Project

General

Profile

Actions

Feature #9842

closed

Add CA/certificate renewal function

Added by Jim Pingle about 5 years ago. Updated almost 5 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Certificates
Target version:
Start date:
10/22/2019
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:

Description

Currently there is no way to renew an existing certificate, you have to recreate it.

Add a function to renew a certificate, with the following features:

  • Keep the current key, or optionally generate a new key
  • Reuse the existing values for DN, SAN, digest, key type, lifetime, etc
  • Deprecated subject items can be ignored (e.g. email)
  • Force adding a SAN if it was missing
  • Optionally enforce some other changes like limiting the max lifetime on server certificates, or forcing a new key/hash if the old one is insecure (too small key, sha1 or older, etc), see #9825

Should be a button next to the certificate which opens a confirmation screen with the options (make new key, enforce stronger security, etc)

A CLI script that renews certs (found by descr or refid) would also be nice.

If it's not much more work, add CA renewal as well, but that may need moved to its own issue as it will have its own set of issues.

To me, I have backend code ready to handle the renewal, but needs more work + gui/frontend parts.

Actions

Also available in: Atom PDF