-
Notifications
You must be signed in to change notification settings - Fork 69
Description
VCert requires a subject whenever performing a certificate request, this causes failures when using a non specific subject as the subject for the certificate is already part of the user provided CSR.
BUSINESS PROBLEM
Requiring the subject even when using vcert to create an application, device and certificate in one command using a user provided csr results in an error stating the object already exists on the next run of the same playbook to perform a renewal.
When the subject matches in both the cert object and the playbook it behaves as expected and disassociates the certificate from the device and application to allow a new certificate object to be created.
The problem with this is that it will require the playbook to be altered for each and every user provided CSR to ensure the subject matches rather than being able to use the same playbook for multiple certificate requests.
PROPOSED SOLUTION
Either add the function for the subject to be extracted from the CSR or disable subject requirement when a user provided CSR is used.
CURRENT ALTERNATIVES
altering the play book to match the subject for each use
VENAFI EXPERIENCE
Venafi employee on the support team, however I am a novice in using vcert.