Hi, After removing the L324 "enter_policy_violation_comment > CHECK_FOR_SERVER_KEYGEN ? has_policy_violation" as you said to remove the "enter_policy_violation_comment" in the CSR workflow process "SUBJECT_COMPLETE" state, Here are the workflow details for duplicate subject request which still shows approve button: Execution time State Action Description User Node2021-06-22 05:20:12 INITIAL csr_select_profile EXECUTE 2021-06-22 05:20:17 SETUP_REQUEST_TYPE csr_provide_server_key_params EXECUTE 2021-06-22 05:21:14 ENTER_SUBJECT csr_edit_subject EXECUTE 2021-06-22 05:21:14 ENTER_SAN global_skip EXECUTE 2021-06-22 05:21:14 ENTER_CERT_INFO global_skip EXECUTE 2021-06-22 05:21:15 BUILD_SUBJECT global_render_subject AUTORUN 2021-06-22 05:21:15 BUILD_SUBJECT_GLOBAL_RENDER_SUBJECT_0 csr_set_workflow_attributes AUTORUN 2021-06-22 05:21:15 BUILD_SUBJECT_GLOBAL_RENDER_SUBJECT_1 csr_check_policy_dns AUTORUN 2021-06-22 05:21:15 BUILD_SUBJECT_GLOBAL_RENDER_SUBJECT_2 csr_check_policy_subject_duplicate AUTORUN 2021-06-22 05:21:17 SUBJECT_COMPLETE csr_submit EXECUTE 2021-06-22 05:21:17 SUBJECT_COMPLETE_CSR_SUBMIT_0 csr_eval_eligibility AUTORUN 2021-06-22 05:21:17 CHECK_FOR_SERVER_KEYGEN global_noop AUTORUN 2021-06-22 05:21:24 ENTER_KEY_PASSWORD csr_retype_server_password EXECUTE 2021-06-22 05:21:25 HAS_KEY_PASSWORD csr_generate_key AUTORUN 2021-06-22 05:21:25 KEY_GENERATED csr_generate_pkcs10 AUTORUN 2021-06-22 05:21:25 KEY_GENERATED_CSR_GENERATE_PKCS10_0 global_store_pkey_in_datapool AUTORUN 2021-06-22 05:21:25 NOTIFY_CSR_PENDING csr_notify_pending AUTORUN 2021-06-22 05:21:25 NOTIFY_CSR_PENDING_CSR_NOTIFY_PENDING_0 csr_flag_pending_notification_send AUTORUN 2021-06-22 05:21:25 CHECK_POLICY_VIOLATION global_noop AUTORUN RegardsScott
On Monday, 21 June 2021, 05:21:44 pm GMT+5, Oliver Welter <[email protected]> wrote: Hi Scott, use the "Workflow History" Button on the UI to check what path the user has taken and rework the workflow configuration so it matches your expectation. Oliver On Wednesday, 23 June 2021, 01:28:15 pm GMT+5, Scott Thomas via OpenXPKI-users <[email protected]> wrote: Hi, After removing the L324 "enter_policy_violation_comment > CHECK_FOR_SERVER_KEYGEN ? has_policy_violation" as you said to remove the "enter_policy_violation_comment" in the CSR workflow process "SUBJECT_COMPLETE" state, Here are the workflow details for duplicate subject request which still shows approve button: Execution time State Action Description User Node2021-06-22 05:20:12 INITIAL csr_select_profile EXECUTE 2021-06-22 05:20:17 SETUP_REQUEST_TYPE csr_provide_server_key_params EXECUTE 2021-06-22 05:21:14 ENTER_SUBJECT csr_edit_subject EXECUTE 2021-06-22 05:21:14 ENTER_SAN global_skip EXECUTE 2021-06-22 05:21:14 ENTER_CERT_INFO global_skip EXECUTE 2021-06-22 05:21:15 BUILD_SUBJECT global_render_subject AUTORUN 2021-06-22 05:21:15 BUILD_SUBJECT_GLOBAL_RENDER_SUBJECT_0 csr_set_workflow_attributes AUTORUN 2021-06-22 05:21:15 BUILD_SUBJECT_GLOBAL_RENDER_SUBJECT_1 csr_check_policy_dns AUTORUN 2021-06-22 05:21:15 BUILD_SUBJECT_GLOBAL_RENDER_SUBJECT_2 csr_check_policy_subject_duplicate AUTORUN 2021-06-22 05:21:17 SUBJECT_COMPLETE csr_submit EXECUTE 2021-06-22 05:21:17 SUBJECT_COMPLETE_CSR_SUBMIT_0 csr_eval_eligibility AUTORUN 2021-06-22 05:21:17 CHECK_FOR_SERVER_KEYGEN global_noop AUTORUN 2021-06-22 05:21:24 ENTER_KEY_PASSWORD csr_retype_server_password EXECUTE 2021-06-22 05:21:25 HAS_KEY_PASSWORD csr_generate_key AUTORUN 2021-06-22 05:21:25 KEY_GENERATED csr_generate_pkcs10 AUTORUN 2021-06-22 05:21:25 KEY_GENERATED_CSR_GENERATE_PKCS10_0 global_store_pkey_in_datapool AUTORUN 2021-06-22 05:21:25 NOTIFY_CSR_PENDING csr_notify_pending AUTORUN 2021-06-22 05:21:25 NOTIFY_CSR_PENDING_CSR_NOTIFY_PENDING_0 csr_flag_pending_notification_send AUTORUN 2021-06-22 05:21:25 CHECK_POLICY_VIOLATION global_noop AUTORUN RegardsScott On Monday, 21 June 2021, 05:21:44 pm GMT+5, Oliver Welter <[email protected]> wrote: Hi Scott, use the "Workflow History" Button on the UI to check what path the user has taken and rework the workflow configuration so it matches your expectation. Oliver Am 21.06.21 um 07:21 schrieb Scott Thomas via OpenXPKI-users: Dear Oliver I commented the line 324 "- enter_policy_violation_comment > CHECK_FOR_SERVER_KEYGEN ? has_policy_violation" and restarted the OpenXPKI daemon but OpenXPKI still gives the approve request feature. I am using OpenXPKI 3.10.2 community edition. Regards Hello Scott, ONE possible solution would be to remove the path "enter_policy_violation_comment" in the CSR workflow process "SUBJECT_COMPLETE" state, see here https://github.com/openxpki/openxpki-config/blob/community/config.d/realm.tpl/workflow/def/certificate_signing_request_v2.yaml#L324 This will leave the user with the option to cancel the workflow or change the subject. Oliver On Tuesday, 8 June 2021, 01:42:52 pm GMT+5, Scott Thomas via OpenXPKI-users <[email protected]> wrote: Dear Oliver, I just want to ensure that a certificate with duplicate subject should not be requested. How can i configure it in OpenXPKI? help me in detail. what's the Configuration to hard fail the duplicate subject request? Regards Hi Scott, I am sorry I still dont know what you are looking for - if you expect a more detailed help please describe your problem and efforts already done. Oliver Am 07.06.21 um 11:00 schrieb Scott Thomas: > Dear Oliver, > > Please guide me to configure OpenXPKI for unique subject. > > Regards On Monday, 7 June 2021, 02:02:30 pm GMT+5, Scott Thomas via OpenXPKI-users <[email protected]> wrote: Dear Oliver, Please guide me to configure OpenXPKI for unique subject. Regards On Thursday, 27 May 2021, 05:05:05 pm GMT+5, Scott Thomas <[email protected]> wrote: I didn't receive this email although I've subscribed to this mailing list. Anyhow what's the Configuration to hard fail the duplicate subject? Sent from Yahoo Mail on Android On Thu, May 27, 2021 at 2:19 AM, Oliver Welter <[email protected]> wrote: Hi Scott, did you miss my response? https://sourceforge.net/p/openxpki/mailman/message/37286181/ Oliver Am 26.05.21 um 19:46 schrieb Scott Thomas via OpenXPKI-users: > Hi. > The response on subject thread is still awaited. > A timely response will be appreciated. > Thanks > > Sent from Yahoo Mail on Android > <https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers_wl=ym_sub1=Internal_sub2=Global_YGrowth_sub3=EmailSignature> > > On Thu, May 20, 2021 at 12:02 AM, Scott Thomas via OpenXPKI-users > <[email protected]> wrote: > Bonjour, > > I have a special case that requires only one and unique certificate > should be issued per subject name. Default OpenXPKI config issues > multiple certs with same credentials. > > Does OpenXPKI support unique certificate subject through configuration? > > Regards > > Sent from Yahoo Mail on Android > ><https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers_wl=ym_sub1=Internal_sub2=Global_YGrowth_sub3=EmailSignature> > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > <mailto:[email protected]> > https://lists.sourceforge.net/lists/listinfo/openxpki-users > <https://lists.sourceforge.net/lists/listinfo/openxpki-users> > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
