Details
-
Type: Bug
-
Status: Submitted
-
Priority: Medium
-
Resolution: Unresolved
-
Affects Version/s: 6.0.0
-
Fix Version/s: None
-
Component/s: PKI
-
Labels:None
-
Account:Maintenance 2018 (MAINTENANCE2018)
Description
The email subject attribute of a certificate is shorten by GSS as "E". However, bouncycastle transform "E" into "EMAILADDRESS" during X509 generation and at display. At the end the subject in the certificate database object and in the X509 certificate is different.
It does not cause any trouble, expect while importing a certificate into GSS (CA mapping action) or trying to find a X509 certificate based on its GSS' subject, such as PKIX validation in certificate validator.
The certificate subject must be created using the long attribute version : ie "EMAILADDRESS" instead of "E".
It may also be interesting to replace all previous ",E=" substring by ",EMAILADDRESS=" in order certificate db objects match with their X509.
It does not cause any trouble, expect while importing a certificate into GSS (CA mapping action) or trying to find a X509 certificate based on its GSS' subject, such as PKIX validation in certificate validator.
The certificate subject must be created using the long attribute version : ie "EMAILADDRESS" instead of "E".
It may also be interesting to replace all previous ",E=" substring by ",EMAILADDRESS=" in order certificate db objects match with their X509.
Attachments
Issue Links
- clones
-
GSS-336 SN subject attribute is transformed by bouncycastle as SERIALNUMBER
- Closed