djkormo
commented
5 months ago What is your scenario ? You delete certificate object from kubernetes and certificate in ADCS is still active ?
Open tal-hason opened 6 months ago
djkormo
commented
5 months ago What is your scenario ? You delete certificate object from kubernetes and certificate in ADCS is still active ?
tal-hason
commented
5 months ago Yes, after we removed the certificate item, we checked in the adcs and it was still present...
djkormo
commented
5 months ago The current version does not support revoking certificates.
tal-hason
commented
5 months ago Thanks, on the update, that option will be a great feature.
I will try to look over the API of the adcs to see if can assist what needs to be done to revoke a certificate.
djkormo
commented
5 months ago tal-hason
commented
5 months ago So, from the link you shared it looks like it's possible. If the current implementation is using the COM interface.
then you can use:
ICertAdmin::RevokeCertificate
COM interface to automate certificate
https://learn.microsoft.com/en-us/windows/win32/api/certadm/nf-certadm-icertadmin-revokecertificate
tal-hason
commented
5 months ago I don't remember if there is any location that holds the serial number of the created certificate, but it can be stored as annotation or in a field in the status.
djkormo
commented
5 months ago Here you have this field https://github.com/djkormo/adcs-issuer/blob/master/api/v1/adcsrequest_types.go#L55
The current implementation uses https with ntlm support.
djkormo
commented
5 months ago
Hi, I am currently implementing the adcs plugin with cert-manager, and I can't see any reference to revoking certificates when deleting the certificate item from the cluster.