I have a Ciphermail 6.2.5 installation and I’m testing the CMP Handler with our EJBCA. I can issue a certificate via a certification request on the EJBCA, where the “subject DN” of the Certificate is set as follows: E=email-address,CN=email-address
In my view, this is correct.
My problem now is that the “Subject Alternative Name” field of the Certificate remains empty. Actually, the following should be set here: rfc822name=email-address
The EJBCA log file shows that the “subjectaltname=” field is empty in the CMP Request from Ciphermail.
Is it possible to configure in Ciphermail which fields are included in the CMP request?
Unfortunately, I can’t find anything in the documentation.
Since we do not have a lot of experience with EJBCA, I think it’s best to ask EJBCA for help. I think it’s the job of an CA/RA to add the required fields. Since the email address is in the DN, I assume it should be possible for EJBCA to also add a subject alternative field.
Hi Martijn,
You were right. I did some more research and ran some tests. In the EJBCA “End Entity Profile” I had to enable the configuration option “Allow merge DN for all interfaces.” This ensures that the email address provided in the CMP request is copied into the “rfc822name” of the Subject Alternative Name.
Thanks
Stephan
To to hear to hear you got it fixed. Did not know about this option (Allow merge DN for all interfaces).