BUSINESS PROBLEM
There are customers that want to utilize this plugin to manage different certificates (for different servers) with the same subject and SANs.
Currently, when all those certificates are renewed all of them but one will be overriden. That is, they will all be mapped to the exact same object in TPP, so the certificate that was renewed last will be that object's current certificate and the rest will be put in the history.
PROPOSED SOLUTION
If the plugin allowed providing a DN or nickname in the request then only the corresponding object in TPP's policy tree will be affected, so for each server there could be a "certificate-X" object in TPP with X being a server-specific string that differentiates it from the rest.
CURRENT ALTERNATIVES
There is no good alternative.
Using an adatable log you could move somewhere else the generated certificate object right after first-issuance, so next issuance of a certificate with the same subject and SANs will not clash with that one. However, that means too that when all these certificates are renewed they will be created as individual certificates instead of being put inside the history of its corresponding certificate.
BUSINESS PROBLEM There are customers that want to utilize this plugin to manage different certificates (for different servers) with the same subject and SANs.
Currently, when all those certificates are renewed all of them but one will be overriden. That is, they will all be mapped to the exact same object in TPP, so the certificate that was renewed last will be that object's current certificate and the rest will be put in the history.
PROPOSED SOLUTION If the plugin allowed providing a DN or nickname in the request then only the corresponding object in TPP's policy tree will be affected, so for each server there could be a "certificate-X" object in TPP with X being a server-specific string that differentiates it from the rest.
CURRENT ALTERNATIVES There is no good alternative.
Using an adatable log you could move somewhere else the generated certificate object right after first-issuance, so next issuance of a certificate with the same subject and SANs will not clash with that one. However, that means too that when all these certificates are renewed they will be created as individual certificates instead of being put inside the history of its corresponding certificate.
VENAFI EXPERIENCE 5 years.