Hi, > I have now posted the workflow diagram that is being generated when > i login as CA Operator and tries to Approve a User generated CSR. > > As you can see that the control flow keeps looping on the state > APPROVAL. > > Please help. > > When I login as RA Operator and try to approve the CSR generated by > User, i get a different situation. > > First i get the Waiting_for_Child state and then when i click on > the link at the end of the page to see the previous/parent/child > request i see that it is in PREPARED state. Then if i click on the > Approve CSR buttton available on that page then the state changes > from Waiting_for_child --> SUCCESS and the certificate generates. > The information on the login page of User still says that the CSR > is in Waiting_for_child state but the certificate can now be > downloaded from Download-->My Certificate section.
if I am not mistaken your system works properly. Certificate request approval should normally only be done by an RA Operator, the CA Operator should only run CA related operations such as CRL issuance, CA key activation etc. The ACL configuration can prevent the CA operator from approving cert requests. Another reason: maybe you raised your cert request with the same user ID you used to approve the requests? By default it is not possible to approve a cert request that was raised by the same user id. (This enforces some sort of dual control, usually you don't want people to be their own approvers for their own requests.) Regards, Martin ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
