Certificate revocation API for SSH certificates #130275
Unanswered
josnyder-2
asked this question in
Enterprise
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Body
Currently, there is no way to revoke a certificate issued by a trusted SSH CA, except by removing the CA entirely. In cases where a single device is compromised, it would be useful to revoke already-issued certificates by serial number, rather than distrusting the entire CA. This would allow an organization to use a smaller number of CAs issuing longer-lived keys, rather than a larger number of CAs issuing shorter-lived keys.
Beta Was this translation helpful? Give feedback.
All reactions