![]() #BITNAMI APACHE TOMCAT CFM SERIAL NUMBERS#Hello, I would like to keep my serial numbers shorter than 20 characters long as a string. When renewing a new certificate, I encounter this problem: User 'mj-clip-xxx-maj' is not authorized to use the same key as another user Example for error : Could not create certificate: L'utilisateur 'mj-clip-xxxx-maj' n'est pas autorité à utiliser la même clé qu'un autre utilisateur. If yo are sure that users/devices should share the same key, you can simply uncheck this option in the CA settings. This is enabled by default (security by default). There is a setting in "Edit CA" that says "Enforce unique public keys". This is because you are trying to enroll for two end entities, using the same public key/CSR. You configure this in the Admin UI, not in any configuration file though. #BITNAMI APACHE TOMCAT CFM SERIAL NUMBER#If you edit the CA, set "Serial Number Octet Size" to 8, and issue a new certificate for an end entity from this CA, the serial number is 8 octets, like: Serial Number: 3071707516042773289 (0x2aa0e5b613a08329) I think your understanding is correct, you can Edit CA to choose the octet size of serial numbers for certificates issued by the CA where you configure it. Tomas, thank you once again for your help. Good evening, Thanks for your feedback, Is there another solution, without unchecking this Enforce unique public keys box? Do you believe the problem is with the CSR files provided? These are certificates to be renewed. If it is not intended to use the same public key in all CSRs, then there is a bug in the system(s) sending the CSRs. If this is intended, the correct solution is to uncheck the checkbox. It is that they all contain the same public key. Thank you Tomas, after trying a few things I discovered the error as an internal configuration problem with the certificate. I think the problem is that it forces to prompt a PIN and tries to use it. When I test it with the HSMKeyTool it works nice, but it doesn't when I try to create the Crypto Token with the ejbca.sh through the command line or with the GUI. Hi, I have a PKCS11 that uses no PIN and comunicates with a daemon to be used. That sounds like an nCipher module protected slot? There is some documentation on the docs specific to module protected slots with nCipher. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |