Re: [Ejbca-develop] 'Allow Subject DN override' and web service call

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Sorry for spamming, but just correcting the query:

I want to make a certificate request which uses the subject DN from CSR and
not the registered end entity subject DN . I am using the certificate
profile which has 'Allow subject DN override by CSR' checked. However the
web service requests 'pkcs10Request' as well as 'certificateRequest' do not
return certificates with subject DN overridden by the CSR but uses the
registered DN only.

On the other hand, using the same CSR, the public web call 'Create
Certificate from CSR' as well as the 'createcert' CLI command generates a
certificate which has the subject DN overridden by the CSR.

Your inputs would really be very helpful.
Thanks.

Regards,
Nikita Bedmutha

On Wed, Feb 1, 2017 at 4:50 PM, Nikita Bedmutha <nik...@gs...>
wrote:

> Hi,
>
> I have a user(end-entity) created using a certificate profile which has
> 'Allow Subject DN override' checked. This end-entity is registered with
> Token as User Generated.
> When I use 'Create Certificate from CSR' option on public web, I get the
> certificate with the subject DN used while creating the CSR and not the
> registered DN.
> Now I want to achieve same using web service call. I tried the
> 'certificateRequest' and 'pkcs10' request with the same CSR that I used in
> previous Public web call. But in the web service call case, I get
> certificate with the registered DN and not overridden by the CSR.
>
> Kindly guide me how to achieve this.
>
> Thanks and Regards,
> Nikita
>
>