Name

OpenXPKI::Server::Workflow::Activity::NICE::IssueCertificate;

Description

Loads the certificate signing request referenced by the csr_serial context parameter from the database and hands it to the configured NICE backend.

Note that it highly depends on the implementation what properties are taken from the pkcs10 container and what can be overridden by other means. The activity allows request types spkac and pkcs10 - you need to adjust this if you use other formats. See documentation of the used backend for details.

See OpenXPKI::Server::NICE::issueCertificate for details

Parameters

Input

csr_serial (optional): the serial number of the certificate signing request. If not set the context value with key csr_serial is used.
ca_alias (optional): the ca alias to use for this signing operation, the default is to use the "latest" token from the certsign group. Might not be supported by all backends!
transaction_id: Transaction id of the request, not required for the Local backend but might be required by some remote backends to handle polling/retry.
renewal_cert_identifier: Set to the originating certificate identifier if this is a renewal request. This will route the processing to the renewCertificate method of the NICE backend and add the old certificate identifier as predecessor using the certificate_attributes table (key system_renewal_cert_identifier).
cert_owner: The userid that should be set as certificate owner (system_cert_owner).
cert_tenant: The owner group / tenant for this certificate (system_cert_tenant).

Output

cert_identifier - the identifier of the issued certificate. Not set if the backend did not issue the certificate (also depends on error handling)