Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5792

Allow peer publisher to only publish required data for OCSP

    Details

    • Type: Epic
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Epic Name:
      Allow peer publisher to only publish required data for OCSP

      Description

      A customer has specified that they'd like a setting on the Peer VA Publisher to limit the amount of information transmitted to the VA, essentially avoiding the subject DN but optimally only transmitting the information required for the OCSP responder to function.

      Essentially, a:

      
      Don't store meta data except for CA and OCSP signing certificates: [x] 
      

      setting in the publisher, so the same could be used for all certificates that should be pushed to the VA, but exclude the sensitive info for regular leafs. (E.g. one publisher - one VA mapping)

      We need to:

      • Check new setting in org.ejbca.peerconnector.publisher.PeerPublisher code to just exclude such data from being published (easy)
      • Make setting GUI+CLI configurable for publisher (still fragile JSP implementation)
      • Make the same available via the "Certificate Data Synchronization" view (for consistency and bootstrapping)
      • Plenty of testing

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                anjakobs Andres Jakobs
                Reporter:
                mikek Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: