Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-6601

CMP ability to select CA certificates to add to extraCerts in CMP responses (multiple order defined)

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.11.1
    • Component/s: None
    • Labels:
      None

      Description

      Ability to configure which certificates are returned in caPubs field by the CMP responder, is a needed function for distributing trust anchors to some devices in a reliable and automated manner.

      RFC4210:

      5.3.2. Initialization Response

      An Initialization response message contains as the PKIBody an
      CertRepMessage data structure, which has for each certificate
      requested a PKIStatusInfo field, a subject certificate, and possibly
      a private key (normally encrypted with a session key, which is itself
      encrypted with the protocolEncrKey).

      See Section 5.3.4 for CertRepMessage syntax. Note that if the PKI
      Message Protection is "shared secret information" (see Section
      5.1.3), then any certificate transported in the caPubs field may be
      directly trusted as a root CA certificate by the initiator.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                anjakobs Andres Jakobs
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Tomas Gustavsson
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: