Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8231

Use the default CA of the SCEP alias, if no CA is specified in the message

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.2.0
    • Component/s: None
    • Labels:
    • Sprint:
      EJBCA Team Bob - 2019 w21

      Description

      The OPERATION MUST be set to "GetCACert".
      
         The MESSAGE MAY be omitted, or it MAY be a string that represents the
         certification authority issuer identifier.  A CA Administrator
         defined string allows for multiple CAs supported by one SCEP server.
      

      EJBCA requires the message parameter to be present unless scep.defaultca is set in ejbca.properties (this is not set by default). This requirement is unnecessary if the SCEP alias is in RA mode since the CA is defined by the alias. Since setting the scep.defaultca setting on appliance is not possible without SSH access, I would suggest the following behaviour instead:

      1. If the alias is in RA mode, and the message parameter is set, use the CA defined by the message.
      2. If the alias is in RA mode and the message parameter is not set, use the CA defined by the alias.
      3. If the alias is CA mode and the message parameter is set, use the CA defined by the message.
      4. If the alias is in CA mode and the message parameter is not set, use the setting scep.defaultca. If scep.defaultca is not defined, throw an exception with a friendly error message.

        Attachments

          Activity

            People

            Assignee:
            bastianf Bastian Fredriksson
            Reporter:
            bastianf Bastian Fredriksson
            Verified by:
            Tomas Gustavsson
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 3 hours
                3h
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours
                3h