Page Comparison

...

Certificate profile info provider is a Java class that knows how to read/write the information required by the X-Road from/to certificates. Certificate profile info provider is a Java class must implement CertificateProfileInfoProvider interface that has methods for:

1. Storing the required information (required by both the X-Road and CA) in a CSR when a new certificate request is generated.

2. Parsing instance identifier, member class and member code from a certificate.

Technically, the X-Road requires instance identifier, member class and member code to be present in sign certificate only – the X-Road does not read any values from authentication certificate.

...

The certificate profile used in Finland:

Sign cert:

C=<contry code>
O=<organization name>
serialNumber=<instanceIdentifier>/<serverCode>/<memberClass>
CN=<organization business id>

Authentication cert:

C=<contry code>
O=<organization name>
serialNumber=<instanceIdentifier>/<serverCode>/<memberClass>
CN=<security server FQDN>

The X-Road requires instance identifier, member class and member code to be present in the sign cert.

...

Java classes that implement the profile:

• https://github.com/nordic-institute/X-Road/blob/develop/src/common/common-util/src/main/java/ee/ria/xroad/common/certificateprofile/impl/FiVRKCertificateProfileInfoProvider.java

• https://github.com/nordic-institute/X-Road/blob/develop/src/common/common-util/src/main/java/ee/ria/xroad/common/certificateprofile/impl/FiVRKAuthCertificateProfileInfo.java

• https://github.com/nordic-institute/X-Road/blob/develop/src/common/common-util/src/main/java/ee/ria/xroad/common/certificateprofile/impl/FiVRKSignCertificateProfileInfo.java

• https://github.com/nordic-institute/X-Road/blob/develop/src/common/common-util/src/main/java/ee/ria/xroad/common/util/FISubjectClientIdDecoder.java

...