Closed TinCanTech closed 3 weeks ago
In order to sign the same request again, as-in renew, revoke must leave the CSR in place.
renew
revoke
If the key exists then it must remain for use with PKCS commands.
There is no reason to move the cert-by-serial duplicate certificate. #1177
However, there is the possibility for a new command revoke-full, which would move ALL the old files out of the way. Then build-*-full can be used.
revoke-full
build-*-full
There is also a need for some confirmation messages, to help navigate these troublesome procedures.
Instead,
expire
revoke-expired
revoke-renewed
In order to sign the same request again, as-in
renew,revokemust leave the CSR in place.If the key exists then it must remain for use with PKCS commands.
There is no reason to move the cert-by-serial duplicate certificate. #1177
However, there is the possibility for a new command
revoke-full, which would move ALL the old files out of the way. Thenbuild-*-fullcan be used.There is also a need for some confirmation messages, to help navigate these troublesome procedures.
Instead,
revokeshall remove req, key and cert files (but leave the cert-by-serial in place).expireshall leave the req and key in place, allowing a new cert to be issued.revoke-expiredandrevoke-renewedcan also leave the req and key files in place.