Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.14.0
    • Fix Version/s: EJBCA 6.14.0
    • Component/s: None
    • Labels:
    • Epic Link:
    • Sprint:
      EJBCA Sprint 17

      Description

      The spec says:

      caaIdentities (optional, array of string): Each string MUST be a
      lowercase hostname which the ACME server recognizes as referring
      to itself for the purposes of CAA record validation as defined in
      [RFC6844]. This allows clients to determine the correct issuer
      domain name to use when configuring CAA records.

      The CAA identities are hardcoded to a dummy value:

      public List<String> getCaaIdentities() {
          return new ArrayList<String>(Arrays.asList("ca.example.com"));
      }
      

      Instead, the CAA identities should be taken from the corresponding CAA validator, or (perhaps easier) be specified as a setting per ACME alias.

      
      {
      	"newNonce": "https://nautilus:8443/ejbca/acme/newNonce",
      	"newAccount": "https://nautilus:8443/ejbca/acme/newAccount",
      	"newOrder": "https://nautilus:8443/ejbca/acme/newOrder",
      	"newAuthz": "https://nautilus:8443/ejbca/acme/newAuthz",
      	"revokeCert": "https://nautilus:8443/ejbca/acme/revokeCert",
      	"keyChange": "https://nautilus:8443/ejbca/acme/keyChange",
      	"meta": {
      		"termsOfService": "https://footrust.com/acme/terms",
      		"website": "https://footrust.com",
      		"caaIdentities": [
      			"pki.stormhub.org",
      			"footrust.com"
      		],
      		"externalAccountRequired": false
      	}
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                realiserad Bastian Fredriksson
                Reporter:
                realiserad Bastian Fredriksson
                Verified by:
                Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 days
                  2d
                  Remaining:
                  Time Spent - 2 hours, 50 minutes Remaining Estimate - 1 day, 5 hours, 10 minutes
                  1d 5h 10m
                  Logged:
                  Time Spent - 2 hours, 50 minutes Remaining Estimate - 1 day, 5 hours, 10 minutes
                  2h 50m