Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4412

Don't require end entity when web.reqcertindb is set to true

    Details

    • Issue discovered during:
      Customer

      Description

      When using an external Management CA, an important configuration option is the web.reqcertindb in web.properties.

      If this option is set to false, it will not be required to publish all of the administrator certificates issued by the Management CA into EJBCA.

      However, if it is set to true, it is required to not only publish the certificates into EJBCA, but also they must be associated with an end entity.

      It is not quite clear why the end entity must exist in such a case. This makes it a bit harder to keep the admin certs in sync, since you would need to have end entities present as well (i.e. simple publish to certificatedata table won't help).

      This should be investigated, and perhaps this requirement could be dropped for web.reqcertindb=true - i.e. just rely on having valid certificate in CertificateData table.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                branko Branko Majic (Inactive)
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: