Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
When easyrsa "renews" a certificate, the current certificate is moved to a sub-directory for renewed certificates and renamed to the serial number of the certificate. This makes it difficult to subsequently revoke the old certificate. The new behaviour is for easyrsa to move the certificate without renaming the file. This means the certificate can be revoked by name. Once a renewed certificate is revoked, it is moved to the 'revoked' sub-directory, along with all other revoked certificates. The same mechanism also manages keys, requests, PKCS and inline files. Behaviour summary: * revoke moves certificates to 'revoked' - Unchanged Rename the certificate to its serial number - Unchanged * renew moves certificates to 'renewed' - Unchanged renew does not rename the certificate to its serial number - Changed Important: Only one certificate of a specific name (eg. john) can be renewed at the same time. To renew another certificate called 'john' the first MUST be revoked. * revoke-renewed: takes the certificate from 'renewed' - Changed moves the certifiate to 'revoked' - Changed renames the certificate to its serial number - Unchanged * All revoked certificates are moved to the 'revoked' sub-directory. Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
- Loading branch information
ef22701
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
#578 #579
Introduce 'revoke-renewed' #547