[Freeipa-devel] Yet another user certificates/Smart Card thread
Rob Crittenden
rcritten at redhat.com
Wed May 27 13:28:16 UTC 2015
Fraser Tweedale wrote:
> On Tue, May 26, 2015 at 07:49:10AM +0200, Martin Kosek wrote:
> I think a global option is sensible starting point.
>
> We should also consider an option to use revocation reason
> "certificateHold" for obj-disable and revive the certificates if the
> object is re-enabled via obj-enable. (I'm not sure whether Dogtag
> makes this easy but I am pretty sure it's currently possible; and
> it's a bit more work for IPA to do this, of course).
It is already supported. If you revoke with a reason of 6 then you can
remove the hold using the cert-remove-hold command.
rob
More information about the Freeipa-devel
mailing list