[ECA-8787] Add the ability to have multiple DVCAs with the same holder country and mnemonic - PrimeKey Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: EJBCA 7.4.1
Component/s: None
Labels:
- CVC
- DVCA
- TeamBobSprint
- subjectdn

Issue discovered during:
Customer

Description

A requsting country in CVC context, can have multiple DVCAs from different countries.

EJBCA uses the holder mnemonic and requesting country code to build the Subject DN, which has to be unique, for two reasons: 1) the CA ID is derived from it and 2) it is used to construct certificate chains (e.g. for Inspection System certificates).

We should devise a solution for having multiple such CAs. Note that having the country code in the sequence number is optional, so we cannot assume that the country code is always there. We could perhaps prefix the Subject DN with the Issuer DN when constructing the CA ID for DVCAs.

This could require extensive changes to EJBCA, and since the Subject DN is stored in the database (e.g. in CAData and CertificateData), we need to take backwards compatibility in consideration.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

documentation.txt
11 kB
2020-06-03 08:19

Issue Links

is related to

ECA-9142 Create a webservice call for creating an externally signed CA.

Closed

Activity

People

Assignee:: Tomas Gustavsson

Reporter:: Samuel Lidén Borell

Verified by:: Samuel Lidén Borell

Votes:: 1 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019-12-27 09:12

Updated:: 2020-07-10 15:00

Resolved:: 2020-06-18 12:07

Time Tracking

Estimated:

Remaining:

3d 3h

Logged:

2w 2d 5h