Hi Jeremie,
the idea on renewal is to get the exact same certificate with a new key
so you can skip approvals which would not be the case if you change the
SANs. It is of course possible to change this behaviour by editing the
workflow, the "prepare_renewal" activity in the enrollment workflow is
the place where the old information overwrites the incoming request - so
if you remove this, it should be possible but as said, this might
undermine all your approval mechanisms and issue certificates without
the expected validatiions.
Oliver
Am 10.08.22 um 17:20 schrieb Jérémie HUNEL via OpenXPKI-users:
Hi there,
I’d like to change the SAN (and other x509v3 extension fields, as the
key usage) in my certificate when performing a renewal. Is there any
option on OpenXPKI to do that? For now, I get the same SAN in the
renewed certificate although my CSR contains the new data… any clues on
that topic?
Thanks for help,
Jeremie.
Internal
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
