Failures in the dice-mfg sign-cert and dice-mfg manufacture subcommands make for an awkward situation if they happen after we've generated the certificate: simply re-running the command will fail (unless we burn the serial number) because the CA has already issued a cert w/ this subject.
This isn't an unrecoverable situation: we can walk through the programming steps manually to complete the process. But this is a "high touch" solution and less than ideal.
Currently if the --intermediate-cert provided to the manufacture subcommand doesn't exist or is a directory we'll end up in this situation. To minimize the potential for this to happen we must:
check inputs as best we can before we reach this critical point
push this critical point (cert signing) as far back / late in the process as possible
Failures in the
dice-mfg sign-cert
anddice-mfg manufacture
subcommands make for an awkward situation if they happen after we've generated the certificate: simply re-running the command will fail (unless we burn the serial number) because the CA has already issued a cert w/ this subject.This isn't an unrecoverable situation: we can walk through the programming steps manually to complete the process. But this is a "high touch" solution and less than ideal.
Currently if the
--intermediate-cert
provided to themanufacture
subcommand doesn't exist or is a directory we'll end up in this situation. To minimize the potential for this to happen we must: