Hi Endi, Just want to quickly discuss certificate IDs.
Currently on ACMEBackend interface we have public BigInteger issueCertificate(String csr); I think this is a bit of a problem. e.g. Dogtag currently supports multiple issuers (LWCAs). It is incidental that serial numbers do not collide. This might not hold for other backends. Yet we need the certificate ID to uniquely identify the certificate, so that we can retrieve it, revoke it, etc. I suggest changing the return value to a string (which is how it gets stored in the ACMEOrder object anyway). I'd further suggest that by convention, where possible, the string be a representation of issuer+serial, which is a bit nicer for humans looking at the stored objects than a base64url-encoded big-endian bigint. What do you think? Cheers, Fraser _______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
