Add ability to maintain certificates
mrry550 opened this issue · comments
Note: More information is needed for this issue.
@themurph, please review and let me know if the follow is what you are looking for:
If a creation attempt is made on an $ENV/$HOST which already exists ...
- ... the response error should include the x509 text output from the certificate in it's own json field. This will let the requester see the information and verify that their new certificate is the same once created.
- .. the response error should include a warning which holds any relevant information on changes to the CA (IE: The CA as of $DATE now uses a different $ABC value, etc..). This is for automation scripts to note and stop if special cases are needed.
- ... AND the parameter force is set to True the certificate will be recreated. The old certificate file will be renamed.
If a creation attempt is made on an $ENV/$HOST which already exists...
- ... the response error should include the x509 text output from the original/previous certificate in it's own json field. This will let the requester see the information and verify that their new certificate will be the same once created and only relevant information like "Not Before" and "Not After" will be altered.
- ... the response error should include a warning which holds any relevant information on changes to the CA (IE: The CA as of $DATE now uses a different $ABC value such as Public Key Algorithm is now 4096 instead of 2048 by default. Please check your applications before proceeding ). This is for automation scripts to note and stop if special cases are needed.
- ... AND the parameter force is set to True the certificate will be recreated. The old certificate file will be renamed.