Open Aircoookie opened 1 month ago
I addressed this to some degree in the auto-gen-pki
branch now, as in that attempting to revoke a certificate without an associated CA will cause an error log entry and message instead of an unhandled exception. It sets the device onboarding state to 'Failed', this behavior is open for discussion.
This approach should ideally still be enhanced by further safeguards e.g. as outlined above.
Please give a concise description of the bug Device LDevID certificates are in a partly invalid state after deleting the associated issuing CA. This means LDevID revocation and device deletion (as this internally revokes) will fail.
What are the steps to reproduce the issue?
pki.models.CertificateModel.issuing_ca_model.RelatedObjectDoesNotExist: CertificateModel has no issuing_ca_model
Second way:
pki.models.CertificateModel.issuing_ca_model.RelatedObjectDoesNotExist: CertificateModel has no issuing_ca_model
What behavior did you expect?
This is subject to discussion. Regarding domains, I would either:
Options regarding CA:
Which version does the issue occur in? main
Optional notes and context We do have a similar problem if the CA expires, though this would definitely warrant skipping mandatory EE revocation as the certificate is no longer valid anyway once the CA cert is no longer valid.