Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7156

Implement CAA identities

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: EJBCA 6.14.0
    • Fix Version/s: EJBCA 6.14.0
    • Component/s: None
    • Labels:
    • Epic Link:
    • Sprint:
      EJBCA Sprint 17

      Description

      The spec says:

      caaIdentities (optional, array of string): Each string MUST be a
      lowercase hostname which the ACME server recognizes as referring
      to itself for the purposes of CAA record validation as defined in
      [RFC6844]. This allows clients to determine the correct issuer
      domain name to use when configuring CAA records.

      The CAA identities are hardcoded to a dummy value:

      public List<String> getCaaIdentities() {
    return new ArrayList<String>(Arrays.asList("ca.example.com"));
}

      Instead, the CAA identities should be taken from the corresponding CAA validator, or (perhaps easier) be specified as a setting per ACME alias.

      {
	"newNonce": "https://nautilus:8443/ejbca/acme/newNonce",
	"newAccount": "https://nautilus:8443/ejbca/acme/newAccount",
	"newOrder": "https://nautilus:8443/ejbca/acme/newOrder",
	"newAuthz": "https://nautilus:8443/ejbca/acme/newAuthz",
	"revokeCert": "https://nautilus:8443/ejbca/acme/revokeCert",
	"keyChange": "https://nautilus:8443/ejbca/acme/keyChange",
	"meta": {
		"termsOfService": "https://footrust.com/acme/terms",
		"website": "https://footrust.com",
		"caaIdentities": [
			"pki.stormhub.org",
			"footrust.com"
		],
		"externalAccountRequired": false
	}
}

        Attachments

          Issue Links

          is caused by

          Task - A task that needs to be done. ECA-7138 Ensure quality in ACME

          • Major - Major loss of function.
          • Closed
          relates

          Bug - A problem which impairs or prevents the functions of the product. ECA-7171 Null EEP when getting caa identities causes crash.

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Open

            Activity

              People

              Assignee:
              bastianf Bastian Fredriksson
              Reporter:
              bastianf Bastian Fredriksson
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 days
                  2d
                  Remaining:
                  Time Spent - 2 hours, 50 minutes Remaining Estimate - 1 day, 5 hours, 10 minutes
                  1d 5h 10m
                  Logged:
                  Time Spent - 2 hours, 50 minutes Remaining Estimate - 1 day, 5 hours, 10 minutes
                  2h 50m