Re: [OpenXPKI-users] Revocation does not seem to complete

Fri, 14 Jun 2024 11:58:04 -0700 

On Fri, June 14, 2024 12:36, Martin Bartosch wrote:

>> I was wrong.  How is this feature disabled?
>
> We discussed this before on May 10th.

I apologize for the repetition.  This is still an experimental installation and
I have been away from this particular task for some weeks.  Thus my memory
failed.

>
> In order to disable the (highly useful and recommended) key duplicate check 
> you
> will have to modify the workflow certificate_signing_request_v2 and bypass or
> remove the test for a reuse of a key.

Three things.

1. Given the duplicate check remains then what is the procedure to handle the
case when the certificate for a particular host or service is issued with
incorrect data and has to be replaced where the key cannot be changed?

2. What is the workflow to extend the certificate expiry date when the original
certificate approaches it?

3. In the workflow file I see this:

    CHECK_FOR_DUPLICATE_KEY:
        autorun: 1
        action: set_public_key_identifier check_policy_key_duplicate_workflow
check_policy_key_duplicate_certificate > CHECK_DUPLICATE_KEY_POLICY

    CHECK_DUPLICATE_KEY_POLICY:
        autorun: 1
        action:
          - global_noop > KEY_DUPLICATE_ERROR_CERTIFICATE ?
global_has_duplicate_key_certificate
          - global_noop2 > KEY_DUPLICATE_ERROR_WORKFLOW ?
global_has_duplicate_key_workflow
!global_has_duplicate_key_certificate
          - global_noop3 > ENTER_SUBJECT ? !global_has_duplicate_key_workflow
!global_has_duplicate_key_certificate


To disable this feature is it sufficient to set autorun to 0 on
CHECK_FOR_DUPLICATE_KEY; or on both CHECK_FOR_DUPLICATE_KEY and
CHECK_DUPLICATE_KEY_POLICY?  Or; should I just comment these two sections out
entirely?

Thanks,

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to