The client can check beforehand if the certificate is expired and warn accordingly.
A similar reporting mechanism might be possible for revoked certs, if the client checks OCSP first. That way, the client never needs to contact the server unless there is a chance that the connection will succeed.
Metadata Update from @vakwetu: - Issue set to the milestone: UNTRIAGED
As of PKI 10.4 the server will send an alert to the client on SSL connection failure providing the reason for the failure. The pki CLI does handle the alert and display it on the screen, which is probably a sufficient solution for this ticket (i.e. the server does check for client certificate validity).
The PKI console, however, might still need to be modified to handle SSL alert as well.
Metadata Update from @edewata: - Custom field feature adjusted to '' - Custom field proposedmilestone adjusted to '' - Custom field proposedpriority adjusted to '' - Custom field reviewer adjusted to '' - Custom field version adjusted to '' - Issue close_status updated to: None
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2545
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Metadata Update from @dmoluguw: - Issue close_status updated to: migrated - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.