Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5326

SCEP RA mode should not require batch generation checkbox in EE profile

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.0.1
    • Component/s: Protocols
    • Labels:
    • Sprint:
      EJBCA Team Alice - 2019 w6

      Description

      Why does Scep RA mode require you to check "Batch generation" in the EE profile order to work? Without this checked you get the following error (EJBCA 6.5.2) when making a request:

      at org.ejbca.core.ejb.ra.EndEntityManagementSessionLocal$$$view40.addUser(Unknown Source)
      at org.ejbca.ui.web.protocol.ScepRaModeExtension.performOperation(ScepRaModeExtension.java:179) [classes:]
      at org.ejbca.ui.web.protocol.ScepServlet.scepCertRequest(ScepServlet.java:591) [classes:]
      at org.ejbca.ui.web.protocol.ScepServlet.service(ScepServlet.java:305) [classes:]
      at org.ejbca.ui.web.protocol.ScepServlet.doPost(ScepServlet.java:220) [classes:]
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:754) [jboss-servlet-api_3.0_spec-1.0.2.Final-redhat-2.jar:1.0.2.Final-redhat-2]

      An easy way to make a request is:
      a. openssl genrsa -out abcra.key
      b. openssl req -key abcra.key -new -days 30 -out abcra.pemreq -outform PEM (with CN set to abcra)
      c. java -jar jscepcli-1.0-SNAPSHOT-exe.jar --ca-identifier mx_kd3 --challenge abcd --csr-file abcra.pemreq --dn "CN=abcra" --key-file abcra.key --url http://ejbca-test2.primekey.se:8080/ejbca/publicweb/apply/scep/ratest/pkiclient.exe

      With the ratest SCEP profile set to RA mode with an EE profile and a cert profile.

      The pwd set internally is random generated and only used temporarily, and it's set in the reqmsg so should not have to be in clear.

        Attachments

          Activity

            People

            • Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Henrik Sunmark
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 30 minutes Original Estimate - 30 minutes
                30m
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 45 minutes
                45m