Closed carloscarnero closed 4 years ago
Hi @carloscarnero
Deleting does not currently issue a revocation against Let's Encrypt servers. I've thought a little about this, but not too much. Revocation has some problems of their own, but that doesn't mean it can't still be used. Here's more info from the LE site: https://letsencrypt.org/docs/revoking/
I'm thinking that a checkbox on the delete page will allow you to choose to revoke on deleting. If checked, it will perform the revocation call. If not, it'll simply delete it. How does that sound?
I'm thinking that a checkbox on the delete page will allow you to choose to revoke on deleting. If checked, it will perform the revocation call. If not, it'll simply delete it. How does that sound?
From where I stand, adding that will make certera able to cover the whole certificate lifecycle. It'd be great, IMO.
On second thought, I'm not sure I like it on the delete page anymore.
I'd like to incorporate getting the OCSP result from the issuer so you can validate that it's been revoked. If you delete the cert, you'll lose the ability to view/verify OCSP status. Perhaps, a better solution would be to make the revocation not part of delete, but on the certificate page itself. For example, when viewing the details of a certificate (the page where it shows the API keys and the history of changes), there should be an option to view the OCSP response from the CA. You can also perform revocation there on the page (and subsequently re-validate the OCSP response). If all is as expected, then you can proceed to deleting as you see fit.
Let me mull over it so things are consistent and gives the most flexible experience for everyone. I'll get back to you soon.
@carloscarnero
Please check out version 2.1.0-beta here: https://github.com/certera-io/certera/releases/tag/2.1.0-beta
It has the OCSP check and revocation ability on the certificate page. Please give that a try and let me know what you think.
It has the OCSP check and revocation ability on the certificate page. Please give that a try and let me know what you think.
I can confirm that both OCSP checks and certificate revocation work correctly! (I tried it on two different certs.) Thank you!
Thanks for confirming!
Does the action of deleting a certificate via the UI will request a revocation? If not, what should be the procedure?