Details
-
Type:
Bug
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: None
-
Labels:
Description
Steps to reproduce
1. Create an end entity certificate profile with "Use entity CN field" enabled.
2. Try to issue a certificate using this end entity profile from the RA Web
Problem: No label is displayed next to the "Use entity CN field" checkbox.
3. Try to uncheck this checkbox.
Problem: No text field is shown in the GUI to enter a new dNSName.
4. Try to issue with an error (e.g. by trying to issue to a domain where CAA issuance prohibits issuance).
Problem: "Use entity CN field" checkbox is displayed next to the dNSName text field with no padding and the checkbox still has no label.
5. Check the "Use entity CN field" checkbox.
Problem: The dNSName text field is still visible.
6. Uncheck the "Use entity CN field" checkbox again. Enter primekey.com in both the CN and dNSName text field. Try to issue a cert.
Problem: User does not fulfill end entity profile. Error in the log is:
Error Code: Internal EJBCA error code: USER_DOESNT_FULFILL_END_ENTITY_PROFILE: org.ejbca.core.model.ra.EndEntityProfileValidationRaException: org.ejbca.core.model.ra.raadmin.EndEntityProfileValidationException: Wrong number of DNSNAME fields in Subject Alternative Name.
To fix
- Attach AJAX to the appropriate JSF controls.
- Add a label "Use entity CN field" to the checkbox.
- Ensure issuance is possible when "Use entity CN field" is disabled.
Follow up
QA need to look at ECAQA-199 to ensure this usecase is covered.
Attachments
Issue Links
- is caused by
-
ECA-7206 End Entity Profile setting to allow dnsName SAN field to be automatically populated by the CN in a CSR
-
- Closed
-
- linked with
-
DeskPRO #1973 Query relating to DNS entries in SAN field
- links to