Closed wmcmiller closed 2 months ago
Hi @wmcmiller. It would make sense to add that switch to the invoke functions for existing functionality in those functions, eg. retire, recover, renew, etc, but if your goal is to retry when a certificate request fails, that would go into the new certificate functions. 'Retry' needs to know what it's retrying to do. Perhaps we look at add retry functionality into New-VcCertificate
and New-VdcCertificate
on error by default and -NoRetry if folks want to turn it off?
The errors occur after what seems as a successful certificate creation using New-VcCertificate. The Certificate object is successfully created but the X.509 Certificate data is an error state. The web interface gives the option to Retry.
Invoke-VcCertificate seems like the likely function to resolve the issue. I believe this issue is rooted in the DigiCert API's limitation and to Retry by default in New-VcCertificate would probably exhaust the API even more beyond the thousands of public certificates I attempted to generate in the first place.
This issue is stale because it has been open for 60 days with no activity.
This issue was closed because it has been inactive for 30 days since being marked as stale.
Summary of the new feature/enhancement
There are scenarios where it would be helpful to retry a certificate request when the first attempt has failed. Usually this is the case where public CAs can not handle the velocity of my scripted certificate requests and Venafi TPP returns the error - "This certificate cannot be processed while it is in error state. fix any errors, and then click Retry"
Retry clears this issue and the certificate request is successful.
Reset and/or Renew does not resolve this issue.