certutil -D should allow selecting specific cert to delete by serial #



13 years ago
11 years ago


(Reporter: Julien Pierre, Unassigned)


Firefox Tracking Flags

(Not tracked)




13 years ago
When deleting a certificate, only a nickname can be passed in to certutil with -n.

In many cases (eg. cert renewals), there are multiple certificates under a given
nickname. But customers only want to delete a specific one.

certutil currently will only delete one certificate under the specified
nickname, and uses a non-deterministic method to select which one.

I propose that :

- we add an option serial number option to be used in conjunction with -D and
-n, to select a specific cert by serial number

- if a serial number isn't passed in certutil should always look for multiple
cert under the given nickname, and if it finds more than one, should prompt the
user if he wants to delete all of them at once.

I realize there could still be two certs with the same subject and serial number
if they were from different issuers, but I don't think it's common enough to
warrant passing an additional issuer argument to differentiate them in this
case. We would just delete all the certs match the serial # specified if there
is more than one.


13 years ago
Severity: normal → enhancement
QA Contact: bishakhabanerjee → jason.m.reid
Assignee: wtchang → nobody
QA Contact: jason.m.reid → tools
Priority: -- → P4
You need to log in before you can comment on or make changes to this bug.