B2BSYS — x.509 Certificates

Certificates

The B2BSYS-Proxies are using different certicates for the server and the client side of the proxy. This is interesting if you want to configure a Mutual-SSL connection to a B2BSYS-Proxy.

Volkswagen CA Certificates could be downloaded from VW PKI Wiki or certdist.volkswagen.de

Server Certificates

Server Certificates are usually signed by the Volkswagen CA (VW-CA-ROOT-05 → VW-CA-PROC-07 → Server Certificate). Only the B2BSYS-Proxies reachable via Internet have a certificate signed by Verisign or Thwate. (e.g. b2bsys-prod.vwgroup.com)

The Server-DNs could be simply evaluated by Browser-Access. Usually they look like
  DN: "C=DE, O=Volkswagen AG, OU=B2B-TI, CN=b2bsys-ti.vw.vwg, L=Wolfsburg, ST=Niedersachsen"

Client Certificates

The Client Certifiate is shown by the B2BSYS-Proxy via the Mutual-SSL handshake to the Backend. Every Client Certificate is signed by the Volkswagen CA (VW-CA-ROOT-05 → VW-CA-PROC-08 → Client Certificate)

Recommendation:
Only verify the CN of the shown Client Certificate – not the whole DN! The DN can change during a certificate renewal if the cost center or structure of the associated system user changes.

B2BSYS DN of Client CertificateCA of Client CertUID
productive environment
b2bsys-prod.vwgroup.comC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-PROD VWPKI 2CDA7E5B9E788BFAVW-CA-PROC-08v9gu7xq
b2bsys-prod.b2x.vwgC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-PROD VWPKI 2CDA7E5B9E788BFAVW-CA-PROC-08v9gu7xq
b2bsys-prod.vw.vwgC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-PROD VWPKI 2CDA7E5B9E788BFAVW-CA-PROC-08v9gu7xq
b2bsys-prod.pfn.vwgC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-PROD VWPKI 2CDA7E5B9E788BFAVW-CA-PROC-08v9gu7xq
qa/qs environments
b2bsys-qsi.vwgroup.comC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0BVW-CA-PROC-08d5jbj6f
b2bsys-qsi.qs2x.vwgC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0BVW-CA-PROC-08d5jbj6f
b2bsys-qsi.vw.vwgC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0BVW-CA-PROC-08d5jbj6f
b2bsys-pl.vw.vwgC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0BVW-CA-PROC-08d5jbj6f
b2bsys-pl.q2x.vwgC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-QS VWPKI 1CDE60742BFE0D0BVW-CA-PROC-08d5jbj6f
test environments
b2bsys-ti.vw.vwgC=DE, O=Volkswagen AG, OU=1248, CN=Systemuser B2BSYS-TEST VWPKI ADF7EAD6EDFF5C70VW-CA-PROC-08e01usta
b2bsys-dev.vw.vwgno client certificate available--