Affects Version/s: None
Fix Version/s: EJBCA 6.11.1
Sprint:EJBCA Sprint 8
Vendor cert DN can map to a username, of a registered end entity, so that Vendor certificate mode can authenticate the request. Assigned by the Vendor.
The CRMF request DN, and the DN in the registered end entity can be something else, assigned by the operator.
- Vendor issue vendor certificate and puts it in device
- Operator gets device. Registers end entity with a username that can be extracted from the vendor certificate DN (extract username component in CMP alias)
- Operator sets Operator defined DN to be the DN of the reqistered end entity, this will be the DN of the issuer operator certificate.
- CMP request comes in, CMP Vendor mode, authenticated using vendor certificate, and issue from the pre registered end entity with the operator DN.
See 3GPP spec sections "9.4.4 Vendor Base Station Certificate" and "9.4.8 Operator Base Station Certificate".