Hi Endi,
Just want to quickly discuss certificate IDs.
Currently on ACMEBackend interface we have
public BigInteger issueCertificate(String csr);
I think this is a bit of a problem. e.g. Dogtag currently supports
multiple issuers (LWCAs). It is incidental that serial numbers do
not collide. This might not hold for other backends. Yet we need
the certificate ID to uniquely identify the certificate, so that we
can retrieve it, revoke it, etc.
I suggest changing the return value to a string (which is how it
gets stored in the ACMEOrder object anyway).
I'd further suggest that by convention, where possible, the string
be a representation of issuer+serial, which is a bit nicer for
humans looking at the stored objects than a base64url-encoded
big-endian bigint.
What do you think?
Cheers,
Fraser