BOI - Production, need for re-registration / re-consent

Description

Hi,
We are trying to understand the need for re-registration / re-consent when we move from a non-ETSI to OBWAC/OBSEAL or non-ETSI to QWAC/QSEAL certs.

Here is the testing scenario(org_id: 0015800001HQQs6AAH, software_id: 59kRNwzpRmQ1jNDcthhlQO)

1. Performed dynamic client registration using OBTransport/Signing (normal/non-ETSI) certs.
2. Generated OBWAC/OBSEAL certs and associated them to the software statement that was used in step 1.
3. Using the clientId/secret obtained from 1st step, tried making consent access token call using OBWAC/OBSEAL certs.

Now step3 fails with below error,

"401 - Unauthorized, { "error_description": "The subject DN configured for 59kRNwzpRmQ1jNDcthhlQO does not match the subject DN of the client certificate in the request", "error": "invalid_client"}

a. Does this mean one need to perform registration again and just associating the OBWAC/OBSEAL with an SSA(for which registration has been completed) will not work?
b. Will the above work if one is transitioning from OBWAC/OBSEAL to QWAC/QSEAL certs?
c. In either case, if there was a consent that was created using non-ETSI cert. Can this consent be used with later with OBWAC/OBSEAL or QWAC/QSEAL cert?

Thanks you.

Technical Impact

None

Workaround

None

Resolution Notes

None

Impact Assessment

None

Status

Assignee

Unassigned

Reporter

Beejal Nagar

Reference

None

Service Desk Reference

OBSD-10029

ASPSP

Query Type

None

Created (Original)

None

TPP Impact

High

TPP

OB Environment

None

Business Impact Severity

None

Share

Yes
Configure