Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Major
-
Resolution: Duplicate
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:None
-
Epic Link:
Description
With the ability to use multi-value RDNs, we should have the ability to enter such DNs in the CLI.
- add/edit end entity
- issue certificates based on the added/edited information
It should only be allowed to use multi-value RDNs if it is a llowed in the end entity profile.
If allowed it should look like:
bin/ejbca.sh ra addendentity --username multirdn1 --dn "CN=Tomas+UID=12345,O=PK,C=SE" --caname "ManagementCA" --type 1 --token PEM
bin/ejbca.sh ra setclearpwd multirdn1 foo123
bin/ejbca.sh batch multirdn1
openssl asn1parse -in p12/pem/Tomas.pem -i
135:d=3 hl=2 l= 35 cons: SET 137:d=4 hl=2 l= 12 cons: SEQUENCE 139:d=5 hl=2 l= 3 prim: OBJECT :commonName 144:d=5 hl=2 l= 5 prim: UTF8STRING :Tomas 151:d=4 hl=2 l= 19 cons: SEQUENCE 153:d=5 hl=2 l= 10 prim: OBJECT :userId 165:d=5 hl=2 l= 5 prim: UTF8STRING :12345 172:d=3 hl=2 l= 11 cons: SET 174:d=4 hl=2 l= 9 cons: SEQUENCE 176:d=5 hl=2 l= 3 prim: OBJECT :organizationName 181:d=5 hl=2 l= 2 prim: UTF8STRING :PK 185:d=3 hl=2 l= 11 cons: SET 187:d=4 hl=2 l= 9 cons: SEQUENCE 189:d=5 hl=2 l= 3 prim: OBJECT :countryName 194:d=5 hl=2 l= 2 prim: PRINTABLESTRING :SE
In the database it looks like this:
MariaDB [ejbca]> select subjectdn from UserData where username='multirdn1';
+------------------------------+ | subjectdn | +------------------------------+ | CN=Tomas+UID=12345,O=PK,C=SE | +------------------------------
If not allowed in the End Entity Profile it should look like:
bin/ejbca.sh ra addendentity --username multirdn2 --dn "CN=Tomas+UID=12345,O=PK,C=SE" --caname "ManagementCA" --type 1 --token PEM Using certificate profile: ENDUSER, with id: 1 Trying to add end entity: Username: multirdn2 Password: <password hidden> DN: CN=Tomas+UID=12345,O=PK,C=SE CA Name: ManagementCA SubjectAltName: null Email: null Type: 1 Token: PEM Certificate profile: 1 End entity profile: 1 Given userdata doesn't fulfill end entity profile. : Subject DN has multi value RDNs, which is not allowed.
Includes:
- system test
- QA tests