SubjectDN uniqueness removal

  • Jaro Blazenec

    Jaro Blazenec - 2010-06-17


    we are using in our different environment different versions of EJBCA (3.7.5, 3.9.4,3.10.1). The one that we are planning to use in production environment is the 3.10.1 version. BUT we see there a different behaviour from the other version, and it is how this version enforces SubjectDN uniqueness. We are integrating against the EJBCA with another product, and this one has internally implemented the creation of two certificates authentication, and non-repudiation, but uses the same SubjectDN for both and different user name. This product was first integrated against the 3.7.5 version where it was possible. We plan to use the 3.10.1 version also for some fixes and enhancements, but this is a stop for us right now, that we cannot overcome.

    Can somehow this specific behaviour be reverted in the 3.10.1 version, so the SubjectDN uniqueness is not enforced?


  • Tomas Gustavsson

    Yes it is a configuration in "Edit Certificate Authorities". We just released EJBCA 3.10.2 btw, that is much improved over 3.10.1 :-)


  • Markus Kilås

    Markus Kilås - 2010-06-17

    Hi Jaro,

    You can deselect "Enforce unique DN" when you edit the CA.

    Best Regards,

    • Fabio Mangiarulo

      But is this configuration valid for CV certificate? I have two DVCA with same SubjectDN and I deselected "Enforce unique DN" when I edit DVCA but I have the same error.


Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

No, thanks