Replies: 3 comments 7 replies
-
|
Public web is deprecated, try accessing adminweb, raweb. |
Beta Was this translation helpful? Give feedback.
-
|
Dear Sven, I am using admin web and raweb but the problem is they both
require client authentication certificate but we cannot give client
authentication certificate to everyone general user for just enrollment
purposes.
…On Tue, Oct 10, 2023, 9:23 PM Sven ***@***.***> wrote:
Public web is deprecated, try accessing adminweb, raweb.
—
Reply to this email directly, view it on GitHub
<#376 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BCLN37EFFK7HTK4TC3YCURLX6VY7XAVCNFSM6AAAAAA52UA5PKVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TENBTGEZDS>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
The container logs will have the password for creating the credential. You should still be able to get to the ra web to create the credential using the use username to create the p12. Otherwise you could drop the DB tables and relaunch the container with the env |
Beta Was this translation helpful? Give feedback.
-
|
Well Sven, by creating new container and dropping the tables is not a
solution for me because I already created few CAs, cert and end entity
profiles so I shall lose all that data and rework it.
…On Wed, Oct 11, 2023, 12:13 AM Sven ***@***.***> wrote:
The container logs will have the password for creating the credential. You
should still be able to get to the ra web to create the credential using
the use username to create the p12.
Otherwise you could drop the DB tables and relaunch the container with the
env TLS_SETUP_ENABLED=simple which would let you in to create a
credential and then you can lock down EJBCA access.
—
Reply to this email directly, view it on GitHub
<#376 (reply in thread)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/BCLN37ENTM7CX6ZP36GVIMTX6WM5DAVCNFSM6AAAAAA52UA5PKVHI2DSMVQWIX3LMV43SRDJONRXK43TNFXW4Q3PNVWWK3TUHM3TENBVGE4DQ>
.
You are receiving this because you authored the thread.Message ID:
***@***.***>
|
Beta Was this translation helpful? Give feedback.
-
|
Well I think you are thinking that I am asking for superadmin certificate so this is not the case. See my very first post where I already mentioned that my container got setup perfectly with external DB and i downloaded the superadmin also and my adminweb and RA portals are working fine. I am just asking about what link shall I share with my general users for just certificate enrollment using username in p12 format. I cannot give admin certificate to everyone as they are supposed to be with nominated RA (Registration Authority) personals only. If there is no possibility then my RA can create the entities and generate end user certificate and send them via email or via some other mechanism for their use. My users are just using the normal end entity certificates for different roles like accessing HR/Finance portals through digital certificates and local email signing and document signing purposes. |
Beta Was this translation helpful? Give feedback.
-
|
The RA web can be used by unatheenticated users. It's somewhere in the documentation... When creating roles there is something called a PublicAccessToken that you can use to allow unathenticated access to the Admin UI. So the same URL that you used to get your initial superadmin ceritficate can be used for other certificates. |
Beta Was this translation helpful? Give feedback.
-
|
Indeed as Tomas pointed out, the answer is in here: https://doc.primekey.com/ejbca/ejbca-operations/ejbca-operations-guide/ra-operations-guide/configure-ejbca-for-public-access |
Beta Was this translation helpful? Give feedback.
-
|
Dear I followed Kumar link and I got the pages over https and without any admin certificate. Now the problem that I am facing is that I am not able to complete the enrollment using username and getting error that the entity doesn't not exist (see screen shot below). When I do that same thing from RA portal within adminweb the same entity gets enrolled. Don't know why it this is happening. Is there some right issues. My access link to the portal is https://10.20.1.2/ejbca/ra/enrollusername.xhtml |
Beta Was this translation helpful? Give feedback.
-
|
This is not the same issue. Please start a new discussion. |
Beta Was this translation helpful? Give feedback.
-
Hi guys, I deployed EJBCA 8.0 image (github) via docker with external mysql DB with TLS setup enable to true. Now I am trying to get public web pages (which we usually get pre 8.0 versions) without client authentication but not getting them. So can anyone help how can I get them on port 443 without client authentication.
NOTE: I want to keep client authentication enabled with same port 443 on adminweb,RA & ejbcaws directories.
Public web without client authentication is required only for user enrollment purposes.
I ran following docker command to build my container.
docker run -it -p 80:8080 -p 443:8443 --name prod -h pki-apps.abc.com -e TLS_SETUP_ENABLED="true" -e ADMINWEB_ACCESS="true" -e DATABASE_JDBC_URL="jdbc:mariadb://10.20.1.5:6001/proddb?characterEncoding=UTF-8" - e DATABASE_USER="prod" -e DATABASE_PASSWORD="test" keyfactor/ejbca-ce
Beta Was this translation helpful? Give feedback.
All reactions