Hi Harm.
why do you want to do this?
The idea of this is to just let the old certificate expire and not blow
up the CRL with "useless" revocations and there is no option to
configure it this way via a flag. You can, as always in OpenXPKI,
modify the workflow definition to implement such a behaviour.
Oli
On 15.06.23 12:33, Harm Verhagen wrote:
Hi,
I have a question on how to enable automatic revocation of renewed
certificates, /within the renewal window/.
I have an EST workflow.
I found the following options for auto revocation:
when doing enrollment (so not renew!) auto revocation can
achieved with setting:
auto_revoke_existing_certs: 1
reenrollment (renewal) /outside/ the renewal window can be done with:
(requires allow_replace: 1)
revoke_on_replace:
reason_code: superseded
Both options above work fine work, except...
They don't work when I do a renewal *inside * the renewal window. Then
the old certificate is not revoked, nor scheduled for revoke.
How can I configure auto revocation when I renew a
certificate (simplereenroll) within the renewal period?
-Harm
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
