Certificates
The B2BSYS-Proxies are using different certicates for the server and the client side of the proxy. This is interesting if you want to configure a Mutual-SSL connection to a B2BSYS-Proxy.
Volkswagen CA Certificates could be downloaded from VW PKI Wiki or certdist.volkswagen.de
Server Certificates
Server Certificates are usually signed by the Volkswagen CA (VW-CA-ROOT-05 → VW-CA-PROC-07 → Server Certificate). Only the B2BSYS-Proxies reachable via Internet have a certificate signed by Verisign or Thwate. (e.g. b2bsys-prod.vwgroup.com)
The Server-DNs could be simply evaluated by Browser-Access. Usually they look like
DN: "C=DE, O=Volkswagen AG, OU=B2B-TI, CN=b2bsys-ti.vw.vwg, L=Wolfsburg, ST=Niedersachsen"
Client Certificates
The Client Certifiate is shown by the B2BSYS-Proxy via the Mutual-SSL handshake to the Backend. Every Client Certificate is signed by the Volkswagen CA (VW-CA-ROOT-05 → VW-CA-PROC-08 → Client Certificate)
Recommendation:
Only verify the CN of the shown Client Certificate – not the whole DN!
The DN can change during a certificate renewal if the cost center or structure of the associated
system user changes.
| B2BSYS | DN of Client Certificate | CA of Client Cert | UID |
|---|---|---|---|
| productive environment | |||
| b2bsys-prod.vwgroup.com | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-PROD VWPKI 2CDA7E5B9E788BFA | VW-CA-PROC-08 | v9gu7xq |
| b2bsys-prod.b2x.vwg | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-PROD VWPKI 2CDA7E5B9E788BFA | VW-CA-PROC-08 | v9gu7xq |
| b2bsys-prod.vw.vwg | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-PROD VWPKI 2CDA7E5B9E788BFA | VW-CA-PROC-08 | v9gu7xq |
| b2bsys-prod.pfn.vwg | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-PROD VWPKI 2CDA7E5B9E788BFA | VW-CA-PROC-08 | v9gu7xq |
| qa/qs environments | |||
| b2bsys-qsi.vwgroup.com | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0B | VW-CA-PROC-08 | d5jbj6f |
| b2bsys-qsi.qs2x.vwg | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0B | VW-CA-PROC-08 | d5jbj6f |
| b2bsys-qsi.vw.vwg | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0B | VW-CA-PROC-08 | d5jbj6f |
| b2bsys-pl.vw.vwg | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0B | VW-CA-PROC-08 | d5jbj6f |
| b2bsys-pl.q2x.vwg | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0B | VW-CA-PROC-08 | d5jbj6f |
| test environments | |||
| b2bsys-ti.vw.vwg | C=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-TEST VWPKI ADF7EAD6EDFF5C70 | VW-CA-PROC-08 | e01usta |
| b2bsys-dev.vw.vwg | no client certificate available | - | - |