Replies: 3 comments 6 replies
-
|
The command is names exportca because it is for CAs, not crypto tokens. You'll create a CA using a crypto token and then the exported P12 will be containing the keys that the CA is configured to use. |
Beta Was this translation helpful? Give feedback.
-
|
root@dsme01:/opt/ejbca/bin# ./ejbca.sh ca exportca HarbichCA HarbichCA.p12 Exception in thread "main" javax.ejb.EJBException: org.cesecore.keys.token.CryptoTokenAuthenticationFailedException: PKCS12 key store mac invalid - wrong password or corrupted file. |
Beta Was this translation helpful? Give feedback.
-
|
I only want to export the CA's public and private key? |
Beta Was this translation helpful? Give feedback.
-
|
Aha, I see that you have auto-activation enabled right? In that case the password is stored in the database, but encrypted. It is a bit of work to try to decrypt that, but it is possible. |
Beta Was this translation helpful? Give feedback.
-
|
Beta Was this translation helpful? Give feedback.
-
|
I see in the ejbca.properties the folling entry "ca.cmskeystorepass=. Is this the keystore password? |
Beta Was this translation helpful? Give feedback.
-
|
I'm happy. I found the password in the "cesecore.properties" file. How can I change the password? |
Beta Was this translation helpful? Give feedback.
-
|
You can change crypto token password in the UI or using the CLI. |
Beta Was this translation helpful? Give feedback.
-
Hello, I cannot download the private key of my CA using the following command:
ejbca.sh ca exportca HarbichCA HarbichCA.p12I selected the crypto token in the menu for soft crypto tokens in the admin interface -> crypto tokens, switched to edit mode, checked the box "Allow export of private keys" and saved. However, this is not being adopted. Why?
Greetings from Stefan Harbich
Beta Was this translation helpful? Give feedback.
All reactions