Closed gangxie112 closed 7 months ago
Checked the latest code, record in revoked_ssh_certs is only used to prevent renew cert.
Hey @gangxie112, you're correct, we currently only support CRLs for X509 certificates. We haven't had this request many times before and at this time we don't have the resources to add SSH CRLs (KRLs) support ourselves. However, we're open to a community contribution here, similar to how X509 CRLs was implemented by someone from the user community.
There's an existing issue that I think covers what you're looking for: https://github.com/smallstep/certificates/issues/256. I'm closing this issue in favor of that one. Feel free to reopen if you think this issue is warranted.
Hello!
Issue details
Why is this needed?
It seems that this is not CRL supported for ssh. I tried to revoke a ssh cert, and could found the revoked record in revoked_ssh_certs. But I tried to get CRL from /1.0/crl. The response shows that "No Revoked Certificates.". So, ssh CRL is not supported? and do we have the plan about it?