Menu
▾
▴
Re: [Ejbca-develop] Copy CN from PKCS#10 certificate request
|
From: Ketan S. <ksu...@pa...> - 2015-09-28 16:03:26
|
We have many devices in our system which are uniquely identified by their Name (read CN in X.509 context). We need the Certificate issued to these devices to have CN same as one present in CMP/SCEP/CSR request. But adding unique EE for each of our device is a Management challenge. So the requirement is to have username/password same for all end devices but CN should be based on the request parameters. Thanks, Ketan Supanekar -----Original Message----- From: Tomas Gustavsson [mailto:to...@pr...] Sent: Monday, September 28, 2015 11:37 AM To: ejb...@li... Subject: Re: [Ejbca-develop] Copy CN from PKCS#10 certificate request Hi, There are several ways you can do this in EJBCA. But before going into that I'd like to probe if this is _really_ what you want? If you allow end users to paste a CSR into the public web, and imply copy the value from CN, there is nothing preventing a user from getting a certificate with say www.google.com in it. Which is probably not what you want. Not blindly copying values from the CSR is a security feature (which can be configured in many different ways relaxing it). Regards, Tomas ----- Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. https://www.primekey.se/technologies/products-overview/ https://www.primekey.se/service-support/support/ On 2015-09-25 22:34, Ketan Supanekar wrote: > Hi, > > I have a question regarding End Entity profiles and the CN for > generated certificate. > > 1.I have a EE profile wherein CN is optional. > > 2.I create a EE called 'test' where CN is NOT specified. > > 3.Now I enroll a certificate using CSR using 'Public Web'. The CSE has > CN='hello' > > 4.I see that the issued certificate DOSEN'T have a CN. > > My requirement is that the generated certificate should have CN same as > the one in request. > > Is there a way to setup EJCBA EE/Certificate profiles to copy CN from > request?. > > Thanks, > > Ketan Supanekar > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > ------------------------------------------------------------------------------ _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
