Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7387

CLI support to add/edit end entities with multi-value RDNs


    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      With the ability to use multi-value RDNs, we should have the ability to enter such DNs in the CLI.

      • add/edit end entity
      • issue certificates based on the added/edited information

      It should only be allowed to use multi-value RDNs if it is a llowed in the end entity profile.

      If allowed it should look like:

      bin/ejbca.sh ra addendentity --username multirdn1 --dn "CN=Tomas+UID=12345,O=PK,C=SE" --caname "ManagementCA" --type 1 --token PEM
      bin/ejbca.sh ra setclearpwd multirdn1 foo123
      bin/ejbca.sh batch multirdn1
      openssl asn1parse -in p12/pem/Tomas.pem -i

      135:d=3 hl=2 l= 35 cons: SET
       137:d=4 hl=2 l= 12 cons: SEQUENCE
       139:d=5 hl=2 l= 3 prim: OBJECT :commonName
       144:d=5 hl=2 l= 5 prim: UTF8STRING :Tomas
       151:d=4 hl=2 l= 19 cons: SEQUENCE
       153:d=5 hl=2 l= 10 prim: OBJECT :userId
       165:d=5 hl=2 l= 5 prim: UTF8STRING :12345
       172:d=3 hl=2 l= 11 cons: SET
       174:d=4 hl=2 l= 9 cons: SEQUENCE
       176:d=5 hl=2 l= 3 prim: OBJECT :organizationName
       181:d=5 hl=2 l= 2 prim: UTF8STRING :PK
       185:d=3 hl=2 l= 11 cons: SET
       187:d=4 hl=2 l= 9 cons: SEQUENCE
       189:d=5 hl=2 l= 3 prim: OBJECT :countryName
       194:d=5 hl=2 l= 2 prim: PRINTABLESTRING :SE

      In the database it looks like this:
      MariaDB [ejbca]> select subjectdn from UserData where username='multirdn1';

      | subjectdn |
      | CN=Tomas+UID=12345,O=PK,C=SE |


      If not allowed in the End Entity Profile it should look like:

      bin/ejbca.sh ra addendentity --username multirdn2 --dn "CN=Tomas+UID=12345,O=PK,C=SE" --caname "ManagementCA" --type 1 --token PEM
      Using certificate profile: ENDUSER, with id: 1
      Trying to add end entity:
      Username: multirdn2
      Password: <password hidden>
      DN: CN=Tomas+UID=12345,O=PK,C=SE
      CA Name: ManagementCA
      SubjectAltName: null
      Email: null
      Type: 1
      Token: PEM
      Certificate profile: 1
      End entity profile: 1
      Given userdata doesn't fulfill end entity profile. : Subject DN has multi value RDNs, which is not allowed.



      • system test
      • QA tests


          Issue Links



              Unassigned Unassigned
              tomas Tomas Gustavsson
              0 Vote for this issue
              1 Start watching this issue