You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
admin-revoker has the "private-key-block" and "private-key-revoke" subcommands, which take an on-disk private key as input, extract the corresponding public key, and revoke all certificates matching that public key's SPKI Hash with reason keyCompromise.
This is good, but unfortunately sometimes we are presented with proof of key compromise (e.g. a self-signed certificate with subject "Please revoke all certificates sharing this public key") without being presented with the private key itself.
In these cases, it would be good to be able to perform similar operations with just the public key.
The text was updated successfully, but these errors were encountered:
Add a new input method flag to `admin block-key` which processes a file
containing one hexadecimal-encoded SPKI hash on each line. To facilitate
this, restructure the block-key subcommand's execution to more closely
resemble the revoke-cert subcommand, with a parallelism flag and the
ability to run many workers at the same time.
Part of #7267
Add a new "-cert-file" input mode to both `admin revoke-cert` and `admin
block-key` which operates on the serial or pubkey found in the
PEM-encoded certificate in the supplied file.
Fixes#7267
Add a new "-cert-file" input mode to both `admin revoke-cert` and `admin
block-key` which operates on the serial or pubkey found in the
PEM-encoded certificate in the supplied file.
Fixesletsencrypt#7267
admin-revoker has the "private-key-block" and "private-key-revoke" subcommands, which take an on-disk private key as input, extract the corresponding public key, and revoke all certificates matching that public key's SPKI Hash with reason keyCompromise.
This is good, but unfortunately sometimes we are presented with proof of key compromise (e.g. a self-signed certificate with subject "Please revoke all certificates sharing this public key") without being presented with the private key itself.
In these cases, it would be good to be able to perform similar operations with just the public key.
The text was updated successfully, but these errors were encountered: