Replies: 1 comment 2 replies
-
|
That is as it should. Each CMP call is a new enrollment request and will issue a new certificate. There is no such thing as a "request for same certificate". Your request (Certificate Signing Request in CRMF, RFC4211, format) may look the same, but it is a request for a new certificate with those details every time. |
Beta Was this translation helpful? Give feedback.
-
|
The same thing happens with one of the REST endpoints. Does this imply that it is the responsibility of the client application to protect the EJBCA CA server from potential flooding by implementing a mechanism to limit the number of certificate issuance requests for valid certificates? |
Beta Was this translation helpful? Give feedback.
-
|
You are using these end points in "RA mode". This means that your client is a trusted entity, strongly authenticated and authorized. So yes, the RA client is supposed to be able to make the decision to issue. An RA is not the general public. See here: https://docs.keyfactor.com/ejbca/latest/cmp#id-(9.2)CMP-ClientModeforCMPClient_mode_for_CMP For generic information on what an RA is: |
Beta Was this translation helpful? Give feedback.
-
Hello,
Recently, I was testing certificate generation using the CMP protocols in the community version of EJBCA 8.3.2. When I submit multiple requests for the same certificate to the CMP endpoint, I receive a new certificate each time. Am I missing a configuration setting or something else?
Beta Was this translation helpful? Give feedback.
All reactions