Affects Version/s: EJBCA 6.2.6
Fix Version/s: None
Customer reports an occasional issue with RAs issuing 2 or more certificates with the same username at the same time causing an exception due to one beating the other to change STATUS in the USERDATA table.
The typical usecase are RAs making +400 certificateRequests against the same user.
A couple of solutions have been proposed to customer, the preferred one is as follows:
1. certificateRequest avoids setting status to NEW and calls down the stack over local interface with flag that UserData status does not need to be checked.
2. Once a certificate has been issued when this flag is set, the UserData is never updated unless 1. it does not exist or 2. status was something else than GENERATED (also decrease request counter in such a case). This would also save parts of the database writes when renewing end entities.
Initially PrimeKey will perform a test investigation of 10d to investigate the feasibility of the proposed solution and formulate a testing strategy.