Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6577

CMP ability to select CA certificates to add to caPubs in CMP responses (multiple order defined)

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.1
    • Component/s: None
    • Labels:
      None

      Description

      Ability to configure which certificates are returned in caPubs field by the CMP responder, is a needed function for distributing trust anchors to some devices in a reliable and automated manner.

      RFC4210:

      5.3.2. Initialization Response

      An Initialization response message contains as the PKIBody an
      CertRepMessage data structure, which has for each certificate
      requested a PKIStatusInfo field, a subject certificate, and possibly
      a private key (normally encrypted with a session key, which is itself
      encrypted with the protocolEncrKey).

      See Section 5.3.4 for CertRepMessage syntax. Note that if the PKI
      Message Protection is "shared secret information" (see Section
      5.1.3), then any certificate transported in the caPubs field may be
      directly trusted as a root CA certificate by the initiator.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              anjakobs Andres Jakobs
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Tomas Gustavsson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: