Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8787

Add the ability to have multiple DVCAs with the same holder country and mnemonic

    Details

    • Issue discovered during:
      Customer

      Description

      A requsting country in CVC context, can have multiple DVCAs from different countries.

      EJBCA uses the holder mnemonic and requesting country code to build the Subject DN, which has to be unique, for two reasons: 1) the CA ID is derived from it and 2) it is used to construct certificate chains (e.g. for Inspection System certificates).

      We should devise a solution for having multiple such CAs. Note that having the country code in the sequence number is optional, so we cannot assume that the country code is always there. We could perhaps prefix the Subject DN with the Issuer DN when constructing the CA ID for DVCAs.

      This could require extensive changes to EJBCA, and since the Subject DN is stored in the database (e.g. in CAData and CertificateData), we need to take backwards compatibility in consideration.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              tomas Tomas Gustavsson
              Reporter:
              samuel Samuel Lidén Borell
              Verified by:
              Samuel Lidén Borell
              Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 9 weeks
                  9w
                  Remaining:
                  Time Spent - 2 weeks, 2 days, 5 hours Remaining Estimate - 3 days, 3 hours
                  3d 3h
                  Logged:
                  Time Spent - 2 weeks, 2 days, 5 hours Remaining Estimate - 3 days, 3 hours Time Not Required
                  2w 2d 5h