Private key is lost when the pickup for enroll or renew actions times out (VCert CLI)

[tr1ck3r]

PROBLEM SUMMARY Private key is lost when the pickup for enroll or renew actions times out with the VCert CLI

STEPS TO REPRODUCE

1. Stop the VED service on the TPP server you are using to ensure no certificates will be issued for new requests
2. Use vcert enroll (or renew) to request a certificate from the TPP server and do not specify the --no-pickup or --csr options (meaning it will use the default key generation which is local)
3. Wait 3 minutes until the pickup times out

EXPECTED RESULTS The timeout message is output but also the private key (unless the --file or --key-file are specified in which case the private key should be written to the file).

ACTUAL RESULTS The following message is output but not the private key that corresponds to the CSR that was submitted to the CA:

Operation timed out. You may try retrieving the certificate later using Pickup ID: \VED\Policy\VCert\test.venafi.example

COMMENTS/WORKAROUNDS If you know the CA is going to be slow you can specify the --no-pickup option and the private key will be output as expected.