Hi,
I consider it a bug, but it might be intention:
- new PKCS#10 request - edit request - approve request - issue cert - revoke cert (e. g. because you have made a mistake when editing the request)
-> now cert technically does not exist
- add the *same* PKCS#10 request again - edit request - approve request
-> Error 700: certificate with the same public key already exists, please revoke the certificate and delete the request
As the certificate is already revoked, approval and re-issuance should work in this case. Of course if revocation reason was key compromise this is entirely a different matter.
Is this a bug or expected behaviour?
It is an expected behaviour but it has nothing to do with the revocation. The idea is that all public keys are fully trackable. This requires that I can track down a public key always until the first request.
So if you have issued a wrong certificate then please revoke, go to the archived request and renew this request. A new request will be created with a reference to the original request. We don't check for the public key in this situation because we know that the check was already performed for the first request and we can track the public key.
Does this be an understandable explanation? Does it make sense for you?
Michael -- _______________________________________________________________
Michael Bell Humboldt-Universitaet zu Berlin
Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
------------------------------------------------------- This SF.Net email is sponsored by: YOU BE THE JUDGE. Be one of 170 Project Admins to receive an Apple iPod Mini FREE for your judgement on who ports your project to Linux PPC the best. Sponsored by IBM. Deadline: Sept. 24. Go here: http://sf.net/ppc_contest.php _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
