Using the Demo Servlet

It is a demo servlet that will accept any incoming post, create a user with a unique username, and instantly send back a certificate. The entity- and certificate profiles used are sent as parameters in the post. To set up the demo servlet:

  1. Find out the CA id of the CA you want to use for signing of the demo certificates. Use the Admin GUI or 'bin/ejbca.sh ca listcas' to find the integer value that is the CA id.
  2. Configure the CA id in modules/publicweb-gui/src/org/ejbca/ui/web/pub/DemoCertReqServlet.java, it's the parameter DEFAULT_DEMOCAID.
  3. Edit src/publicweb/publicweb/WEB-INF/web.xml and uncomment the two sections for the demo servlet.
  4. If using UTF-8 to display the web-page containing the demo form to the users, change ISO-8859-1 to UTF-8 for the env-entry contentEncoding. Otherwise national characters in names will be encoded/displayed incorrectly in the certificates.
  5. Deploy with ant deploy.
  6. Create an end entity profile and a certificate profile that should be used for the demo certificates.
  7. Create a demo apply page containing something similar to the sample form below for Firefox. There are some sample scripts under modules/publicweb-gui/resources/.
<form name="demoreq" action="http://127.0.0.1:8080/ejbca/democertreq" method="post">
  Please fill out the form and click <b>Enroll</b> to receive your certificate.
  Read our <a href="https://www.primekey.se/primekey/en/Demo.html">privacy policy</a>.<br>
  <input name="certificateprofile" value="DemoCertProfile" type="hidden">
  <input name="entityprofile" value="DemoEntityProfile" type="hidden"><br>
  <br>
  Full name:
  <input name="user" value="C=SE,O=PrimeKey Solutions AB,OU=Demo,CN=" size="25" maxlength="60" class="input" type="text">
  <p align="left"> E-mail:
  <input name="email" size="25" maxlength="60" class="input" type="text">
  <input name="includeemail" value="true" type="hidden">
  </p>
  <p align="left"> Choose key length from the list below. The default is recommended in most cases. <br>
  <br>
  <keygen type="hidden" name="keygen" value="challenge">
  </p><p align="left">
  <input value="Enroll" name="submit" type="submit">
</form>

You can use some hidden fields and some java script to for example only ask for a name, and concatenate it with a hidden partial DN to produce a full dn for the user parameter. Use your imagination!