Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4083

OCSP configuration per certificate profile id is used for CERTPROFILE_NO_PROFILE

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.2.7
    • Fix Version/s: EJBCA 6.2.8
    • Component/s: Protocols
    • Labels:
      None
    • Issue discovered during:
      Another issue

      Description

      untilNextUpdate, maxAge, revokedUntilNextUpdate and revokedMaxAge can all be configured per certificate profile id.

      If a certificate was issued before EJBCA 3.9.0 or imported using the CRLDownloader, a value configured in an OcspKeyBinding will be overridden by the "non-profile" configuration.

      This happens because in such cases CertificateData.certificateProfileId is 0 (zero) and the method reading the configuration will interpret this as it should read the base value.

      Example:
      OcspConfiguration.isUntilNextUpdateConfigured(0)
      will return the configuration for
      "ocsp.untilNextUpdate"
      and
      OcspConfiguration.isUntilNextUpdateConfigured(1)
      will return the configuration for
      "ocsp.1.untilNextUpdate"

      The first case is used as a base-line that should be overridden by configuration of OcspKeyBinding (which happens), but if the certificateProfileId is 0, the value will be overridden again by the base-line.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                johan Johan Eklund
                Reporter:
                johan Johan Eklund
                Verified by:
                Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: