Menu
▾
▴
Re: [Ejbca-develop] Revoke certificate without reason
|
From: Michael P. <M.P...@pa...> - 2015-04-07 14:43:13
|
I can select "unspecified" but as far as I understand the RFC if you have no meaningful reason the reason SHOULD be omitted instead of just specifying "unspecified". I know it's only cosmetic and it doesn't bother me at all, but I thought it might be worth thinking about. It's only a "SHOULD" though, which according to RFC means "... that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course." so it's not really mandatory. As for the revocation reasons: "Cessation of operation" as far as I understand should be used if an (Intermediate) CA is brought out of service (0). "Superseded" on the other hand is used if you replace a certificate with a new one. For now I've chosen "Affiliation changed" as the client certificate was for a non-existing test-person who is now no longer doing "business" with us, I think that's the most appropriate. At the end it doesn't matter at all. We use the PKI internally and nobody will ever bother with the CRL's I guess ;-). cheers nomike -----Ursprüngliche Nachricht----- Von: Tomas Gustavsson [mailto:to...@pr...] Gesendet: Dienstag, 7. April 2015 16:25 An: ejb...@li... Betreff: Re: [Ejbca-develop] Revoke certificate without reason I have no problem selecting "unspecified" as revocation reason, from the list of revocation reasons. What do you see? Which screen in the admin GUI? "Cessation of operation" or "Superseded" sounds like a suitable reason for test certificates. Cheers, Tomas ----- Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. http://www.primekey.se/Products/EJBCA+PKI/ http://www.primekey.se/Services/Support/ On 2015-04-07 15:07, Michael Postmann wrote: > Hi! > > According to RFC 5280 (p. 69) "CRL issuers are strongly > > encouraged to include meaningful reason codes in CRL entries; > > however, the reason code CRL entry extension SHOULD be absent instead > > of using the unspecified (0) reasonCode value." > > However when I want to revoke a certificate on the web interface it's > not possible to select no reason. > > Is this intentionally left out or is there another way to achieve this? > > Besides that, what I actually want to do is to revoke some certificates > I issued for testing the PKI. What's the most appropriate reason for that? > > regards > > nomike > > -- > > *Michael Postmann* > > Application Engineer > > paysafecard.com <http://paysafecard.com/>Wertkarten GmbH > Am Euro Platz 2, A-1120 Wien > > phone: +43 1 / 720 83 80 - 649 > fax: +43 1 / 720 83 80 - 12 > > mobile: +43 676 / 765 77 31 > > skype: nomike31 > mail: m.p...@pa... <mailto:m.p...@pa...> > > web: www.paysafecard.com <http://www.paysafecard.com/> > > Firmenbuch: FN 194434h > Handelsgericht Wien > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > ------------------------------------------------------------------------------ BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT Develop your own process in accordance with the BPMN 2 standard Learn Process modeling best practices with Bonita BPM through live exercises http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF _______________________________________________ Ejbca-develop mailing list Ejb...@li... https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
