From 240bcf791115ed99dcd7b570aa1a8880645d457c Mon Sep 17 00:00:00 2001
From: Maciej Szlosarczyk <maciej.szlosarczyk@eestiinternet.ee>
Date: Tue, 18 Sep 2018 17:49:12 +0300
Subject: [PATCH 1/2] Revoke, and then delete a certificate

This functionality is manually tested. because of heavy reliance on
server configuration and bash commands.

Ruby OpenSSL library lacks a good way to manage revocation list
programatically, which would be the best option to work with. We might
still use command line tools in the end.
---
 app/controllers/admin/certificates_controller.rb | 2 +-
 app/models/certificate.rb                        | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/app/controllers/admin/certificates_controller.rb b/app/controllers/admin/certificates_controller.rb
index a08654db3c..34078aee7f 100644
--- a/app/controllers/admin/certificates_controller.rb
+++ b/app/controllers/admin/certificates_controller.rb
@@ -28,7 +28,7 @@ def create
     end
 
     def destroy
-      if @certificate.destroy
+      if @certificate.revoke! && @certificate.destroy
         flash[:notice] = I18n.t('record_deleted')
         redirect_to admin_api_user_path(@api_user)
       else
diff --git a/app/models/certificate.rb b/app/models/certificate.rb
index cb28f629ba..2121148621 100644
--- a/app/models/certificate.rb
+++ b/app/models/certificate.rb
@@ -127,6 +127,7 @@ def revoke!
 
     self.class.update_registry_crl
     self.class.reload_apache
+    self
   end
 
   class << self

From d77bdee599c54b2ac9af82a74b5bdd23a75c3d12 Mon Sep 17 00:00:00 2001
From: Maciej Szlosarczyk <maciej.szlosarczyk@eestiinternet.ee>
Date: Thu, 20 Sep 2018 16:08:00 +0300
Subject: [PATCH 2/2] Only revoke registrar certificates

---
 app/controllers/admin/certificates_controller.rb | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/app/controllers/admin/certificates_controller.rb b/app/controllers/admin/certificates_controller.rb
index 34078aee7f..636a693671 100644
--- a/app/controllers/admin/certificates_controller.rb
+++ b/app/controllers/admin/certificates_controller.rb
@@ -28,7 +28,11 @@ def create
     end
 
     def destroy
-      if @certificate.revoke! && @certificate.destroy
+      if @certificate.interface == Certificate::REGISTRAR
+        @certificate.revoke!
+      end
+
+      if @certificate.destroy
         flash[:notice] = I18n.t('record_deleted')
         redirect_to admin_api_user_path(@api_user)
       else