search

dogtagpki / pki

The Dogtag Certificate System is an enterprise-class Certificate Authority (CA) which supports all aspects of certificate lifecycle management, including key archival, OCSP and smartcard management.
https://www.dogtagpki.org
GNU General Public License v2.0
363 stars 135 forks source link

Add pki ca-cert-issue #4854

Closed edewata closed 5 days ago

edewata commented 6 days ago

The pki ca-cert-request-submit command can be used in two ways. If it's invoked with an install token, the cert will be issued immediately. If it's invoked without an install token, it will submit the request to the CA, but then the request will need to be approved, and the cert will need to be retrieved separately.

To make it easier to issue a cert, a new pki ca-cert-issue has been added which is similar to pki ca-cert-request-submit but it can approve the request and retrieve the cert immediately if invoked with the proper credentials.

pkispawn and most CI tests have been updated to use the new command. The pki ca-cert-request-submit options that take an install token have been deprecated.

sonarcloud[bot] commented 6 days ago

Quality Gate Passed Quality Gate passed

Issues
16 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
45.1% Duplication on New Code

See analysis details on SonarCloud

edewata commented 5 days ago

@fmarco76 Thanks! Both commands will work. So pki ca-cert-issue will do what pki ca-cert-request-submit does (i.e. submitting the cert request with profile authentication), but since the profile doesn't require approval the pki ca-cert-issue will skip the approval step (i.e. no CA admin/agent credentials required), and it will simply retrieve the new cert. I'll update the tests & docs for this later.