Pass the OCSP responder uri to CSR method

src/takrmapi/config.py

@@ -64,3 +64,8 @@ def read_deployment_name() -> str:
 # Used for mission pkgs
 TAK_SERVER_FQDN: str = cfg("TAK_SERVER_FQDN", cast=str, default=read_tak_fqdn())
 TAK_SERVER_NAME: str = cfg("TAK_SERVER_NAME", cast=str, default=read_deployment_name())
+
+# due to CFSSL issues we add this directly to CSR
+OCSP_RESPONDER: str = cfg(
+    "OCSP_RESPONDER", cast=str, default="https://localmaeher.pvarki.fi:4439/ca/ocsp"  # needs to be the public URL
+)

src/takrmapi/tak_helpers.py

@@ -80,7 +80,7 @@ async def create_user_dir_and_files(self) -> None:
         certpath = self.userdata / f"{certcn}.pem"
 
         ckp = await async_create_keypair(privpath, pubpath)
-        csrpem = await async_create_client_csr(ckp, csrpath, {"CN": self.certcn})
+        csrpem = await async_create_client_csr(ckp, csrpath, {"CN": self.certcn}, ocsp_uri=config.OCSP_RESPONDER)
 
         async with (await self.helpers.tak_mtls_client()) as session:
             url = f"{self.rm_base}api/v1/product/sign_csr/mtls"