Am 20.08.24 um 13:07 schrieb Scott Thomas via OpenXPKI-users:
I am generating server cert from OpenXPKI but each time it takes a lot of time of DNS lookup with
error "FQDN's with DNS lookup FAIL" and i have to "Submit with Policy
Exception".
Can we change this behavior so that OpenXPKI doesn't go for DNS lookup and
unnecssary delays.
search for 'check_policy_dns' and 'CheckDNS'
to reduce the delay you could reduce the timeout of 10s:
workflow/def/certificate_signing_request_v2.yaml:
check_policy_dns:
class: OpenXPKI::Server::Workflow::Activity::CSR::CheckPolicyDNS
param:
check_san: AC
timeout: 1
and add timeout to every call of CheckDNS: "[% USE CheckDNS(timeout = 1) %]"
if you don't want DNS lookup in your policy checks:
RUN_POLICY_CHECKS:
autorun: 1
action:
- check_policy_subject_duplicate check_policy_key_duplicate_certificate
check_policy_key_duplicate_workflow > CHECK_POLICY_VIOLATION
Best,
-ap
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
