Replies: 2 comments 5 replies
-
|
Can anyone help in above query |
Beta Was this translation helpful? Give feedback.
-
|
can any one reply to my query. Its bit urgent |
Beta Was this translation helpful? Give feedback.
-
|
I can't without spending a bit of time on it. I don't have that time at the moment as this is Community/Free time support. |
Beta Was this translation helpful? Give feedback.
-
|
thanks tomas for the reply I shall wait for your reply |
Beta Was this translation helpful? Give feedback.
-
|
Hi Champs, Any update on this issue. |
Beta Was this translation helpful? Give feedback.
-
|
I didn't get around to testing practically. But in the meantime Keyfactor Community released a tutorial video that may be helpful. |
Beta Was this translation helpful? Give feedback.
-
|
I finally got around to testing. TLS_SETUP_ENABLED="true" only generated a new ManagementCA and server certificate if the database is new and empty and a ManagementCA doesn't exist already. When you want to start a second node you need to generate TLS keystores for that and provide them to the start command. I used this to start two containers to my MariaDB database. Now I used the same TLS cert, for both containers, but it can be different. In this case they run from the same host URL so... for larger scale deployments this is why we generally instead have an ingress TLS host for each kubernetes pod. and the second one: |
Beta Was this translation helpful? Give feedback.
-
Guys, I have create a container with EJBCA CE 8.0 on ubuntu with mysql as external DB residing on separate server. It is working correctly. Today I tried to create a 2nd container using the same DB and it is not generating new SSL for container # 2. Can anyone suggest where I am doing the mistake.
Attach is the log for reference in which I can see that my ManagementCA is not active or accessible but when I check it from container 1 it is active.
FE-pki-dev-27112024_2_log.txt
I use below commands to create the containers.
Container 1 (Created 1 Year Ago)
docker run -it -p 81:8080 -p 444:8443 --name pki-dev1 -h onsite-dev1.test.com -e TLS_SETUP_ENABLED="true" -e PASSWORD_ENCRYPTION_KEY="12345" -e CA_KEYSTOREPASS="12345" -e EJBCA_CLI_DEFAULTPASSWORD="12345" -e HTTPSERVER_HOSTNAME="onsite-dev1.test.com" -e ADMINWEB_ACCESS="true" -e DATABASE_JDBC_URL="jdbc:mariadb://172.16.2.1:3306/pilotdb2?characterEncoding=UTF-8" -e DATABASE_USER="ejbca_dev" -e DATABASE_PASSWORD="12345678" -e ENABLE_DATABASE_SCHEMA_N_CONN_TEST="true" -e LOG_LEVEL_APP_WS_TRANSACTIONS="DEBUG" -e SMTP_DESTINATION="mail.test.com" -e SMTP_FROM="pki.alerts@test.com" -e SMTP_USERNAME="pki.alerts@test.com" -e SMTP_PASSWORD="12345" -e LOG_LEVEL_APP="DEBUG" keyfactor/ejbca-ce
Container 1 (Created Today 27-Nov-2024)
docker run -it -p 83:8080 -p 446:8443 --name pki-dev2 -h onsite-dev1.test.com -e TLS_SETUP_ENABLED="true" -e PASSWORD_ENCRYPTION_KEY="12345" -e CA_KEYSTOREPASS="12345" -e EJBCA_CLI_DEFAULTPASSWORD="12345" -e HTTPSERVER_HOSTNAME="onsite-dev1.test.com" -e ADMINWEB_ACCESS="true" -e DATABASE_JDBC_URL="jdbc:mariadb://172.16.2.1:3306/pilotdb2?characterEncoding=UTF-8" -e DATABASE_USER="ejbca_dev" -e DATABASE_PASSWORD="12345678" -e ENABLE_DATABASE_SCHEMA_N_CONN_TEST="true" -e LOG_LEVEL_APP_WS_TRANSACTIONS="DEBUG" -e SMTP_DESTINATION="mail.test.com" -e SMTP_FROM="pki.alerts@test.com" -e SMTP_USERNAME="pki.alerts@test.com" -e SMTP_PASSWORD="12345" -e LOG_LEVEL_APP="DEBUG" keyfactor/ejbca-ce
My container 2 gets created but the SSL was not issued under ManagementCA. When I checked the SSL it was issued as self signed for 10 years.
Please help...
Beta Was this translation helpful? Give feedback.
All reactions