View Issue Details

IDProjectCategoryView StatusLast Update
0000790Main CAcert Websiteorganisational sectionpublic2015-03-10 20:35
Reporterlaw Assigned ToNEOatNHNG  
PrioritynormalSeverityfeatureReproducibilityN/A
Status closedResolutionfixed 
Product Version2014 Q3 
Target Version2014 Q3Fixed in Version2014 Q4 
Summary0000790: Creating organisation client certs by pasted CSR
DescriptionIt would be good to be able to issue organisational client certificates by pasted CSR. So it would not require to have the private key on the Org-Admins machine.
TagsNo tags attached.
Reviewed byNEOatNHNG, BenBE
Test Instructionshttps://bugs.cacert.org/view.php?id=790#c5026

Relationships

duplicate of 0000363 closed Organisational Client Certificate CSRs 
related to 0001156 new Search fields and pagination 
related to 0000824 closedUli60 Organisation User Certificates: Need UI improvement for proper production usage 
related to 0001101 needs workTimoAHummel general rewrite of get info from csr routine in includes/general.php 
related to 0001205 confirmed Refactor certificate creation routines into /includes/notary.inc.php 
related to 0001251 new have the possibility to push a file with multiple client csr requests to the Organisation Section 

Activities

felixd

2014-09-23 22:01

updater   ~0005025

As most parts of this feature are already implemented (but dont have a UI), I added the UI and added this feature with as few changes as possible.

https://github.com/yellowant/cacert-devel/tree/bug-790

felixd

2014-09-23 22:06

updater   ~0005026

Create a org client certificate with CSR:

Have a valid organisation in the account.
Create a client certificate.
Instead of using the Browser-Generation paste a CSR below.
Check the generated certificate.

The test is passed if the certificate is generated as desired. (correct email, correct key, ...)

felixd

2014-09-23 22:27

updater   ~0005027

I pushed an update that fixes the headers of the pem-armoring.

https://github.com/yellowant/cacert-devel/tree/bug-790

INOPIAE

2014-10-07 20:05

updater   ~0005045

On the entry page (account.php/16) there needs to be an hint how to use the CSR.
eg:
Enter the name, email and if applicable OU goto next there you can paste the CSR

BenBE

2014-10-07 21:17

updater   ~0005046

Updated texts, should be tested.

INOPIAE

2014-10-07 21:27

updater   ~0005047

I used a CSR from my personal test account.
The CSR was processed. => ok
The checking the data in the returned key shows that the personal data was replaced by tha data from the form and the org account. => ok

=> ok

StefanT

2014-11-26 18:50

updater   ~0005131

I generated a CSR in "XCA"
I used Organisation "Pink Acme Arg" and Domain "pink.org" for the Request.
My Account is being used for this Test with Email "...@pink.org"
The CSR was worked correct, and the signed Certificate was reimported successfully into XCA.

The Test was successful.

MartinGummi

2014-12-02 21:54

updater   ~0005154

I generate a CSR with XCA


I enter in XCA a different email addresses idefixx@gallien.ga


CSR:
SEQUENCE(2 elem)
OBJECT IDENTIFIER1.2.840.113549.1.9.1
IA5Stringidefixx@gallien.ga




SEQUENCE(7 elem)
SET(1 elem)
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.5.4.6
PrintableStringFR
SET(1 elem)
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.5.4.8
PrintableStringGallien
SET(1 elem)
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.5.4.7
PrintableStringAremorica
SET(1 elem)
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.5.4.10
TeletexStringObelix GmbH & Co. KG
SET(1 elem)
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.5.4.11
PrintableStringDog
SET(1 elem)
SEQUENCE(2 elem)
OBJECT IDENTIFIER2.5.4.3
PrintableStringIdefix

=> OK

NEOatNHNG

2014-12-05 00:28

administrator   ~0005160

Review OK. Mail sent to critical admins.

wytze

2014-12-05 09:18

developer   ~0005163

The fix has been installed on the production server on December 5, 2014. See also:
https://lists.cacert.org/wws/arc/cacert-systemlog/2014-12/msg00005.html

Issue History

Date Modified Username Field Change
2009-11-13 02:36 law New Issue
2011-05-15 08:47 law Relationship added duplicate of 0000363
2011-05-15 18:06 Ted Relationship added related to 0000824
2013-01-07 22:00 Werner Dworak Relationship added related to 0001101
2013-04-27 21:06 BenBE Assigned To => INOPIAE
2013-04-27 21:06 BenBE Status new => needs work
2013-08-20 16:40 Uli60 Relationship added related to 0001205
2014-02-22 07:45 INOPIAE Relationship added related to 0001156
2014-02-22 08:10 INOPIAE Relationship added related to 0001251
2014-09-23 21:20 BenBE Source_changeset_attached => cacert-devel testserver-stable bd982b20
2014-09-23 21:20 felixd Source_changeset_attached => cacert-devel testserver-stable 408c0384
2014-09-23 21:50 BenBE Source_changeset_attached => cacert-devel testserver-stable 93cab2be
2014-09-23 21:50 felixd Source_changeset_attached => cacert-devel testserver-stable de06286a
2014-09-23 22:01 felixd Note Added: 0005025
2014-09-23 22:05 BenBE Source_changeset_attached => cacert-devel testserver-stable 3274bb6e
2014-09-23 22:06 felixd Note Added: 0005026
2014-09-23 22:08 felixd Test Instructions => https://bugs.cacert.org/view.php?id=790#c5026
2014-09-23 22:08 felixd Status needs work => needs review & testing
2014-09-23 22:08 felixd Product Version => 2014 Q3
2014-09-23 22:08 felixd Target Version => 2014 Q3
2014-09-23 22:11 MartinGummi Description Updated
2014-09-23 22:27 felixd Note Added: 0005027
2014-10-07 20:05 INOPIAE Note Added: 0005045
2014-10-07 21:17 BenBE Reviewed by => BenBE
2014-10-07 21:17 BenBE Note Added: 0005046
2014-10-07 21:20 BenBE Source_changeset_attached => cacert-devel testserver-stable 85c46974
2014-10-07 21:20 felixd Source_changeset_attached => cacert-devel testserver-stable 7c3691bc
2014-10-07 21:20 felixd Source_changeset_attached => cacert-devel testserver-stable 46a2e46f
2014-10-07 21:20 felixd Source_changeset_attached => cacert-devel testserver-stable c980e162
2014-10-07 21:27 INOPIAE Note Added: 0005047
2014-11-26 18:50 StefanT Note Added: 0005131
2014-11-26 22:39 BenBE Assigned To INOPIAE => NEOatNHNG
2014-11-26 22:39 BenBE Status needs review & testing => needs review
2014-12-02 21:54 MartinGummi Note Added: 0005154
2014-12-05 00:28 NEOatNHNG Reviewed by BenBE => NEOatNHNG, BenBE
2014-12-05 00:28 NEOatNHNG Note Added: 0005160
2014-12-05 00:28 NEOatNHNG Status needs review => ready to deploy
2014-12-05 00:35 NEOatNHNG Source_changeset_attached => cacert-devel release 5596d4a3
2014-12-05 09:18 wytze Note Added: 0005163
2014-12-05 09:18 wytze Status ready to deploy => solved?
2014-12-05 09:18 wytze Fixed in Version => 2014 Q4
2014-12-05 09:18 wytze Resolution open => fixed
2015-03-10 20:35 INOPIAE Status solved? => closed