EndEntityCertificate as CMP Authentication Modul #727
Replies: 10 comments 5 replies
-
What does the ?? mean? See: |
Beta Was this translation helpful? Give feedback.
-
Hello sir, I am using CMP configuration In the document : https://docs.keyfactor.com/ejbca/8.3.1/3gpp-cmp-operations Vendor Certificate Mode check is available but in my configuration, I am not getting any check related to Vendor Certificate Mode. Can u help me how I can get Vendor Certificate Mode in My configuration I am using keyfactor/ejbca-ce:8.3.1. My screenshot: |
Beta Was this translation helpful? Give feedback.
-
Vendor certificate mode is an Enterprise feature. It is marked here: I see it's not marked as that on the 3GPP page, very sorry for that. We will fix the documentation markup. |
Beta Was this translation helpful? Give feedback.
-
Ok sir Sir as I want to build initial trust by using EndEntityCertificate as CMP Authentication Module. So is it possible without Enterprise feature or not? |
Beta Was this translation helpful? Give feedback.
-
I approach I followed is: Steps I followed to Build Initial Trust with EndEntityCertificate 1.Create the End-Entity Certificate Can you please verify is my approach correct or do I need to configure anything else |
Beta Was this translation helpful? Give feedback.
-
Currently I am working on Client Mode. Sir can you please confirm it will work for Client mode or not. If it will work, do I need to configure anything else |
Beta Was this translation helpful? Give feedback.
-
Ok sir. Thankyou sir four guidance |
Beta Was this translation helpful? Give feedback.
-
Beta Was this translation helpful? Give feedback.
-
Hello sir please guide me |
Beta Was this translation helpful? Give feedback.
-
I am using CMP configuration
While creating alias I am using EndEntityCertificate as CMP Authentication Module.
At the time of sending certificate creation request through my program to EJBCA server I provided CA certificate (which I created through EJBCA in certificate authority section) in cert from extraCerts.
But I am getting error :
2024-12-03 03:34:19,863+0000 DEBUG [org.cesecore.certificates.certificate.CertificateStoreSessionBean] (default task-1) Found cert with (transformed) DN: CN=TestCA
2024-12-03 03:34:19,863+0000 DEBUG [org.cesecore.certificates.ca.X509CAInfo] (default task-1) Using certificate with subject CN=TestCA, as trust anchor, removing from certlist if it is there
2024-12-03 03:34:19,865+0000 DEBUG [org.cesecore.certificates.ca.X509CAInfo] (default task-1) Using certificate with subject CN=TestCA, as trust anchor, removing from certlist if it is there
2024-12-03 03:34:19,865+0000 DEBUG [org.ejbca.core.protocol.cmp.authentication.EndEntityCertificateAuthenticationModule] (default task-1) The certificate chain attached to the PKIMessage in the extraCert field is not valid - No certificate found matching targetConstraints.: SubjectDN=CN=TestCA
2024-12-03 03:34:19,865+0000 WARN [org.ejbca.core.protocol.cmp.authentication.EndEntityCertificateAuthenticationModule] (default task-1) CertPathBuilderException: java.security.cert.CertPathBuilderException: No certificate found matching targetConstraints.
Can u help me in solving the issue or can you guide me how I can generate certificate by using EndEntityCertificate as CMP Authentication Module.
Beta Was this translation helpful? Give feedback.
All reactions