Importing CAs

For test purposes, you may receive a private key and a CV certificate for the CVCA trust point used by the passport manufacturer when creating specimen passports.

To test your process and inspection systems, if you have a PKCS#8 private key and a CV certificate with the public key, you can import a CVCA (with soft keystore) in EJBCA:

bin/ejbca.sh ca importcvca

Example import command using the given CV Certificate:

bin/ejbca.sh ca importcvca importcvca1 GO_CVCA_RSA2008.pkcs8 GO_CVCA_RSA2008.cvcert C=SE,CN=IMPCA1

Example import command using the same private/public keys, but generating a new certificate:

bin/ejbca.sh ca importcvca importcvca1 GO_CVCA_RSA2008.pkcs8 GO_CVCA_RSA2008.cvcert C=SE,CN=IMPCA1 SHA1WithRSA 365

You can also (from EJBCA 7.2.0) import DVs. Doing that you need a chain with the DV certificate first, and the CVCA certificate second.

# Import the CVCA
bin/ejbca.sh ca importcvcca --caname CVCARSA -f CVCARSA.pkcs8 -c SECVCARSA00000_SECVCARSA00000.cacert.pem
# Create the certificate chain PEM file
cat SECVCARSA00000_SEDVCARSA00000.cacert.pem SECVCARSA00000_SECVCARSA00000.cacert.pem > chain.pem
# Import the DV
bin/ejbca.sh ca importcvcca --caname DVCARSA -f DVCARSA.pkcs8 -c chain.pem