Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6434

CMP Vendor mode: Ability to have different requestDN from VendorCert DN where request DN lacks extract username component

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.1
    • Component/s: None
    • Labels:
      None

      Description

      This is one step on the way to having different request DN and Vendor Cert DN.

      As exemplified in 3GPP section "9.4.4 Vendor Base Station Certificate", we want to issue a cert with "CN=<serialnumber>.primekey.com,O=Operator name,C=SE"

      A request where the users resulting DN (in issuer operator cert) will be according to the suggested user DN "o=<vendor name>, cn=<serialnumber>.<vendor>.com", but there the Vendor certificate have a different DN form "UID=uidusername,CN=3gpptestuser,C=SE", and we use CMP Client Mode (vendor cert mode) with extract username from UID. This means username will be uidusername as extracted from the Vendor Cert, but no username will be extracted from the request DN (as there is no UID in that DN), but the request DN will be mapped to the same username.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: