Validate that certificates with the same data are not repeated

[bsjaramillo]

When I request for new certificate in RA UI (/ejbca/ra) if I put data for example with an username=test1 and I download the certificate, then if I request for a new certificate with the same username, I download a certificate again. So how I can control that ? Can I validate it? Can I validate it with other data like user id ?

[primetomas]

Can you be more specific what actions you take. There are many paths in the RA web, which functions do you select. And do you reset status for the end entity in between requests? All details are needed.

[bsjaramillo]

1. I make a request in https://localhost/ejbca/ra/enrollmakenewrequest.xhtml
2. I put data like email, CN, username, user id, after finish the request, the certificate is waiting for approval, so the certificate status here si "waiting".
3. If I make a new request with the same data before its approval, I cant do make the request, the system show a message that says there is a request pending for approval with that data, which is right.
4. With a RA admin, I approve de request, so the certificate status change to Active.
5. After that if I do a make a new request with the same data, the request is sended and this is I want to prevent.

[primetomas]

Not sure why you want to prevent that? Since you are using approvals, and a work-flow where people can request whatever they want, If you allow "public" requests you can not control what they request, but you can deny the request. You can also control things like "single active certificate constraint", meaning that a single end entity can only have one active certificate, when a new one is issued the old one is revoked. You can also set constraints to limit unique subject DN, so it would not be possible to approve a certificate for another user using the same subject DN as another user is already using (it will result in an error approving it or issuing the certifciate).