Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5133

Renaming subject DN of a root CA during statedump import changes sub-CAs from this root CA to self-signed


    • Type: Bug
    • Status: Open
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: EJBCA 6.5.2
    • Fix Version/s: None
    • Component/s: CLI
    • Issue discovered during:


      When renaming subject DN of a root CA during statedump import, all of the subordinate CAs signed by this root CA will be changed to be self-signed instead of being signed by the root CA itself. In addition, the certificate profile will be set to the first available in the list (in the GUI).

      Reproduction steps:

      1. Create a statedump with a single root CA and sub CA. The sub-CA should be marked as signed by the root CA.

      2. Import the statedump using a prefix for root CA CN (say, "TEST ").

      3. Open page Certification Authorities, select the sub CA, and click on the "Edit CA" button.

      4. Observe the settings for the "signed-by" options and certificate profile.

      Expected results:

      1. Sub-CA is marked as signed-by root ca.

      2. Sub-CA certificate profile remains the same as during the statedump creation.

      Actual results:

      1. Sub-CA is marked as self-signed.

      2. A different certificate profile has been picked (possibly the first one in the drop-down list).




            • Assignee:
              branko Branko Majic (Inactive)
            • Votes:
              0 Vote for this issue
              3 Start watching this issue


              • Created: