Unable to renew SuperAdmin certificate

[SohailGalaria]

Continuing this discussion from another channel https://sourceforge.net/p/ejbca/discussion/123123/thread/6d573ad078/

As mentioned in the other thread that I'm having a hard time able to renew my SuperAdmin Client certificate or create a new onesince my CLI user throws an error everytime as "Not Authorized"

I have checked my ejbca.properties file and the we are still using the default ejbca cli user and password. But for some reason the CLI is unable to list any end entities or CA's

Where can I find which user to use or an alternative to fix this problem. The database user mentioned in the standalone.xml has access to the database as expected but when I try logging in as ejbca, I don't see the ejbca database

[primetomas]

Someone has probably by accident modified the "ejbca" CLI user through some api call, or UI action. This is unfortunately possible.

The database access has nothing todo with this. Do not mix them together. Your standalone.xml has the database name, database user, and database password that you can use to log into the database, like "mysql -u databaseuser -p databasename". This has nothing todo with the EJBCA CLI.

[SohailGalaria]

So is there any way the "ejbca" cli user can be modified or recovered or any option to identify what the current CLI user would be.

Also would "ant deployear" help in any way?

[primetomas]

deployear would not help.

The ejbca cli user is in the UserData table, username "ejbca", you can investigate there.

You can always set back the clock if you want to go in with superadmin, then you can edit the 'ejbca' user in the ui.

(as last resort there are support services, https://www.primekey.com/support/)

[SohailGalaria]

Apologies for delayed response.

I was able to set the clock back and get in and the renew the superadmin certificate. Appreciate all your help !!