LNord Posted November 8 Posted November 8 Hello Have anyone got the Certificate Authorit integration to EJBCA to work? We trying to get it work. But recives error: AirWatch.CloudConnector.CertificateService.CertificateService_EJBCA testConnectionRequest.AuthenticationCertificate/AuthorityURL cannot be null or empty. Method: AirWatch.CloudConnector.CertificateService.CertificateService_EJBCA; Authority type: EJBCA ServerURL: https://MY-PKI/ejbca/ejbcaws/ejbcaws Cert: Certificate.crt It dosent matter what we write in the server URL, we always get that error. 1
Simon Frankiewicz Posted November 14 Posted November 14 You looked at this article it will leave integration with EJBCA. Integrate EJBCA as a Certificate Authority in Workspace ONE UEM - vEUCaddict I also found a problem described on the EJBCA project's GITHub. Maybe something can be determined. https://github.com/Keyfactor/ejbca-ce/discussions/638 1
Henry Heres Posted November 18 Posted November 18 Old blog post reference but Sidney had a good article around this: https://veucaddict.com/blog/integrate-ejbca-certificate-authority-in-workspace-one-uem/ 1
Employee Sascha Warno Posted November 18 Employee Posted November 18 Put your ACC logs into debug. Is the private key available on the ACC servers machine key store? Debug logs will give you more info.
LNord Posted November 19 Author Posted November 19 Hello, we finally get it to work after some debugging. And I have discussed this in the github link that @Szymon Frankiewicz discussed as well. First issue were that we uploaded wrong certificate to the integration in UEM as well as to ACC certstore. Then we had an issue on our LB in front of the EJBCA nodes where we terminated SSL handshake and broke the certificate auth to EJBCA. After that were fixed we could issue certificates. But if we added SAN attributes to the certificate template in UEM we could not issue certificate anymore. We found out that UEM seems to remove spaces from the CA name in the reqest to EJBCA when we added SAN attributes. As workaround we removed all spaces in the CA name in EJBCA and then we could issue certifcates with SAN attribute. We are currently discussing this "space issue" with our PSO contact to see if its a bug in UEM / ACC. 1 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now