Skip to content

Commit f6c2bf5

Browse files
committed
docs: Update EasyRSA-Renew-and-Revoke.md - 'expire` + 'revoke-expired'
Signed-off-by: Richard T Bonhomme <[email protected]>
1 parent fecb9c7 commit f6c2bf5

File tree

1 file changed

+28
-3
lines changed

1 file changed

+28
-3
lines changed

doc/EasyRSA-Renew-and-Revoke.md

+28-3
Original file line numberDiff line numberDiff line change
@@ -4,9 +4,34 @@ Easy-RSA 3 Certificate Renewal and Revocation Documentation
44
This document explains how the **differing versions** of Easy-RSA 3 work
55
with Renewal and Revocation of Certificates and Private keys.
66

7-
Thanks to _good luck_, _hard work_ and _co-operation_, these version dependent
8-
differences have been _smoothed-over_. Since version `3.1.1`, Easy-RSA has the
9-
tools required to renew and/or revoke all verified and Valid certifiicates.
7+
Easy-RSA version 3.2.x
8+
----------------------
9+
v3.2 no longer supports the `renew` command.
10+
11+
Instead, the process is as follows:
12+
1. Command `expire <NAME>` - This will move an existing certificate
13+
from `pki/issued` to `pki/expired`, so that a new certificate
14+
can be signed, using the original request.
15+
16+
Generally, renewing is required ONLY when a certificate is due to
17+
expire. This means that certificates moved to `pki/expired` are
18+
expected to be expired or to expire in the near future.
19+
20+
2. Command `sign-req <TYPE> <NAME>` - Sign a new certificate.
21+
22+
This allows ALL command line cutomisations to be used. eg: SAN.
23+
(These customisations do not work correctly with the old `renew`)
24+
25+
3. If required, Command `revoke-expired` can be used to revoke an
26+
expired certificate in the `pki/expired` directory.
27+
28+
This approach also allows certificates which have been edited during
29+
`sign-req` to be edited the same way, without the need for excessive
30+
and non-standard code. (Note: OpenSSL allows only one way for edits)
31+
32+
33+
Easy-RSA version 3.1.x
34+
----------------------
1035

1136
**UPDATE**:
1237
The changes noted for Easy-RSA version 3.1.2 have all been included with

0 commit comments

Comments
 (0)