Is your feature request related to a problem? Please describe.
Assume that a certificate has been revoked by accident and that the certificate holder cannot easily replace it's certificate (e.g. a hardware device that cannot access its backend without a valid certificate and thus cannot renew its certificate, a backend service that would require rotation to function again, potentially causing a downtime). There seems to be no easy way to undo this right now.
Describe the solution you'd like
Add an HTTP endpoint to the API that allows "un-revocation" by specifying the serial number of the certificate. It should update the internal bookkeeping such that the certificate is no longer treated as revoked and automatically re-generate the CRL.
Describe alternatives you've considered
The only thing that comes to mind is somehow manually modifying vault's storage backend/database but that seems very dangerous. Perhaps there is another way but I haven't found it...
Is your feature request related to a problem? Please describe.
Assume that a certificate has been revoked by accident and that the certificate holder cannot easily replace it's certificate (e.g. a hardware device that cannot access its backend without a valid certificate and thus cannot renew its certificate, a backend service that would require rotation to function again, potentially causing a downtime). There seems to be no easy way to undo this right now.
Describe the solution you'd like Add an HTTP endpoint to the API that allows "un-revocation" by specifying the serial number of the certificate. It should update the internal bookkeeping such that the certificate is no longer treated as revoked and automatically re-generate the CRL.
Describe alternatives you've considered The only thing that comes to mind is somehow manually modifying vault's storage backend/database but that seems very dangerous. Perhaps there is another way but I haven't found it...
Explain any additional use-cases None
Additional context None