I am new in ejbca and I have setup ejbca environment on my local machine
now I want to create user certificates and I want to revoke it from Web UI
Is there any way to create and revoke user certificate in ejbca from Web UI and how we can do it?
Thanks
Steps to create and revoke user certificate from Web UI in ejbca
To create a cert:
Create an End entity on the Web Admin portal.
Go to Public Web of EJBCA and select 'Create Certificate from CSR'
Enter the User name and password of End entity. select the CSR you created using openssl or any other tool..
Click 'OK', cert for the user will get downloaded..
To revoke a cert,
Go to Admin Web
Select 'Search End Entity' under 'RA Functions'
Enter the username and search.
Once the user is found, see if the status is 'generated' (means the cert for user is generated)
Right side to the record, click view certificate.
In the view pop-up, you will find the revovation drop-down, select a reason and click 'revoke.
hope this will help you Cheers...!
Related
I need to remove the ILB Certificate that was set on the Internal Load Balancer App Service Environment (ILB ASE)
There is no remove or delete option in the GUI, and i cannot seem to locate any Powershell, or Azure CLI commands for removing only the ILB Certificate
I do not want to make any other changes to the ASE, as i already have several Apps and configurations set
You go to the Resource Group, mark "Show hidden types" and delete the cert as you would do with any other resource.
ILB certificate is required for an ILB ASE to run and that is why you cannot find the remove button.
You can update that certificate by "update ILB cert"
You can try to set cert name to null in cluster setting. Please check Resource Explorer > Hosting Environment endpoint
You could try this method:
Go to Azure resource portal (https://resources.azure.com ) and navigate to subscriptions --> specific subscription --> providers --> Microsoft.Web --> certificates. You will see the certificates. Click the specific cert which you want to remove and delete it directly here. Make sure you have enough permission to do this.
Update
Just click the read/write in the top of Azure resource portal to change to read/write mode, then you can delete the cert. I am an owner role in the IAM of ASE. I can remove the cert after I upload a self-signed cert in the ILB cert.
Windows Server 2016, ADFS, Certification Authority
I tried to create duplicate web server template, but it says that it's not an accessible. see below snap.
Now, My client is not technical, he provide me an account with most of the access, account is not an administrator, but I can assign many access to my self using AD Administrative service.
My only question is which access DO I need to provide to this account for creating duplicate web server certificate template?
In a multi-domain environment, I have had the same issue, if I did not select a domain controller in the root domain, respectively in the domain that hosts the CA. In my case, another domain was chosen by the console, because my computer for remote administration is in another domain (child domain).
Try the following:
Open "Certificate Template Console"
Right-click "Certificate Templates" in the left pane
Click "Connect to another writable domain controller ..."
Change the domain
click "Ok"
Try to duplicate once again. :)
I know this is an old thread, but thought I might add a fix that could help others. The account you use to login to the CA server should have Enterprise admin rights and should also be a member of local IIS_IUSRS group. If you have verified both, just logout and login to the box again and you should be able to duplicate a template.
FOR DEVELOPMENT: I configured my site to run without SSL for my development box and it all works great.
Now I am moving this to our dev testing server so I can test it there.
I first ran it as a non ssl intranet site to confirm configuration and etc....
It works perfectly.
Now I am in the process of creating a cert for the site and plan to use self signed certs for developer testing.
I have read many post ( google search ) on the topic related to the error I am getting.
Basically, I am 110% sure I am not creating this cert correctly for the site to which I need to bind it to.
The error:
The remote certificate is invalid according to the validation procedure.
So I am trying to understand what they mean by answers like this:
When working with self-signed certificates: add them to the trusted root authorities & use the hostname instead of localhost. ]
So if your computer name is "mypc", the uri should be "https://mypc/..." instead of "https://localhost/...".
This is what is confusing to me...
For example , if computer name is: svr-d-web-003
So the uri: https: //svr-d-web-003/?????
Looking at the advanced settings Bindings could I extrapolate the uri as: https: //svr-d-web-003/webhost.oauth.xyz.org ?? This seems wrong to me...
Site settings and etc....
Used these steps to create the cert:
1. C:> certlm.msc
2. Right-click on Certificates, then click All Tasks/Request New Certificate
Click Next, Next
Click on link as shown under the template you need.
Select Common Name from drop down
Enter the machine name dns name (example: svr-v-wus-001), then click Add button
Click OK,
In the Requests Certificates window check the box for xyz, click Enroll
Look in the certificates store and it’ll be there – you may need to click Refresh button
Follow up In IIS – you’ll bind the certificate there to your site. Remember the name needs to match the url. (This might be my issue here...)
See attachment...
I finally got it to work.
When creating the cert I had to match the name of the cert (common name) to the site.
For example: the site is https://identService.oauth.xyz.org so the cert name needed to be identService.oauth.xyz.org.
Then it all worked. I was confusing the site name with the machine name. Doh...
I use the enstratus management/orchestration platform and I need to add the encoding key from my Azure account into it but I cant seem to find it, can anyone point me in the right direction please?
Thanks
Read all about it here. The basic gist is you'll have to create your own certificate locally and upload it to your Azure account.
http://docs.enstratius.com/clouds/azure/configuration.html?highlight=azure
For the new version of Enstratus, Dell Cloud Management, follow this procedure:
To add your Amazon account, you need the following information:
Account number
Access key
Secret access key
AWS certificate
AWS private key
If you don't have that information, follow these instructions to get your AWS account information.
To generate a new access keypair and X.509 certificate via the AWS web console:
Navigate to "Security Credentials" under your AWS account name.
Click on Account Identifiers at the bottom to find your AWS Account ID. Copy it to a notepad.
Click on "Create New Access Key". Note that AWS allows only two active keypairs.
Copy the Access Key ID and Secret Access Key.
Click on X-509 Certificates.
Download the Private Key File and X.509 Certificate.
Return to DCM and enter your AWS Account ID, Access Key ID, Secret Access Key, Certificate and Private Key.
Click Connect Cloud Account.
I have a .PXF file used to strongly name several of our .NET assemblies. VS2010/MSBUILD seems to expect this to be in the personal container for the user account running VS2010/MSBUILD. This is all just fine and dandy when working in an interactive user account, but when atempting an automated build via TFS 2010 on the build agent the account used by the build agent (by default) is NT-AUTHORITY/NetworkService.
Since I cannot log in an interacive session as NetworkService I cant just install the PFX from an interactive sessions shell.
So can anyone tell me how I install a PFX certificate in the personal cert store of the NetworkService account?
Answer Courtesey of Richard Reposed from serverfault
You need to open the Network Service certificate store, and add it.
To open the store:
From Start | Run: mmc.exe
File | Add/Remove Snapins and select Certificates then Add.
When prompted for the type of account select Service Account
Select local/remote computer as required
Select any service that's running as Network Service
("Remote Procedure Call (RPC)" run as Network Service by default)
Finish the wizard and OK to close the add/remove dialog.
On the applicable catrgory right click and select add tasks to find the import etc. operations.