Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7387

CLI support to add/edit end entities with multi-value RDNs

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Duplicate
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      With the ability to use multi-value RDNs, we should have the ability to enter such DNs in the CLI.

      • add/edit end entity
      • issue certificates based on the added/edited information

      It should only be allowed to use multi-value RDNs if it is a llowed in the end entity profile.

      If allowed it should look like:

      bin/ejbca.sh ra addendentity --username multirdn1 --dn "CN=Tomas+UID=12345,O=PK,C=SE" --caname "ManagementCA" --type 1 --token PEM
      bin/ejbca.sh ra setclearpwd multirdn1 foo123
      bin/ejbca.sh batch multirdn1
      openssl asn1parse -in p12/pem/Tomas.pem -i

      135:d=3 hl=2 l= 35 cons: SET
 137:d=4 hl=2 l= 12 cons: SEQUENCE
 139:d=5 hl=2 l= 3 prim: OBJECT :commonName
 144:d=5 hl=2 l= 5 prim: UTF8STRING :Tomas
 151:d=4 hl=2 l= 19 cons: SEQUENCE
 153:d=5 hl=2 l= 10 prim: OBJECT :userId
 165:d=5 hl=2 l= 5 prim: UTF8STRING :12345
 172:d=3 hl=2 l= 11 cons: SET
 174:d=4 hl=2 l= 9 cons: SEQUENCE
 176:d=5 hl=2 l= 3 prim: OBJECT :organizationName
 181:d=5 hl=2 l= 2 prim: UTF8STRING :PK
 185:d=3 hl=2 l= 11 cons: SET
 187:d=4 hl=2 l= 9 cons: SEQUENCE
 189:d=5 hl=2 l= 3 prim: OBJECT :countryName
 194:d=5 hl=2 l= 2 prim: PRINTABLESTRING :SE

      In the database it looks like this:
      MariaDB [ejbca]> select subjectdn from UserData where username='multirdn1';

      +------------------------------+
| subjectdn |
+------------------------------+
| CN=Tomas+UID=12345,O=PK,C=SE |
+------------------------------

       

      If not allowed in the End Entity Profile it should look like:

      bin/ejbca.sh ra addendentity --username multirdn2 --dn "CN=Tomas+UID=12345,O=PK,C=SE" --caname "ManagementCA" --type 1 --token PEM
Using certificate profile: ENDUSER, with id: 1
Trying to add end entity:
Username: multirdn2
Password: <password hidden>
DN: CN=Tomas+UID=12345,O=PK,C=SE
CA Name: ManagementCA
SubjectAltName: null
Email: null
Type: 1
Token: PEM
Certificate profile: 1
End entity profile: 1
Given userdata doesn't fulfill end entity profile. : Subject DN has multi value RDNs, which is not allowed.

       

      Includes:

      • system test
      • QA tests

        Attachments

          Issue Links

          blocks

          New Feature - A new feature of the product, which has yet to be developed. ECA-7388 Advanced search (Admin and RA UI) of multi value RDNs

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. ECA-7390 Document multi-value RDNs, with restrictions

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. ECA-7389 Document Administrator matching of multi-valued RDNs

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          clones

          New Feature - A new feature of the product, which has yet to be developed. ECA-7386 GUI support to add/edit end entities with multi-value RDNs

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              tomas Tomas Gustavsson
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: