-
Type:
Improvement
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: EJBCA 6.11.1
-
Component/s: None
-
Labels:None
-
Issue discovered during:Customer
-
Epic Link:
-
Sprint:EJBCA Happy Fun Sprint (6)
This is one step on the way to having different request DN and Vendor Cert DN.
As exemplified in 3GPP section "9.4.4 Vendor Base Station Certificate", we want to issue a cert with "CN=<serialnumber>.primekey.com,O=Operator name,C=SE"
A request where the users resulting DN (in issuer operator cert) will be according to the suggested user DN "o=<vendor name>, cn=<serialnumber>.<vendor>.com", but there the Vendor certificate have a different DN form "UID=uidusername,CN=3gpptestuser,C=SE", and we use CMP Client Mode (vendor cert mode) with extract username from UID. This means username will be uidusername as extracted from the Vendor Cert, but no username will be extracted from the request DN (as there is no UID in that DN), but the request DN will be mapped to the same username.
