Enabling automatic approval of certificate requests in OpenXPKI CA

  1. Stop the OpenXPKI service using openxpkictl stop.
  2. In nano /etc/openxpki/config.d/realm/ca-one/scep/generic.yaml, update the eligible: section:

    Old content 

    eligible:
			initial:
				value@: connector:scep.generic.connector.initial
       		args: '[% context.cert_subject_parts.CN.0 %]'
       		expect:
       			- Build
       			- New

    New content 

    eligible:
			initial:
				value: 1
				# value@: connector:scep.generic.connector.initial
				# args: '[% context.cert_subject_parts.CN.0 %]'
				# expect:
				#	- Build
				#	- New
    Notes:
    • Review the space and indention in the script file.
    • To approve certificates manually, comment value: 1, and then uncomment the other lines that are previously commented.
  3. Save the file.
  4. Start the OpenXPKI service using openxpkictl start.