Details
-
Type:
Improvement
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: EJBCA 7.4.1
-
Component/s: None
-
Labels:
-
Provenance:Ordered by Customer
-
Issue discovered during:Customer
Description
A requsting country in CVC context, can have multiple DVCAs from different countries.
EJBCA uses the holder mnemonic and requesting country code to build the Subject DN, which has to be unique, for two reasons: 1) the CA ID is derived from it and 2) it is used to construct certificate chains (e.g. for Inspection System certificates).
We should devise a solution for having multiple such CAs. Note that having the country code in the sequence number is optional, so we cannot assume that the country code is always there. We could perhaps prefix the Subject DN with the Issuer DN when constructing the CA ID for DVCAs.
This could require extensive changes to EJBCA, and since the Subject DN is stored in the database (e.g. in CAData and CertificateData), we need to take backwards compatibility in consideration.
Attachments
Issue Links
- is related to
-
ECA-9142 Create a webservice call for creating an externally signed CA.
-
- Closed
-