On 6/11/2012 6:30 PM, Andrew Wnuk wrote:
>> I do hope that CLI interface provides secure two step
revocation
>> including protection against accidental revocation of CA certificate.
>
> I can change the CLI to ask for a confirmation before executing the
> operation like this:
>
> % pki cert-revoke 0x8 --reason=KEY_COMPROMISE
> Revoking certificate "0x8".
> Are you sure (Y/N)? Y
> -------------------------
> Revoked certificate "0x8"
> -------------------------
You not really after confirmation but verification, so you need more
info than just the same serial number.
You want to be sure that you are actually revoking correct certificate,
so maybe serial number and subject name would be enough.
Suppose there is a number of certs with the same subject (I'm not sure
how common this is), requiring the serial number and the subject name
might not be much more helpful than requiring the serial number alone.
How about showing the cert info in the confirmation?
% pki cert-revoke 0x8 --reason=KEY_COMPROMISE
Revoking certificate:
Serial Number: 0x8
Issuer: CN=Certificate Authority,O=EXAMPLE-COM
Subject: UID=testuser,E=testuser(a)example.com,CN=Test User
Status: VALID
Not Before: Mon Jun 11 17:29:44 CDT 2012
Not After: Sat Dec 08 16:29:44 CST 2012
Are you sure (Y/N)? Y
-------------------------
Revoked certificate "0x8"
-------------------------
In the UI you can search the certs based on other criteria such as
subject, issuer, validity, etc. In CLI this can be handled by a separate
cert-find command. Once you get the serial number you can use it to call
cert-revoke.
If you know exactly the serial number you want to revoke, you can skip
the cert-find and then call cert-revoke with --force to skip the
confirmation.
> Is this ok? How about the other add/mod/delete commands, should
we
> confirm each operation that changes the database?
Same question, do we need to do the same type of
verification/confirmation for other update operations?
--
Endi S. Dewata