Fraser Tweedale wrote:
On Tue, May 26, 2015 at 07:49:10AM +0200, Martin Kosek wrote:
I think a global option is sensible starting point.
We should also consider an option to use revocation reason
"certificateHold" for obj-disable and revive the certificates if the
object is re-enabled via obj-enable. (I'm not sure whether Dogtag
makes this easy but I am pretty sure it's currently possible; and
it's a bit more work for IPA to do this, of course).
It is already supported. If you revoke with a reason of 6 then you can
remove the hold using the cert-remove-hold command.
rob
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code