a-martynovich
commented
5 years ago @vpetersson How do we revoke a cert? Can CA server do that?
Open vpetersson opened 5 years ago
a-martynovich
commented
5 years ago @vpetersson How do we revoke a cert? Can CA server do that?
vpetersson
commented
5 years ago @a-martynovich Yes, this should be possible to do via the cfssl library. It is however somewhat pointless right now given that we do not provide a Certificate Revocation List (CRL) yet.
a-martynovich
commented
5 years ago @vpetersson should this be implemented in wottsecurity/ca ?
vpetersson
commented
5 years ago @a-martynovich this should be implemented in the API as the API should be able to send a revocation command (but I'm not 100% certain). Let's keep this on the bottom of the list of issues for this sprint.
a-martynovich
commented
5 years ago @vpetersson When you get certain, please update the description of this task with what needs to be done.
In order to ensure we can't have two separate devices with the same ID and valid certificates, we should automatically revoke the old certificate upon successful renewal.