Hi Stefan, the standard configuration assumes that initial requests on automation interfaces are used to bootstrap an automated renewal setup so the initial cert is created with a validity that allows an immediate renewal. You can turn this of in the endpoint config (rpc/enroll.yaml)
# Create certificates for initial requests with a short validity to # allow an immediate renewal initial_validity: +000030 Oliver Am 10.02.22 um 18:26 schrieb Stefan Weigel: > Hi, > currently I'm stuck with validity of a certificate requested via RPC. > In /etc/openxpki I have: > > rpc/myclient.conf (copy of enroll.conf): > [..] > realm = myca > [..] > [RequestCertificate] > workflow = certificate_enroll > param = pkcs10, profile, comment, signature > output = cert_identifier, certificate, chain, error_code, transaction_id > env = signer_cert, server > pickup = pkcs10, transaction_id > pickup_workflow = check_enrollment > --- > config.d/realm/myca/rpc/myclient.yaml (copy of enroll.yaml): > [..] > profile: > cert_profile: test_client > cert_subject_style: enroll > --- > config.d/realm/myca/profile/test_client.yaml (copy of tls_client.yaml): > [..] > validity: > notafter: +24 > [..] > enroll: > subject: > dn: CN=[% CN.0 %],DC=testing,DC=example,DC=com > > I can request a certificate via > curl -X POST --form method="RequestCertificate" --form pkcs10="`cat my.csr`" > http://localhost/rpc/myclient/RequestCertificate > > But it always has a validity of 1 month (validity: notafter: +01) as > tls_client has. > What's going wrong here ? > > > Thanks and best regards, > > Stefan > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
