Add an option to renew or rotate keyPair while clearing cert chain #256
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
This isn't a critical feature but would be simple to add and useful for finer level control of the process.
Recently we had an issue where an expired certificate in the cert chain prevented connections from being maintained when they were established. The details aren't relevant here but check out MatrixAI/Polykey#787 .
A quick fix to this would be to just clear the certificate chain and generate a new certificate without changing the root keypair. This would've fixed the problem quickly as a small work around. That specifically was a problem in the validation logic but also this can be a manual way of garbage collecting the cert chain, or quickly removing the association to an old
NodeIdif we wanted.Describe the solution you'd like
I propose that we add some option to
keys renewandkeys resetcommand that will clear the whole cert chain and leave us with the new leaf certificate that would've been generated as part of the chain.Additional context
The text was updated successfully, but these errors were encountered: