1
General Discussion / Feature request: CRL serial gap autofill / manual serial entry
« on: August 27, 2024, 10:03:21 pm »
I'd like to suggest a feature for CRL management. Currently it is impossible to revoke a certificate which has been deleted from the certificate store. To solve this problem, I present two options:
The first option would be a checkbox to put all serials from 1 to n-1 onto the revocation list which are not present in the certificate store, n being the current serial counter from the CA.
The second option would be to have a text box for additional serials to put on the revocation list. Working out the serials manually is tedious but doable.
Either option would solve the issue, but having both would be best. A command to perform the first via Cron would be great, too.
Edit: OK it is possible to change the next serial for the CA, create a placeholder certificate and revoke that to get the serial onto the CRL, but that's unnecessarily complicated
The first option would be a checkbox to put all serials from 1 to n-1 onto the revocation list which are not present in the certificate store, n being the current serial counter from the CA.
The second option would be to have a text box for additional serials to put on the revocation list. Working out the serials manually is tedious but doable.
Either option would solve the issue, but having both would be best. A command to perform the first via Cron would be great, too.
Edit: OK it is possible to change the next serial for the CA, create a placeholder certificate and revoke that to get the serial onto the CRL, but that's unnecessarily complicated