[ECA-6434] CMP Vendor mode: Ability to have different requestDN from VendorCert DN where request DN lacks extract username component - PrimeKey Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: None
Fix Version/s: EJBCA 6.11.1
Component/s: None
Labels:
None

Issue discovered during:
Customer
Epic Link:
CMP Vendor Certificate
Sprint:
EJBCA Happy Fun Sprint (6)

Description

This is one step on the way to having different request DN and Vendor Cert DN.

As exemplified in 3GPP section "9.4.4 Vendor Base Station Certificate", we want to issue a cert with "CN=<serialnumber>.primekey.com,O=Operator name,C=SE"

A request where the users resulting DN (in issuer operator cert) will be according to the suggested user DN "o=<vendor name>, cn=<serialnumber>.<vendor>.com", but there the Vendor certificate have a different DN form "UID=uidusername,CN=3gpptestuser,C=SE", and we use CMP Client Mode (vendor cert mode) with extract username from UID. This means username will be uidusername as extracted from the Vendor Cert, but no username will be extracted from the request DN (as there is no UID in that DN), but the request DN will be mapped to the same username.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

eca-6434.patch
10 kB
2017-12-19 14:35

Issue Links

is related to

ECA-6468 CMP changes to return caPub certificates and lessen DN checks on VC certificate

Closed

relates

ECA-6435 CMP Vendor mode: Ability to have different requestDN from VendorCert DN

Closed

Activity

People

Assignee:: Tomas Gustavsson

Reporter:: Tomas Gustavsson

Verified by:: Mike Agrenius Kushner

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2017-12-19 14:31

Updated:: 2019-05-13 13:11

Resolved:: 2018-01-04 09:08