Skip to content

[BUG] Key-pair generation should not be proposed if EE profile does not allow it (new request) #1057

Description

@benoiton

With EJBCA CE v9.3.7, Wildfly 35, PostgreSQL 16, Java 21, on Rocky 9. Firefox 152.

Context

  • Brand new CA
  • New CA profile from ENDUSER
    • ECDSA P-256
    • only my new CA
  • New EE profile
    • only my new CA profile
    • only my new CA
    • only P12 token

New request on RA

Commands with an "operator" account, on a role which has no right for cert creation.

  • Certificate type: my EE profile
  • Key-pair generation: By the CA
  • Username, password, email
  • (double) click on "Download PKCS#12"

A warning message appears: "You are not authorized to execute this operation "

The EE is created, with "New" status.

New test key-pair generation set at "Postpone" succeed. (Only PKCS#12 token is possible)

=> The choice for key-pair generation should not be proposed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions