How to override data from CSR when using the REST API pkcs10enroll #635
-
|
Hello EJBCA community, We would like to enroll certificates using the pkcs10enroll REST API endpoint; we don't want, however, to trust anything else than the public key from the CSR. We would like to specify the Subject DN (or its elements) and SubjectAltName separately in the payload. Is it possible using this API and, if so, how? The various examples we found on using pkcs10enroll don't seem to address the case. We are not a Java shop, so building EJBCA in development mode just to access the Swagger API is quite complicated for us. Thank you in advance for your help! Julien |
Beta Was this translation helpful? Give feedback.
Replies: 2 comments 1 reply
-
|
You do this in a two step process. First adding an endentity with the subjectDN you like, second a certenroll call with that username/enrollment code. Only the public key from the CSR will be used and the pre-registered DN will be used. |
Beta Was this translation helpful? Give feedback.
-
|
Thank you for your answer. It makes sense. I believe the endentity API is not supported on community edition, so we'll check the content of the CSR before sending it to EJBCA to ensure we are actually issuing a certificate for the right target. |
Beta Was this translation helpful? Give feedback.
-
|
With wsdl
|
Beta Was this translation helpful? Give feedback.
You do this in a two step process. First adding an endentity with the subjectDN you like, second a certenroll call with that username/enrollment code. Only the public key from the CSR will be used and the pre-registered DN will be used.