Details
-
Bug
-
Resolution: Done
-
Major
-
None
-
None
Description
We need to make sure that when the obtain-certificate operation is used to obtain a certificate from Let's Encrypt staging server and then used again to obtain a certificate from Let's Encrypt's non-staging server that the appropriate account URL is used (i.e., the account URL should start with the staging endpoint in the first case and it should start with the non-staging endpoint in the second case). For example, the following scenario should work properly:
# Try to obtain a certificate first using the staging endpoint and then again using the non-staging endpoint with the same certificate-authority-account
/subsystem=elytron/key-store=key-store3:add(credential-reference={clear-text=password},type=JKS,path=keystore3.jks)
/subsystem=elytron/certificate-authority-account=ca_letsenc3:add(alias=server,key-store=key-store3)
/subsystem=elytron/key-store=key-store3:obtain-certificate(alias=app3,certificate-authority-account=ca_letsenc3,domain-names=["mydomain.com"],agree-to-terms-of-service,algorithm=RSA,staging=true)
/subsystem=elytron/key-store=key-store3:obtain-certificate(alias=app3,certificate-authority-account=ca_letsenc3,domain-names=["mydomain.com"],agree-to-terms-of-service,algorithm=RSA,staging=false)
Other certificate authority management operations should also be able to handle switching between staging and non-staging using the same certificate-authority-account.
