Add certificate revocation, deletion, and retrieval
Admins can now revoke or delete certificate records from the cert detail
page in the web UI. Revoked certificates display a [REVOKED] badge and
show revocation metadata (time and actor). Deletion redirects to the
issuer page.
The REST API gains three new authenticated endpoints that mirror the
gRPC surface:
GET /v1/ca/{mount}/cert/{serial} (auth required)
POST /v1/ca/{mount}/cert/{serial}/revoke (admin only)
DELETE /v1/ca/{mount}/cert/{serial} (admin only)
The CA engine stores revocation state (revoked, revoked_at, revoked_by)
directly in the existing CertRecord barrier entry. The proto CertRecord
message is extended with the same three fields (field numbers 10–12).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
{{define "title"}} - Certificate: {{.Cert.Serial}}{{end}}
|
||||
{{define "content"}}
|
||||
<div class="page-header">
|
||||
<h2>Certificate: {{.Cert.CommonName}}</h2>
|
||||
<h2>Certificate: {{.Cert.CommonName}}{{if .Cert.Revoked}} <span style="color:#c0392b;">[REVOKED]</span>{{end}}</h2>
|
||||
<div class="page-meta">
|
||||
<a href="/pki/issuer/{{.Cert.Issuer}}">← Issuer: {{.Cert.Issuer}}</a>
|
||||
 · 
|
||||
@@ -23,6 +23,10 @@
|
||||
<tr><th>Issued By</th><td>{{.Cert.IssuedBy}}</td></tr>
|
||||
<tr><th>Issued At</th><td>{{.Cert.IssuedAt}}</td></tr>
|
||||
<tr><th>Expires At</th><td>{{.Cert.ExpiresAt}}</td></tr>
|
||||
{{if .Cert.Revoked}}
|
||||
<tr><th>Revoked At</th><td>{{.Cert.RevokedAt}}</td></tr>
|
||||
<tr><th>Revoked By</th><td>{{.Cert.RevokedBy}}</td></tr>
|
||||
{{end}}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
@@ -33,4 +37,22 @@
|
||||
<textarea rows="12" class="pem-input" readonly>{{.Cert.CertPEM}}</textarea>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{{if .IsAdmin}}
|
||||
<div class="card">
|
||||
<div class="card-title">Admin Actions</div>
|
||||
<div style="display:flex;gap:1rem;flex-wrap:wrap;">
|
||||
{{if not .Cert.Revoked}}
|
||||
<form method="POST" action="/pki/cert/{{.Cert.Serial}}/revoke"
|
||||
onsubmit="return confirm('Revoke certificate {{.Cert.Serial}}? This cannot be undone.');">
|
||||
<button type="submit" class="btn btn-danger">Revoke Certificate</button>
|
||||
</form>
|
||||
{{end}}
|
||||
<form method="POST" action="/pki/cert/{{.Cert.Serial}}/delete"
|
||||
onsubmit="return confirm('Permanently delete certificate record {{.Cert.Serial}}? This cannot be undone.');">
|
||||
<button type="submit" class="btn btn-danger">Delete Record</button>
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
{{end}}
|
||||
{{end}}
|
||||
|
||||
Reference in New Issue
Block a user