By: Moacyr Silva Neto named 10 May 2021 at 8:03 a.m. CDT

3 Responses
Moacyr Silva Neto gravatar
Question: Validation in this part of the code of repository is ``` if (!cn.equals(client.getClientId())) { log.error("Client certificate CN does not match clientId. Reject call, CN: " + cn + ", clientId: " + client.getClientId()); } ``` Now, since the CN for our certificate was generated before we receive the client_id from the register API, how can they match? We would need to generate another certificate? Thank you for your time.

By Michael Schwartz Account Admin 10 May 2021 at 8:42 a.m. CDT

Michael Schwartz gravatar
In the client registration script, you should provide the certificate as a parameter (or uri), and set the client_id. Maybe @Madhumita.Subramaniam can provide an example?

By Madhumita Subramaniam staff 10 May 2021 at 9:56 a.m. CDT

Madhumita Subramaniam gravatar
Hi. The curl command below is an example, pass the client certificate as a parameter like its done below ``` curl -X POST -k -H 'Content-Type: application/jwt' -H 'Accept: application/json' -i '' --data 'eyJra...' --cert /root/publicClient.pem --key /root/privateClient.key ``` Here is the python code snippet : ``` cert = CertUtils.x509CertificateFromPem(configurationAttributes.get("certProperty").getValue1()) cn = CertUtils.getCN(cert) ``` Don't change ```certProperty ``` in the above lines. Hope it helps you.

By Moacyr Silva Neto named 10 May 2021 at 2:34 p.m. CDT

Moacyr Silva Neto gravatar
Thank you, it worked as expected!