Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

imp should log certs that it signs #51

Open
garlick opened this issue Feb 9, 2018 · 0 comments
Open

imp should log certs that it signs #51

garlick opened this issue Feb 9, 2018 · 0 comments
Assignees
@garlick

Comments

@garlick
Copy link
Member

garlick commented Feb 9, 2018

Certs are revoked by uuid. An empty file with the uuid as name is touched in a directory on the CA. That directory is propagated (by sys admin magic) to everywhere that certs are to be verified.

It would be convenient when generating revocations if the other metadata in a cert were available: for example, to map a userid and/or time and/or "domain" to a uuid after some security event.

It would also be convenient to have at least the cert expiration date associated with the revocation so that the revocation list can be pruned of expired certs.

Possibly each newly signed cert should be copied to some configurable directory on the CA host, perhaps using the uuid as file name. Then revocation could consist of simply moving (or copying) the cert from the certs directory to the revocation directory.
@garlick garlick self-assigned this Feb 13, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@garlick garlick

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@garlick