Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6434

CMP Vendor mode: Ability to have different requestDN from VendorCert DN where request DN lacks extract username component

        Details

        • Type: Improvement
        • Status: Closed
        • Priority: Minor
        • Resolution: Fixed
        • Affects Version/s: None
        • Fix Version/s: EJBCA 6.11.1
        • Component/s: None
        • Labels:
          None

          Description

          This is one step on the way to having different request DN and Vendor Cert DN.

          As exemplified in 3GPP section "9.4.4 Vendor Base Station Certificate", we want to issue a cert with "CN=<serialnumber>.primekey.com,O=Operator name,C=SE"

          A request where the users resulting DN (in issuer operator cert) will be according to the suggested user DN "o=<vendor name>, cn=<serialnumber>.<vendor>.com", but there the Vendor certificate have a different DN form "UID=uidusername,CN=3gpptestuser,C=SE", and we use CMP Client Mode (vendor cert mode) with extract username from UID. This means username will be uidusername as extracted from the Vendor Cert, but no username will be extracted from the request DN (as there is no UID in that DN), but the request DN will be mapped to the same username.

            Attachments

              Issue Links

              is related to

              Epic - Created by JIRA Software - do not edit or delete. Issue type for a big user story that needs to be broken down. ECA-6468 CMP changes to return caPub certificates and lessen DN checks on VC certificate

              • Critical - Crashes, loss of data, severe memory leak.
              • Closed
              relates

              Improvement - An improvement or enhancement to an existing feature or task. ECA-6435 CMP Vendor mode: Ability to have different requestDN from VendorCert DN

              • Major - Major loss of function.
              • Closed

                Activity

                  People

                  • Assignee:
                    tomas Tomas Gustavsson
                    Reporter:
                    tomas Tomas Gustavsson
                    Verified by:
                    Mike Agrenius Kushner
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: