View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0001026 | Main CAcert Website | certificate issuing | public | 2012-03-24 07:50 | 2013-02-12 21:45 |
| Reporter | INOPIAE | Assigned To | Uli60 | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | needs work | Resolution | open | ||
| Summary | 0001026: Server Certificate was revoked but not by the user | ||||
| Description | According to Ticket s20120322.119 a user reported that one of his server certificates with a expiration date 2013-01-28 16:16:19 was revoked on 2012-03-20 01:21:35. The user reports that he did not revoke the certificate himself. | ||||
| Tags | No tags attached. | ||||
| Reviewed by | |||||
| Test Instructions | |||||
| related to | 0000773 | closed | BenBE | No confirmation of revocation of server certificate |
| related to | 0001025 | needs work | NEOatNHNG | Domain Dispute strange behaviour / Domain Dispute issue |
| related to | 0000935 | new | Pending of client certificates with an email address contains a special character | |
| related to | 0000922 | closed | NEOatNHNG | CAcert application code problem causing missing "certificate about to expire" messages |
| related to | 0000774 | new | No e-mail conformation when revoking org client certificate | |
| related to | 0000483 | closed | INOPIAE | Please send more verbose emails concerning certificate revocation |
| related to | 0000429 | new | Multiple server certificate renewals deleted a certificate | |
| related to | 0000448 | closed | NEOatNHNG | when revoking a certificate, confusing info is given to the user |
| related to | 0000893 | closed | INOPIAE | Extend Delete account feature for support |
|
|
This case was handled under Arbitration a20120324.1 https://wiki.cacert.org/Arbitrations/a20120324.1 Discovery process revealed no security leak. User removed a domain with a link to a multiple SAN's (10 in total) server certificate. On domain removal the system automaticly triggers a revoke server certificates process that will revoke all affected server certs. In case of a multiple SAN certificate this becomes inforseeable as only the main CN will be visible in the server certs overview list. Its now upto the Software team, to find a solution to advance the server certs overview to list all related domains that are affected by a domain removal or to add a page in the delete domain process that lists all affected server certificates and requests a confirmation by the user who triggered the delete domain process: delete domain x mydomain.tld process => This is the list of all affected server certificates that are affected by your delete domain request: x y z Do you want to proceed with the delete domain process? |
|
|
In addition the multi-domain check needs to be implented in the Dispute Domain routine. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2012-03-24 07:50 | INOPIAE | New Issue | |
| 2012-04-15 17:33 | Uli60 | Note Added: 0002929 | |
| 2012-04-15 17:33 | Uli60 | Assigned To | => Uli60 |
| 2012-04-15 17:33 | Uli60 | Status | new => needs feedback |
| 2012-12-22 20:31 | Werner Dworak | Relationship added | related to 0000773 |
| 2012-12-22 20:33 | Werner Dworak | Relationship added | related to 0001025 |
| 2012-12-22 20:43 | Werner Dworak | Relationship added | related to 0000935 |
| 2012-12-22 20:46 | Werner Dworak | Relationship added | related to 0000922 |
| 2012-12-22 20:49 | Werner Dworak | Relationship added | related to 0000774 |
| 2012-12-22 20:52 | Werner Dworak | Relationship added | related to 0000483 |
| 2012-12-22 20:53 | Werner Dworak | Relationship added | related to 0000429 |
| 2012-12-22 20:54 | Werner Dworak | Relationship added | related to 0000448 |
| 2013-01-19 07:51 | INOPIAE | Note Added: 0003707 | |
| 2013-01-19 07:51 | INOPIAE | Status | needs feedback => needs work |
| 2013-02-12 21:45 | Uli60 | Relationship added | related to 0000893 |
