Affects Version/s: None
Fix Version/s: EJBCA 6.12.0
Issue discovered during:Customer
Sprint:EJBCA Sprint 9, EJBCA Sprint 10
Exporting or importing CSRs is a blind procedure and can easily lead to mistakes such as unintentionally issuing a certificate for a wrong key.
Whenever importing or exporting a CSR , the application should display all the relevant information about the CSR and ask explicit confirmation to continue or cancel.
Relevant information to display:
- file name
- public key modulus & exponent
- SHA1 or SHA256 fingerprint of either the entire CSR file or of the signed content of the CSR file
Should be displayed both to user uploading the CSR and for Admin approving a request.