View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0008738 | CTT UA Package | 5 - General Problem | public | 2023-03-21 18:07 | 2023-05-12 16:08 |
Reporter | Ondrej Flek | Assigned To | Alexander Allmendinger | ||
Priority | normal | Severity | major | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Fixed in Version | 1.03.09-01.00.503 | ||||
Summary | 0008738: Subject Alternative Name for user x.509 certificate does not comply with RFC 5280 | ||||
Description | The Subject Alternative Name field in the ctt_ca1U_usrUR.der user x.509 certificate ("URI:compliance@opcfoundation.org") does not follow RFC 5280. As a result, some security libraries consider such certificate invalid. | ||||
Steps To Reproduce | Following is the printout of the certificate content, see the "X509v3 Subject Alternative Name:" field. openssl x509 -text -in ./PKI/certs/ctt_ca1U_usrUR.der | ||||
Additional Information | RFC 5280, Section 4.2.16, says: "When the subjectAltName extension contains a URI, the name MUST be stored in the uniformResourceIdentifier (an IA5String). The name MUST NOT be a relative URI, and it MUST follow the URI syntax and encoding rules specified in [RFC3986]. The name MUST include both a scheme (e.g., "http" or "ftp") and a scheme-specific-part. URIs that include an authority ([RFC3986], Section 3.2) MUST include a fully qualified domain name or IP address as the host. " RFC 3986, Section 3, says: "The generic URI syntax consists of a hierarchical sequence of RFC 3986, Section 4.3, says: "Some protocol elements allow only the absolute form of a URI without | ||||
Tags | No tags attached. | ||||
Files Affected | |||||
|
Updating generated user certificates to be valid certificates. For X509 UserCerts the OPC UA specification doesn't have real requirements but they need to be legal from their structure to be used. The now generated certificates follow the same structure as the OPCF Digital User Certificates provided by OPCF IT. |
|
reviewed changes in call, agreed to changes and closed issue |
Date Modified | Username | Field | Change |
---|---|---|---|
2023-03-21 18:07 | Ondrej Flek | New Issue | |
2023-04-13 15:30 | Paul Hunkar | Assigned To | => Alexander Allmendinger |
2023-04-13 15:30 | Paul Hunkar | Status | new => assigned |
2023-05-02 10:33 | Alexander Allmendinger | Status | assigned => resolved |
2023-05-02 10:33 | Alexander Allmendinger | Resolution | open => fixed |
2023-05-02 10:33 | Alexander Allmendinger | Note Added: 0019258 | |
2023-05-12 16:05 | Paul Hunkar | Project | Compliance Test Tool (CTT) Unified Architecture => CTT UA Package |
2023-05-12 16:08 | Paul Hunkar | Status | resolved => closed |
2023-05-12 16:08 | Paul Hunkar | Fixed in Version | => 1.03.09-01.00.503 |
2023-05-12 16:08 | Paul Hunkar | Note Added: 0019366 |