Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4052

Allow override of EJBCA's subject DN ordering in web service call for issuing certificate

    Details

    • Issue discovered during:
      Customer

      Description

      With the current implementation of EJBCA, the ordering of fields in subject DN for newly-issued certificates is performed based on hard-coded order, although it's possible to set it to be X.500 or LDAP order (i.e. just reversing is possible).

      It would be nice if it were possible to pass in an extra option during issuance of a certificate via web service that would let the client signal EJBCA to use the order of subject DN fields specified in the request itself. I.e. EJBCA would not try to normalise the subject DN in any way.

      All other checks against end entity profile should still be performed, of course.

      This way the customers would be able to define their own order based on the requests they send in.

      Some guidance on the matter from https://tools.ietf.org/html/rfc5280#section-7.1 :
      "Two distinguished names DN1 and DN2 match if they have the same number of RDNs, for each RDN in DN1 there is a matching
      RDN in DN2, and the matching RDNs appear in the same order in both DNs."

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              johan Johan Eklund
              Reporter:
              branko Branko Majic (Inactive)
              Verified by:
              Mike Agrenius Kushner
              Votes:
              1 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: