually issued from TestRootCA, which I have also imported into EJBCA.
I configured ExtRACAServiceWorker with
externalra-caservice.raissuer=TestSubCA.
Every message that is exchanged between RA and EJBCA is signed and
encrypted.
The problem is that imported External RA TestSubCA is not aware of its
chain and is imported only as a Subordinate CA. Also I was trying to import
first TestRootCA certificate and after that TestSubCA certificate, but both
are imported alone, without chaining.
Therefore External RA CA Service is not able to verify signature because it
will not find the chain but only TestSubCA certificate.
How can be external CA certificates imported as a chain?
Thanks.
WT