Skip to content

Revoke user certificate

Jump to bottom
Tom Mitchell edited this page Sep 8, 2015 · 1 revision

How to revoke a GENI certificate

Identify the UUID of the user

SELECT member_id from ma_member_attribute
  WHERE name = 'email_address'
    AND value = '[email protected]';

Extract the certificate from the database

\copy (SELECT certificate from ma_outside_cert
         WHERE member_id = 'UUID_FROM_ABOVE')
   to '/tmp/revoke.pem';

Clean up the extracted certificate

cat /tmp/revoke.pem | sed -e 's/\\n/\n/g' > revoke2.pem

Revoke the certificate

sudo geni-revoke-member-certificate --revoke revoke2.pem

Delete the outside certificate

This can be done via SQL or from the shell. Both commands are equivalent so choose the one that is most convenient for you.

DELETE from ma_outside_cert
    WHERE member_id = 'UUID_FROM_ABOVE'

OR

geni-delete-outside-cert -k [your-cert.pem] -c [your-cert.pem] \
    -l https://ch.geni.net/ -m [UUID from above] -p [database password]
Clone this wiki locally