From 15c46ebbaa65427b069abcce907d07535a59d629 Mon Sep 17 00:00:00 2001
From: Herman Slatman <hermanslatman@hotmail.com>
Date: Mon, 25 Sep 2023 22:00:30 +0200
Subject: [PATCH] Switch logic for SCEP initialization around

---
 authority/authority.go | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/authority/authority.go b/authority/authority.go
index a3d068a1..1ba480af 100644
--- a/authority/authority.go
+++ b/authority/authority.go
@@ -678,7 +678,11 @@ func (a *Authority) init() error {
 		options.Roots = a.rootX509Certs
 		options.Intermediates = a.intermediateX509Certs
 		options.SignerCert = options.Intermediates[0]
-		if a.config.IntermediateKey != "" {
+		if a.scepSigner != nil {
+			options.Signer = a.scepSigner
+			options.Decrypter = a.scepDecrypter
+			options.DecrypterCert = a.scepCertificate
+		} else {
 			if options.Signer, err = a.keyManager.CreateSigner(&kmsapi.CreateSignerRequest{
 				SigningKey: a.config.IntermediateKey,
 				Password:   a.password,
@@ -705,10 +709,6 @@ func (a *Authority) init() error {
 					options.DecrypterCert = options.Intermediates[0]
 				}
 			}
-		} else {
-			options.Signer = a.scepSigner
-			options.Decrypter = a.scepDecrypter
-			options.DecrypterCert = a.scepCertificate
 		}
 
 		// provide the current SCEP provisioner names, so that the provisioners