Project

General

Profile

Bug #3591

Impossible to edit CRLs in 2.1.1

Added by Doktor Notor over 5 years ago. Updated over 5 years ago.

Status:
Resolved
Priority:
High
Assignee:
-
Category:
Certificates
Target version:
Start date:
04/09/2014
Due date:
% Done:

100%

Estimated time:
Affected Version:
2.1
Affected Architecture:
All

Description

See https://forum.pfsense.org/index.php?topic=74935.msg408977#msg408977

Since lots of people will want/need to revoke their certs, this really should be fixed in 2.1.2

Associated revisions

Revision d22169cf (diff)
Added by Jim Pingle over 5 years ago

Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric. Fixes #3591

Revision 80f48850 (diff)
Added by Jim Pingle over 5 years ago

Use an alphanumeric test rather than purely is_numericint because the ID is generated by uniqid and is not purely numeric. Fixes #3591

History

#1 Updated by Jim Pingle over 5 years ago

A fix is coming but ideally you'd create a whole new CA and Cert structure if you believe yours has been compromised. Re-using the CA + Revoking certs should only be done if the CA's key had no chance of being compromised.

New CA + New certs is also faster than Revoking eleventy hundred certs plus regenerating them all. If you have to reissue all new clients anyway, there's little benefit to taking the revocation path.

#2 Updated by Jim Pingle over 5 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100

#4 Updated by Doktor Notor over 5 years ago

OK, fix works, thanks. It is indeed correct that starting with a completely new CA is best solution in this case, but I'd still like to keep track of the revoked certificates.

#5 Updated by Chris Buechler over 5 years ago

  • Status changed from Feedback to Resolved
  • Target version set to 2.1.2

Also available in: Atom PDF