Renew a certificate without having to revoke the old one #6
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
We must revoke a certificate before renewing it. In the case of an early renewal, the user cannot use his VPN anymore until he gets his new certificate.
It should be possible to renew it without having to revoke it, so that the user have the time to retrieve his new certificate.
That is not possible since we cannot have the same CN several times. A workaround is wether to not regenerate the CRL (but a bad idea because it can be necessary to regenerate it for another reason before the user has retrieved his new certificate), or to use another CN, for instance by using a timestamp.