Pete Kofod

Tomas: I successfully modified ejbcajslib.js and redeployed. Worked like a charm. Now I am running in to an issue in which EJBCA escapes the offending character. The end entity created allowed for the the "+" sign to remain in the URI of the SAN, but when EJBCA actually goes to create the certificate, it escapes the "+" with a "\". Can you point me off hand to which java file I need to modify? See below the relevant output from keytool. The original URI was: amqp:/abcd.x.abcd+9998 #6: ObjectId: 2.5.29.17...

For anybody interested in changing the client side javascript that does string checking, the file is located in $EJBCA_HOME/modules/admin-gui/resources/ The file is attached with inline comments. Feel free to change permitted characters. This is of course not the only check being done. Working on fixing the back end.

Tomas: I looked at the cesecore.properties. No reference to "+". The only forbidden characters are: \n\r;!\u0000%?$~ and backtick I looked at CesecoreProperties.java but it only reads the config file sting, nothing else. Any idea where I should look next? Could it be in BouncyCastle?

Tomas. Will do. thank you.

Tomas: I successfully modified ejbcajslib.js and redeployed. Worked like a charm. Now I am running in to an issue in which EJBCA escapes the offending character. The end entity created allowed for the the "+" sign to remain in the URI of the SAN, but when EJBCA actually goes to create the certificate, it escapes the "+" with a "\". Can you point me off hand to which java file I need to modify? See below the relevant output from keytool. The original URI was: amqp:/abcd.x.abcd+9998 #6: ObjectId: 2.5.29.17...

Tomas: Thank you. I think we will upgrade to the latest version.

Tomas: I think I know what causes the issue. The list of CAs appears to be dynamically populated by Javascript, so killing Javascript removes the list of CA's. Killing Javascript appears to not an option.

Version : EJBCA 6.3.1.1 Community (r21429) on jboss-as-7.1.1.Final