Add user defined identifying label to trusted-ca's

The Hono tenant management API allows adding multiple trusted CAs which are then used as trust anchors to authenticate devices. When adding a trust anchor one has to provide some information (amongst others):

• subject-dn
• not-before
• not-after

A tenant can however have multiple trusted CAs with the same subject-dn and different expiration dates. Consider a tenant having the following CAs:

[
  {
    "subject-dn":"CN=Doors,O=ACME Inc.",
    "not-before": "2018-01-01T00:00:00+01:00",
    "not-after": "2021-01-01T00:00:00+01:00"
  },
  {
    "subject-dn":"CN=Doors,O=ACME Inc.",
    "not-before": "2021-01-01T00:00:00+01:00",
    "not-after": "2025-01-01T00:00:00+01:00"
  }
]

Now consider the scenario where these trusted CAs are listed in a UI. As they both have the same subject-dn it’s very difficult to distinguish them. They could be listed as:

• CN=Doors,O=ACME Inc. (Validity: “2018-01-01T00:00:00+01:00”-“2021-01-01T00:00:00+01:00”)
• CN=Doors,O=ACME Inc. (Validity: “2021-01-01T00:00:00+01:00”-“2025-01-01T00:00:00+01:00”)

This however is very hard to read.

A proposal therefore would be to introduce a tenant unique identifier for each certificate which the user can define herself. Then this identifier or label could be listed in the UI and all the details in a sub-view (e.g. when clicking on it):

• doors-cert-valid-until-2021
• doors-cert-valid-until-2025

When adding a trusted CA the user would then also add the (mandatory) additional text field which has to be unique to the other CAs of this tenant (proposal: cert-id):

  {
    "cert-id": "doors-cert-valid-until-2025",
    "subject-dn":"CN=Doors,O=ACME Inc.",
    "not-before": "2021-01-01T00:00:00+01:00",
    "not-after": "2025-01-01T00:00:00+01:00"
  }