Fraser Tweedale wrote:
On Tue, May 26, 2015 at 07:49:10AM +0200, Martin Kosek wrote:
I think a global option is sensible starting point.

We should also consider an option to use revocation reason
"certificateHold" for obj-disable and revive the certificates if the
object is re-enabled via obj-enable.  (I'm not sure whether Dogtag
makes this easy but I am pretty sure it's currently possible; and
it's a bit more work for IPA to do this, of course).

It is already supported. If you revoke with a reason of 6 then you can remove the hold using the cert-remove-hold command.


Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA:

Reply via email to