SAN value in certificate issues by EJBCA #954
-
|
I'm working on adding support for CMP in my application. And i have security requirement which says no certificate in my application should have IP-address in SAN field on certificate. I know in a typical scenario my application would send CSR with all the information including the SAN values. But i want to test a negative scenario where the CA is configured to add a particular SAN value to all the certificates it issues. I tried various configuration on keyfacotr EJBCA to try out such a scenario. But i have been unable to do so. Can someone suggest if it is possible to configure EJBCA such that a particular SAN value is always added to the certificate regardless of what is present in the CSR. |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 2 replies
-
|
Is that CMP in Client or RA mode? In client mode you just add the desired SANs to the end entity and it will be in the cert, the CSR values are always ignored. In RA mode you can try the "Allow merge DN for all interfaces" setting in the end entity profile. |
Beta Was this translation helpful? Give feedback.
-
|
Tried - ". In RA mode you can try the "Allow merge DN for all interfaces" setting in the end entity profile." but this doesn't work |
Beta Was this translation helpful? Give feedback.
Is that CMP in Client or RA mode? In client mode you just add the desired SANs to the end entity and it will be in the cert, the CSR values are always ignored. In RA mode you can try the "Allow merge DN for all interfaces" setting in the end entity profile.