mirror of
https://github.com/planetmint/planetmint.git
synced 2025-11-24 14:35:45 +00:00
83ca51c94f
* 31 restructue documentation (#138) * removed korean documentation Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed CN and KOR readme Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * changed to the press theme Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * first changes Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixe H3 vs H1 issues Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added missing png Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added missing file Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed warnings Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * moved documents Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obsolete files Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obsolete folder Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obs. file Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added some final changes Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obs. reference Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * moved chain migration to election types (#109) Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * Final zenroom (#147) * zenroom fixes Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * expl. defined the aiohttp package Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * increased version number and fixed a zenroom runtime bug Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added fialing zenroom tx signing test Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * extended test to pass zenrooom validation, but to fail planetmint validation. Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added manual tx crafting Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added zenroom fulfillment verification Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * the last mile before integration Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * zenroom unit tests are passing Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * simplified zenroom unit tests Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * removed obsolte lines from the zenroom tests Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed acceptance tests Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * adjusted zenroom integraiton tests Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed linting errors Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * simplified zenroom unit test Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * increased version number Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * using cryptoconditions without print message Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * increased cc usage to 0.9.9 readded daemon proceses Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * increased version to 0.9.6 Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed deployment issue for 0.9.6 Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * adjusted get_assets and from_db for tarantool Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * added comment Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * improve usability of zenroom (#159) * improve usability of zenroom * * increased version * fixed test cases * added changelog Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> Co-authored-by: Jürgen Eckel <juergen@riddleandcode.com> * migrated to AGPLv3 Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * 150 add cryptoconditions documentation (#166) * added smaller logos fixed reference issue Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed some erros and typos Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * added cryptoconditions reference to the subproject Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * docker all in one now install tarantool Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * added user to integration init.lua Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * updated integration test setup for tarantool Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * removed print statements Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * updated changelog Signed-off-by: Lorenz Herzberger <lorenzherzberger@gmail.com> * fixed error messaging Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed exception verification Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> * fixed printing of testdata Signed-off-by: Jürgen Eckel <juergen@riddleandcode.com> Co-authored-by: Jürgen Eckel <eckelj@users.noreply.github.com> Co-authored-by: Lorenz Herzberger <64837895+LaurentDeMontBlanc@users.noreply.github.com> Co-authored-by: Alberto Lerda <30939098+albertolerda@users.noreply.github.com> Co-authored-by: Jürgen Eckel <juergen@riddleandcode.com>
50 lines
1.7 KiB
ReStructuredText
50 lines
1.7 KiB
ReStructuredText
|
|
.. Copyright © 2020 Interplanetary Database Association e.V.,
|
|
Planetmint and IPDB software contributors.
|
|
SPDX-License-Identifier: (Apache-2.0 AND CC-BY-4.0)
|
|
Code is Apache-2.0 and docs are CC-BY-4.0
|
|
|
|
How to Revoke an SSL/TLS Certificate
|
|
====================================
|
|
|
|
This page enumerates the steps *we* take to revoke a self-signed SSL/TLS
|
|
certificate in a Planetmint network.
|
|
It can only be done by someone with access to the self-signed CA
|
|
associated with the network's managing organization.
|
|
|
|
Step 1: Revoke a Certificate
|
|
----------------------------
|
|
|
|
Since we used Easy-RSA version 3 to
|
|
:ref:`set up the CA <how-to-set-up-a-self-signed-certificate-authority>`,
|
|
we use it to revoke certificates too.
|
|
|
|
Go to the following directory (associated with the self-signed CA):
|
|
``.../bdb-node-ca/easy-rsa-3.0.1/easyrsa3``.
|
|
You need to be aware of the file name used to import the certificate using the
|
|
``./easyrsa import-req`` before. Run the following command to revoke a
|
|
certificate:
|
|
|
|
.. code:: bash
|
|
|
|
./easyrsa revoke <filename>
|
|
|
|
|
|
This will update the CA database with the revocation details.
|
|
The next step is to use the updated database to issue an up-to-date
|
|
certificate revocation list (CRL).
|
|
|
|
Step 2: Generate a New CRL
|
|
--------------------------
|
|
|
|
Generate a new CRL for your infrastructure using:
|
|
|
|
.. code:: bash
|
|
|
|
./easyrsa gen-crl
|
|
|
|
The generated ``crl.pem`` file needs to be uploaded to your infrastructure to
|
|
prevent the revoked certificate from being used again.
|
|
|
|
In particlar, the generated ``crl.pem`` file should be sent to all Planetmint node operators in your Planetmint network, so that they can update it in their MongoDB instance and their Planetmint Server instance.
|