It worked! Thank you for your help Martin! On Mon, Aug 2, 2021 at 4:11 PM Martin Bartosch via OpenXPKI-users < [email protected]> wrote:
> Hi, > > > Is it possible to check if the certificate subject is unique across all > realms on the openxpki server? I am using openxpki community edition. > > OpenXPKI is a workflow based system, so literally almost any conceivable > business logic can be implemented. We distribute a set of default workflows > which implement some common and sensible assumptions. One of the > assumptions is that PKI Realms are logically separate name spaces, making > it possible to any number of distinct and independent CAs on the same > OpenXPKI instance. The default system hence only considers uniqueness of > subjects within the same PKI Realm, not across other realms. > > I am not sure and have not tested this, but by looking at the code and > configuration you could try the following: > > In the workflow/def/certificate_signing_request_v2.yaml of your desired > realm change the subject policy test from > > check_policy_subject_duplicate: > class: > OpenXPKI::Server::Workflow::Activity::CSR::CheckPolicySubjectDuplicate > param: > allow_renewal_period: "+0003" > > > to > > check_policy_subject_duplicate: > class: > OpenXPKI::Server::Workflow::Activity::CSR::CheckPolicySubjectDuplicate > param: > any_realm: 1 > allow_renewal_period: "+0003" > > > This should consider the subject test across all realms. This is untested. > > Cheers > > Martin > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
