Hi all,
from time to time our RA operators fail a cert-request workflow, for
example by pressing the "back" button in the Browser, where they
shouldn't do so.
If it is for a customer generated CSR, I would like to start a new
request with the same publickey/CSR, because I don't want to tell the
customer, that we screwed up hist request. However I'm getting
KEY_DUPLICATE_ERROR, when I do so. We using OpenXPKI 2.0.3-0 with pretty
much the standard workflows of "ca-one".
I suppose here is one of the possible places, where I can get around the
problem:
workflow/def/certificate_signing_request_v2.yaml
KEY_DUPLICATE_ERROR_WORKFLOW:
label:
I18N_OPENXPKI_UI_WORKFLOW_STATE_KEY_DUPLICATE_ERROR_WORKFLOW_LABEL
description:
I18N_OPENXPKI_UI_WORKFLOW_STATE_KEY_DUPLICATE_ERROR_WORKFLOW_DESC
action:
- upload_pkcs10 > CHECK_FOR_DUPLICATE_KEY
- global_noop > CHECK_FOR_DUPLICATE_KEY
- global_cancel > CLEANUP_BEFORE_CANCEL
The preferred behavior would be that CHECK_FOR_DUPLICATE_KEY only fails
if the key is not found in a successful workflow.
If that is not possible, is there a risk of breaking things, if I simply
remove the check from the workflow? If it only results in the
(theoretical) possibility to craft certificates for the same key, I can
live with it.
Cheers,
Dirk
Mit freundlichen Grüßen,
Dirk Heuvels
--
aiticon GmbH
Dirk Heuvels
Stephanstraße 1
60313 Frankfurt am Main
t. +49 69 795 83 83-0
f. +49 69 795 83 83-28
[email protected] · http://www.aiticon.com
Geschäftsführer: Matthias Herlitzius
Amtsgericht Frankfurt am Main · HRB 79310
USt.-ID-Nr.: DE 218319776
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
