Talk:EJBCA

Untitled

Just announced to the community that it exists.. it would be nice to have a day or two to provide some more info..—Preceding unsigned comment added by ZeiZai6Y (talk • contribs) 09:44, 29 April 2008 (UTC)

Do you have any sources other than the project's website? Any articles, news releases, etc? UltraExactZZ ^Claims ~ Evidence 12:45, 29 April 2008 (UTC)

A good start but this article needs improvement

I like the fact that you put EJBCA in. But it currently rather reads like a catalog sheet than like a Wikipedia article.

• You should make sure that every information has a notable source. Currently your article looks like original research
• The whole overall context is missing: the history of EJBCA, the context where it is relevant.
• Also critical reflections are needed. What are the weak points? Why are commercial systems still relevant? And sources, discussing it would make sense.
• Are there notable examples, perhaps open source portals or big Cloud applications which use EJBCA

Thx for making it better

ScienceGuard (talk) 18:32, 16 October 2016 (UTC)

Remove dead or redundant links

1. The link to: A workflow based architecture for Public Key Infrastructure; Johan Eklund; TRITA-CSC-E 2010:047 Is dead, and KTH does not seem to keep an archive of these anymore. I suggest removing it. 2. In External links, only the first one should be kept imo (reverting my edit that added them). The others are linked from there, or already present in the article (github). I suggest removing the three links below the "official site".

COI: I am the founder of this opensource project Primetomas (talk) 05:51, 18 April 2021 (UTC)

See also link to similar software?

Would it be good for the reader if See also linked to similar software such as let's encrypt (already present), OpenCA,DogTag,OpenXPKI, OpenSSL?

COI: founder of this open source project Primetomas (talk) 06:06, 18 April 2021 (UTC)

Also, most links in See also are already in the text and could be removed right? Primetomas (talk) 06:09, 18 April 2021 (UTC)

The links to similar software is already listed, with the exception of OpenXPKI, as "open source implementations" on the page Public_key_infrastructure, that have a more complete listing. Does that make it irrelevant here? Primetomas (talk) 06:22, 18 April 2021 (UTC)

@Primetomas: thanks for suggesting these edits. I will try to put in your edits later today under the process listed at WP:ER. In the future, please place a COI edit request here instead of a plain text talk page message to make it easier for other editors to incorporate your edits. Thanks, EpicPupper 20:41, 18 April 2021 (UTC)

Thanks, Edit request added as a new section. I added the plain text talk to get consensus/input before suggesting the edit. Primetomas (talk) 08:47, 19 April 2021 (UTC)

Edit request - See also

Please replace the contents of "See also" with:

• Public Key Infrastructure Open Source Implementations

Primetomas (talk) 08:45, 19 April 2021 (UTC)

Go ahead: I have reviewed these proposed changes and suggest that you go ahead and make the proposed changes to the page. EpicPupper 18:38, 19 April 2021 (UTC)

@EpicPupper: Implemented. Primetomas (talk) 06:16, 20 April 2021 (UTC)

Edit request - External links

Remove redundant links from the External links section, leaving it with only one link:

Replace:

• No URL found. Please specify a URL here or add one to Wikidata.
• EJBCA at SourceForge
• EJBCA at Docker Hub
• EJBCA source at GitHub

with:

• No URL found. Please specify a URL here or add one to Wikidata.

Primetomas (talk) 08:52, 19 April 2021 (UTC)

Done Anton.bersh (talk) 06:29, 20 April 2021 (UTC)

Edit request - remove dead links and documentation references

In "Further reading" remove the list item that is not available on-line anymore, "A workflow based architecture for Public Key Infrastructure"

In "Design", completely remove the documentation reference that moved and is incorrect: Automated and large scale operations

In Design completely remove the documentation reference that is just a link to product documentation: PKI Architectures

Primetomas (talk) 08:58, 19 April 2021 (UTC)

I carried out these edits. Anton.bersh (talk) 09:47, 19 April 2021 (UTC)

 Done EpicPupper 18:36, 19 April 2021 (UTC)

Edit request - Notable features edit #1

Please change:

• Online Certificate Status Protocol: For certificate validation you have the choice of using X.509 CRLs and OCSP (RFC6960).

to

• Online Certificate Status Protocol: certificate validation options include X.509 CRLs and OCSP (RFC6960).

Please change:

• Multiple algorithms: You can use all common, and some uncommon algorithms in your PKI. RSA, ECDSA, EdDSA, and DSA, SHA-1, SHA-2, and SHA-3. Compliant with NSA Suite B Cryptography.

to

• Multiple algorithms: Common algorithms for usage in PKI includes: RSA, ECDSA, EdDSA, and DSA, SHA-1, SHA-2, and SHA-3. Compliant with NSA Suite B Cryptography.

Please change:

• PKCS#11 HSMs: Using the standard PKCS 11 API you can use most PKCS#11 compliant HSMs to protect the CAs’ and OCSP responders’ private keys.

to

• PKCS#11 HSMs: Standard PKCS 11 compliant hardware security modules are used to protect the CAs’ and OCSP responders’ private keys.

Please change:

• High performance and capacity: You can build a PKI with capacity of issuing billions of certificates at a rate of several hundreds per second.

to

• High capacity: Using a standard RDBMS the system have a capacity to store large amounts of issued certificates.

Primetomas (talk) 09:30, 19 April 2021 (UTC)

Go ahead: I have reviewed these proposed changes and suggest that you go ahead and make the proposed changes to the page. EpicPupper 18:37, 19 April 2021 (UTC)

@EpicPupper: Implemented. Do you think this resolves the Grammatical person issue? Primetomas (talk) 06:21, 20 April 2021 (UTC)

@Primetomas: I will take a look at the article today and see if the issue is resolved. EpicPupper 16:14, 22 April 2021 (UTC)

History section discussion

For discussion:

ScienceGuard suggests above to provide some history "The whole overall context is missing: the history of EJBCA, the context where it is relevant".

Would a section similar to the History section in Let's_Encrypt be good and appropriate? Something like (meta code):

---

History and Usage

The EJBCA project was started in 2001 (ref to v1.0 release post) by Tomas Gustavsson. PrimeKey, the company maintaining the project today, was incorporated in May 2002.

It has since been used to issue digital certificates for different use cases including Academia (citation), Grid Computing (citation), Energy (citation) and (other use cases with citation).

Subsection: Notable Issues

The EJBCA software has been used during some publicly noted certificate related incidents (citation to Arstechnica and The register articles)

---

I think this will answer some questions about usage and history, as well giving some critical reflection. What do people think?

Primetomas (talk) 16:37, 22 April 2021 (UTC) (note COI)

• I like the ideaScienceGuard (talk) 14:52, 17 May 2021 (UTC)

Multiple issues

There are multiple issues identified with the article:

• This article may be too technical for most readers to understand. (April 2021)

• This article contains content that is written like an advertisement. (January 2021)

• A major contributor to this article appears to have a close connection with its subject. (April 2021)

• This article uses abbreviations that may be confusing or ambiguous. (April 2021)

• This article uses first-person ("I"; "we") or second-person ("you") inappropriately. (April 2021)

• This article reads like a review rather than an encyclopedic description of the subject. (April 2021)

• This article contains a list of miscellaneous information. (April 2021)

• This "see also" section may contain an excessive number of suggestions. Please ensure that only the most relevant links are given, that they are not red links, and that any links are not already in this article. (April 2021)

• This article needs additional citations for verification. (April 2021)

• This further reading section may contain inappropriate or excessive suggestions that may not follow Wikipedia's guidelines. Please ensure that only a reasonable number of balanced, topical, reliable, and notable further reading suggestions are given; removing less relevant or redundant publications with the same point of view where appropriate. Consider utilising appropriate texts as inline sources or creating a separate bibliography article. (April 2021)

I've moved them here from the "Multiple Issues" template on the main page. EpicPupper (talk) 18:21, 2 May 2021 (UTC)

Edit request - History, usage and issues

• Reason for the change: Addressing "A good start but this article needs improvement" on the Talk page
• Change: Add sections for Usage and History and issues. This will create citations, and move some of the links from Further reading to citations.

Suggested edit:

 Partly done: Incorporated into lead. 🐶 EpicPupper (he/him | talk, FAQ, contribs) 18:32, 22 June 2021 (UTC)

Usage

The EJBCA software package is used to install a privately operated certificate authority. This is in contrast to commercial certificate authorities that are operated by a trusted third party. Since it's inception EJBCA has been suggested for use as CA software for different use cases, including eGovernment^[1], endpoint management^[2], research^[3][4][5], energy^[6], eIDAS^[7], telecom^[8], networking^[9] and for usage in SMEs^[10].

References

1. "A PKI ARCHITECTURE USING OPEN SOURCE SOFTWARE FOR E-GOVERNMENT SERVICES IN ROMANIA". Indian Journal of Computer Science and Engineering. 2. 2011. Retrieved May 5, 2021.
2. "VMware Workspace ONE UEM Product Documentation". VMWare. March 3, 2020. Retrieved May 5, 2021.
3. "A web service based architecture for authorization of unknown entities in a Grid environment". University of Windsor. January 1, 2007. Retrieved May 5, 2021.
4. "Research and application of EJBCA based on J2EE" (PDF). Springer. 2007. Retrieved May 5, 2021.
5. "Secret Sharing Framework Based on Digital Certificates" (PDF). Proceedings of the 13th European Conference on Cyber Warfare and Security. 10.13140/RG.2.1.4331.5281. January 1, 2014. Retrieved May 5, 2021.
6. "Cybersecurity: An Enabler for Critical Infrastructure". Siemens. 2021. Retrieved May 5, 2021.
7. "Zetes launches eSig division ZetesConfidens". Security Document World. October 2, 2018. Retrieved May 5, 2021.
8. "Key Management for 4G and 5G inter-PLMN Security" (PDF). GSMA. March 6, 2020. Retrieved June 8, 2021.
9. "Field Notice: FN - 72013 - Cisco APIC-EM Root Certificate Expiration Causes All IWAN DMVPN Connections to Fail - Software Upgrade Recommended". Cisco. December 18, 2020. Retrieved May 5, 2021.
10. "Building and Managing a PKISolution for Small and MediumSize Business". SANS Institute. December 16, 2013. Retrieved May 5, 2021.

History and issues

The EJBCA project was started in 2001 by Tomas Gustavsson^[1], the company now maintaining the project, PrimeKey, was incorporated in May 2002.

Issues

Certificates used as part of a IT security solution comes with risks, related to issuance and usage of certificates. Notable incidents where EJBCA was involved includes certificate expiration^[2] and compliance^[3] issues. Primetomas (talk) 09:03, 6 May 2021 (UTC)

References

1. EJBCA v1.0 release announcement
2. "Cisco let an SSL cert expire in its VPN kit – and broke network provisioning brokers". The Register. August 7, 2018. Retrieved May 5, 2021.
3. "A world of hurt after GoDaddy, Apple, and Google misissue >1 million certificates". Ars Technica. December 3, 2019. Retrieved May 5, 2021.