000014739 - Certificate is issued with certdn value from CMP request rather than the one in ss.dat when CMP Server is configured with 3gpp plugin

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014739
Applies ToRSA Certificate Manager 6.9 build 554
CMP 3gpp plugin
CMP Server is configured with 3gpp plugin and using password based protection
IssueCertificate is issued with certdn value from CMP request rather than the one in ss.dat, when CMP Server is configured with 3gpp plugin
3gpp.osa documentation:
certdn=DN to be enforced for all certificates issued for this keyid
The incorrect behavior can be reproduced as follows:
1. Use CMPKeyGenUtil with CMP default onestep plugin... the cert gets certdn value picked from the CMP shared secret (this is expected result) and NOT from the request. [The result is as expected.]
2. Use CMPKeyGenUtil with CMP 3gpp plugin... the cert has certdn value picked (incorrectly) from the request rather than that defined in ss.dat. [This is incorrect behavior as per documentation.]
ResolutionThis issue has been fixed in build 555.  Apply build 555 or later to RSA Certificate Manager 6.9 to resolve this issue.
Legacy Article IDa62287

Attachments

    Outcomes