Renew a certificate without having to revoke the old one #6

Closed
opened 2020-11-30 12:15:25 +01:00 by jdubois · 1 comment
Owner

We must revoke a certificate before renewing it. In the case of an early renewal, the user cannot use his VPN anymore until he gets his new certificate.

It should be possible to renew it without having to revoke it, so that the user have the time to retrieve his new certificate.

We must revoke a certificate before renewing it. In the case of an early renewal, the user cannot use his VPN anymore until he gets his new certificate. It should be possible to renew it without having to revoke it, so that the user have the time to retrieve his new certificate.
Author
Owner

That is not possible since we cannot have the same CN several times. A workaround is wether to not regenerate the CRL (but a bad idea because it can be necessary to regenerate it for another reason before the user has retrieved his new certificate), or to use another CN, for instance by using a timestamp.

That is not possible since we cannot have the same CN several times. A workaround is wether to not regenerate the CRL (but a bad idea because it can be necessary to regenerate it for another reason before the user has retrieved his new certificate), or to use another CN, for instance by using a timestamp.
Sign in to join this conversation.
No Label
No Milestone
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: evolix/shellpki#6
No description provided.