Closed TinCanTech closed 3 weeks ago
In order to sign the same request again, as-in renew, revoke must leave the CSR in place.
renew
revoke
If the key exists then it must remain for use with PKCS commands.
There is no reason to move the cert-by-serial duplicate certificate. #1177
However, there is the possibility for a new command revoke-full, which would move ALL the old files out of the way. Then build-*-full can be used.
revoke-full
build-*-full
There is also a need for some confirmation messages, to help navigate these troublesome procedures.
Instead,
expire
revoke-expired
revoke-renewed
In order to sign the same request again, as-in
renew
,revoke
must leave the CSR in place.If the key exists then it must remain for use with PKCS commands.
There is no reason to move the cert-by-serial duplicate certificate. #1177
However, there is the possibility for a new command
revoke-full
, which would move ALL the old files out of the way. Thenbuild-*-full
can be used.There is also a need for some confirmation messages, to help navigate these troublesome procedures.
Instead,
revoke
shall remove req, key and cert files (but leave the cert-by-serial in place).expire
shall leave the req and key in place, allowing a new cert to be issued.revoke-expired
andrevoke-renewed
can also leave the req and key files in place.