Using the demo servlet

It is a demo servlet that will accept any incoming post, create a user with a unique username, and instantly send back a certificate. The entity- and certificate profiles used are sent as parameters in the post. To set up the demo servlet:

  1. Find out the CA id of the CA you want to use for signing of the demo certificates. Use the Admin GUI or 'bin/ejbca.sh ca listcas' to find the integer value that is the CA id.

  2. Configure the CA id in modules/publicweb-gui/src/org/ejbca/ui/web/pub/DemoCertReqServlet.java, it's the parameter DEFAULT_DEMOCAID.

  3. Edit src/publicweb/publicweb/WEB-INF/web.xml and uncomment the two sections for the demo servlet.

  4. If using UTF-8 to display the web-page containing the demo form to the users, change ISO-8859-1 to UTF-8 for the env-entry contentEncoding. Otherwise national characters in names will be encoded/displayed incorrectly in the certificates.

  5. Deploy with ant deploy.

  6. Create an end entity profile and a certificate profile that should be used for the demo certificates.

  7. Create a demo apply page containing something similar to the sample form below for Firefox. There are some sample scripts under modules/publicweb-gui/resources/.

<form name="demoreq" action="http://127.0.0.1:8080/ejbca/democertreq" method="post">
Please fill out the form and click <b>Enroll</b> to receive your certificate.
Read our <a href="https://www.primekey.se/primekey/en/Demo.html">privacy policy</a>.<br>
<input name="certificateprofile" value="DemoCertProfile" type="hidden">
<input name="entityprofile" value="DemoEntityProfile" type="hidden"><br>
<br>
Full name:
<input name="user" value="C=SE,O=PrimeKey Solutions AB,OU=Demo,CN=" size="25" maxlength="60" class="input" type="text">
<p align="left"> E-mail:
<input name="email" size="25" maxlength="60" class="input" type="text">
<input name="includeemail" value="true" type="hidden">
</p>
<p align="left"> Choose key length from the list below. The default is recommended in most cases. <br>
<br>
<keygen type="hidden" name="keygen" value="challenge">
</p><p align="left">
<input value="Enroll" name="submit" type="submit">
</form>

You can use some hidden fields and some java script to for example only ask for a name, and concatenate it with a hidden partial DN to produce a full dn for the user parameter. Use your imagination!