In the new finalizeURL approach to orders, do order objects need to contain a CSR after a user attempted to finalize the order, or after the order is finalized? Would the CA have to store the CSR after it's posted, or after the certificate is issued?
>From the text, I assume that the body of the finalizeURL is a POST containing an ACME JWS message whose payload is a JSON object with the "csr" field. Is that correct? What would this POST look like? I'm asking these questions because I haven't been able to find an example of the finalizeURL POST in the draft ( https://github.com/ietf-wg-acme/acme/blob/master/draft-ietf-acme-acme.md), and because I see "csr" fields in some of the order objects. I've created a branch of my fork of the GitHub repository ( https://github.com/uhhhh2/acme/tree/remove-csr-fields-from-order-and-add-example-finalize-post) with my understanding of the new finalizeURL POST. Specifically, in this branch, I am assuming that the CSR is not stored as part of the order. I am also assuming that the finalizeURL POST is an ACME JWS message whose payload is a JSON object with the "csr" field (which is in the same base64url format it was in before finalizeURL was introduced). Am I understanding the finalizeURL correctly? Sincerely, Logan Widick
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme
