Project

General

Profile

Actions
Copy link

Bug #3591

closed

Impossible to edit CRLs in 2.1.1

Added by Doktor Notor over 10 years ago. Updated over 10 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Certificates
Target version:
2.1.2
Start date:
04/09/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.1
Affected Architecture:
All

Description

See https://forum.pfsense.org/index.php?topic=74935.msg408977#msg408977

Since lots of people will want/need to revoke their certs, this really should be fixed in 2.1.2

Actions
Copy link
 #1

Updated by Jim Pingle over 10 years ago

A fix is coming but ideally you'd create a whole new CA and Cert structure if you believe yours has been compromised. Re-using the CA + Revoking certs should only be done if the CA's key had no chance of being compromised.

New CA + New certs is also faster than Revoking eleventy hundred certs plus regenerating them all. If you have to reissue all new clients anyway, there's little benefit to taking the revocation path.

Actions
Copy link
 #2

Updated by Jim Pingle over 10 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions
Copy link
 #3

Updated by Jim Pingle over 10 years ago

Actions
Copy link
 #4

Updated by Doktor Notor over 10 years ago

OK, fix works, thanks. It is indeed correct that starting with a completely new CA is best solution in this case, but I'd still like to keep track of the revoked certificates.

Actions
Copy link
 #5

Updated by Chris Buechler over 10 years ago

  • Status changed from Feedback to Resolved
  • Target version set to 2.1.2
Actions
Copy link

Also available in: Atom PDF