Majic Projects
Gimmecert
Go to the previous open issue
Go to the previous issue (open or closed)
star_faded.png
Please log in to bookmark issues
icon_project.png Gimmecert / Closed Feature request GC-19 Ability to update server certificate DNS subject alternative names
action_vote_minus_faded.png
0
Votes
action_vote_plus_faded.png
Go to the next issue (open or closed)
Go to the next open issue
This issue has been closed with status "Closed" and resolution "RESOLVED".
Issue basics
  • Type of issue
    Feature request
  • Category
    Not determined
  • Targetted for
    0.1.0
  • Status
    Closed
  • Progress
  • Priority
    Not determined
User pain
  • Type of bug
    Not triaged
  • Likelihood
    Not triaged
  • Effect
    Not triaged
Affected by this issue (0)
There are no items
People involved
Times and dates
  • Posted at
  • Last updated
  • Estimated time
    4 hours
  • Time spent
    4 hours
    Click here to see time logged against this issue
Issue details
  • Resolution
    RESOLVED
Attachments (0)
There is nothing attached to this issue
Duplicate issues (0)
This issue does not have any duplicates
Description

From time to time it might be necessary to replace an issued server certificate with a new one where the DNS subject alternative name has been updated.

This might be necessary in cases where:

  • Initial DNS subject alternative name provided is wrong.
  • Additional DNS subject alternative names have been provided by mistake.
  • A new DNS subject alternative names need to be added.

The following should be done:

  • Add option to server command for renewing existing server certificate with updated naming provided.
  • The new option should:
    • Preserve the server private key during generation if it exists.
    • If the private key does not exist, it should be generated, and command should proceed as usual.
    • Issue a new certificate using the passed-in naming information.
    • If the private key and certificate have previously existed, overwrite the existing certificate.
    • If the certificate has previously existed and was overwritten, signal to user that only the certificate has been replaced.
  • New functionality should be implemented with the following constraints in mind:
    • Make sure the existing private key is preserved.
    • Certificate should be otherwise generated in same manner as when generating a completely new one. The only thing that changes is whether private key gets generated or not.
    • Examples in CLI help should be updated.

Documentation should cover:

  • New option usage, with examples on how to both add more DNS subject alternative names or to remove them altogether.
Todos (0 / 0)
There are no comments