Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add revoke-renewed to revoke renewed certificate #394

Closed
wants to merge 1 commit into from
Closed

Add revoke-renewed to revoke renewed certificate #394

wants to merge 1 commit into from

Conversation

tshikose
Copy link

Actually if one successfully renew a certificate with renew command, a new certificate is created (and placed in pki/issue folder) while the old one is moved to pki/renewed/certs_by_serial and renamed based on its serial.
The problem is that there is no easy way to revoke the previous certificate.
The proposed revoke-renewed command, takes the previous certificate serial and get the previous certificate from pki/renewed/certs_by_serial folder and revoke it.
Then it moves the just revoked certificate (and its associated req, key, p12...) to folders under pki/renewed_then_revoked.

@tshikose
Add revoke-renewed to revoke renewed certificate
c2462ec 
Actually if one successfully renew a certificate with renew command, a new certificate is created (and placed in pki/issue folder) while the old one is moved to pki/renewed/certs_by_serial and renamed based on its serial.
The problem is that there is no easy way to revoke the previous certificate.
The proposed revoke-renewed command, takes the previous certificate serial and get the previous certificate from pki/renewed/certs_by_serial folder and revoke it.
Then it moves the just revoked certificate (and its associated req, key, p12...) to folders under pki/renewed_then_revoked.
@TinCanTech TinCanTech self-assigned this Mar 16, 2022
@TinCanTech TinCanTech added this to the v3.0.9 milestone Mar 29, 2022
This was referenced Mar 29, 2022
Closed
Closed
@TinCanTech
Copy link
Collaborator

@tshikose This is a good start but it needs improvement.

Example: You test for the existence of files after you have used them.

@TinCanTech TinCanTech added feedback welcome development Possible changes Priority Acknowledged priority labels Mar 29, 2022
@TinCanTech TinCanTech mentioned this pull request Apr 27, 2022
Merged
@TinCanTech
Copy link
Collaborator

TinCanTech commented Apr 27, 2022
edited

@tshikose Thank you for your contribution.

Commit ef22701 partially incorporated this PR.

Unfortunately, finding a complete solution to the problem of:

  • "revoking a renewed certificate requires serial number"

required a lot of changes not covered by your PR.

With apologies, it was not possible to merge this PR.

However, this original PR has been logged in ChangeLog.

@TinCanTech TinCanTech closed this Apr 27, 2022
@TinCanTech
Copy link
Collaborator

Closed via ef22701

@tshikose
Copy link
Author

tshikose commented May 20, 2022 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TinCanTech TinCanTech

Labels
development Possible changes feedback welcome initial-approval Priority Acknowledged priority
Projects
None yet
Milestone
v3.1.0
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@tshikose @TinCanTech