Closed tr1ck3r closed 3 years ago
Also, if I disable the O, OU, L, ST, and C on the Certificate Issuing Template (clear the regular expression), I get a null pointer exception when the expected behavior would have still been to successfully enroll and for the issued certificate to have no O, OU, L, ST, or C. That Issuing Template configuration is how you require those values to be empty.
java.lang.NullPointerException
at com.venafi.vcert.sdk.connectors.ZoneConfiguration.isComponentValid(ZoneConfiguration.java:190)
at com.venafi.vcert.sdk.connectors.ZoneConfiguration.validateCertificateRequest(ZoneConfiguration.java:142)
at com.venafi.vcert.sdk.connectors.cloud.CloudConnector.generateRequest(CloudConnector.java:181)
at com.venafi.vcert.sdk.VCertClient.generateRequest(VCertClient.java:140)
at CloudClient.main(CloudClient.java:101)
PROBLEM SUMMARY Cannot enroll a certificate from Venafi Cloud without a "complete" Subject DN
STEPS TO REPRODUCE
final VCertClient client = new VCertClient(config);
final Authentication auth = Authentication.builder() .apiKey("aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa") .build();
client.authenticate(auth);
final ZoneConfiguration zoneConfiguration = client.readZoneConfiguration("zzzzzzzz-zzzz-zzzz-zzzz-zzzzzzzzzzzz");
CertificateRequest certificateRequest = new CertificateRequest().subject( new CertificateRequest.PKIXName() .commonName("common-name-only.venafi.example")) .dnsNames(Arrays.asList("dns-san1.venafi.example", "dns-san2.venafi.example", "dns-san3.venafi.example")) .keyType(KeyType.RSA) .keyLength(2048);
certificateRequest = client.generateRequest(zoneConfiguration, certificateRequest); client.requestCertificate(certificateRequest, zoneConfiguration);
com.venafi.vcert.sdk.VCertException: The requested Organization does not match any of the allowed Organization regular expressions at com.venafi.vcert.sdk.connectors.ZoneConfiguration.validateCertificateRequest(ZoneConfiguration.java:143) at com.venafi.vcert.sdk.connectors.cloud.CloudConnector.generateRequest(CloudConnector.java:181) at com.venafi.vcert.sdk.VCertClient.generateRequest(VCertClient.java:140) at CloudClient.main(CloudClient.java:101)