pfSense-Certificate-Viewer/result-example.md



Duplicated Serial Numbers (per CA)

sIssuer|SerialNumber|FriendlyName|DnsNameList|sSubject|revokedOn
-------|------------|------------|-----------|--------|---------
internal-ca|2F|hsanchez|{hsanchez}|hsanchez|
internal-ca|2F|city1|{city1}|city1|{revocados}
internal-ca|30|audit03|{audit03}|audit03|{revocados}
internal-ca|30|uaIntro|{uaIntro}|uaIntro|
internal-ca|31|city04|{city04}|city04|
internal-ca|31|uaDevice(2)|{uaDevice}|uaDevice|
internal-ca|32|fperez|{fperez}|fperez|
internal-ca|32|uaExit(2)|{uaExit}|uaExit|

This is the last part of the result returned by the script: It shows duplicated SerialNumbers 2F, 30, 31 and 32.
To avoid issues when any of these eight certs is revoked, you must revoke all them, and recreate new certs for every user involved.
(Please remember do not delete any issued certificate. You must revoke it and if you want, unlink from the user).

As an example: The execution result shows that the certificates "city1" and "audit03" have been revoked in the CRL "revocados".
But due to the duplicity of SerialNumbers, the openVPN tunnel that uses "revocados" as CRL, also will consider revoked
the certs "hsanchez" and "uaIntro".

every item of $listaC has these attributes:
```powershell
$listaC[56]
```
Property|Value
--------|-----
EnhancedKeyUsageList|{Client Authentication (1.3.6.1.5.5.7.3.2)}
DnsNameList|{uaDedicated01}
SendAsTrustedIssuer|False
Archived|False
Extensions|{System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}
FriendlyName|uaDedicated01(02)
IssuerName|System.Security.Cryptography.X509Certificates.X500DistinguishedName
NotAfter|12/07/2020 14:10:54
NotBefore|13/07/2018 14:10:54
HasPrivateKey|False (NOT IMPORTED BY THIS POWERSHELL SCRIPT)
PrivateKey| 
PublicKey|System.Security.Cryptography.X509Certificates.PublicKey
RawData|{18, ...}
SerialNumber|3F
SubjectName|System.Security.Cryptography.X509Certificates.X500DistinguishedName
SignatureAlgorithm|System.Security.Cryptography.Oid
Thumbprint|4AD2BBE653414EE1A10E01FB3D26F62D003B52C7
Version|3
Handle|2788955271140
Issuer|CN=internal-ca, E=mail@mycompany.com, O=MYCOMP, L=myCity, S=myCity, C=ES
Subject|CN=uaDedicated01, E=mail@mycompany.com, O=MYCOMP, L=myCity, S=myCity, C=ES
IsCA|False
IsServer|False
IsClient|True
sIssuer|internal-ca
sSubject|uaDedicated01
refid|5b85b04689ad1
isRevoked|True
revokedOn|{revocados, revCAcert}

---
You can show certs that will expire in the next 90 days
```powershell
$listaC | Where-Object {$_.NotAfter -le (Get-Date).AddDays(90)} | Select sIssuer, SerialNumber, FriendlyName, DnsNameList, sSubject, revokedOn | ft
```
---
Or the list of revoked Certs
```powershell
$listaC | Where-Object {$_.revokedOn -ne $null} | Select sIssuer, SerialNumber, FriendlyName, DnsNameList, sSubject, revokedOn | ft
```
And everything you want :)
Create result-sample 2019-07-22 01:05:07 +02:00

			`Duplicated Serial Numbers (per CA)`

Update result-example.md 2019-07-22 02:27:53 +02:00			`sIssuer\|SerialNumber\|FriendlyName\|DnsNameList\|sSubject\|revokedOn`
			`-------\|------------\|------------\|-----------\|--------\|---------`
			`internal-ca\|2F\|hsanchez\|{hsanchez}\|hsanchez\|`
			`internal-ca\|2F\|city1\|{city1}\|city1\|{revocados}`
			`internal-ca\|30\|audit03\|{audit03}\|audit03\|{revocados}`
			`internal-ca\|30\|uaIntro\|{uaIntro}\|uaIntro\|`
			`internal-ca\|31\|city04\|{city04}\|city04\|`
			`internal-ca\|31\|uaDevice(2)\|{uaDevice}\|uaDevice\|`
			`internal-ca\|32\|fperez\|{fperez}\|fperez\|`
			`internal-ca\|32\|uaExit(2)\|{uaExit}\|uaExit\|`
Create result-sample 2019-07-22 01:05:07 +02:00
Update result-example.md 2019-07-24 23:04:19 +02:00			`This is the last part of the result returned by the script: It shows duplicated SerialNumbers 2F, 30, 31 and 32.`
Update result-example.md 2019-08-22 21:07:57 +02:00			`To avoid issues when any of these eight certs is revoked, you must revoke all them, and recreate new certs for every user involved.`
Update result-example.md 2019-07-22 02:35:03 +02:00			`(Please remember do not delete any issued certificate. You must revoke it and if you want, unlink from the user).`
Create result-sample 2019-07-22 01:05:07 +02:00
Update result-example.md 2019-07-24 23:04:19 +02:00			`As an example: The execution result shows that the certificates "city1" and "audit03" have been revoked in the CRL "revocados".`
			`But due to the duplicity of SerialNumbers, the openVPN tunnel that uses "revocados" as CRL, also will consider revoked`
Create result-sample 2019-07-22 01:05:07 +02:00			`the certs "hsanchez" and "uaIntro".`
Update result-example 2019-07-22 01:32:34 +02:00
			`every item of $listaC has these attributes:`
Update result-example.md 2019-07-22 02:06:12 +02:00			```powershell
Update result-example.md 2019-07-22 02:30:18 +02:00			`$listaC[56]`
Update result-example.md 2019-07-22 02:06:12 +02:00			```
Update result-example.md 2019-07-22 02:27:53 +02:00			`Property\|Value`
			`--------\|-----`
Update result-example.md 2019-07-22 02:29:32 +02:00			`EnhancedKeyUsageList\|{Client Authentication (1.3.6.1.5.5.7.3.2)}`
			`DnsNameList\|{uaDedicated01}`
			`SendAsTrustedIssuer\|False`
			`Archived\|False`
Update result-example.md 2019-07-22 02:45:11 +02:00			`Extensions\|{System.Security.Cryptography.Oid, System.Security.Cryptography.Oid...}`
Update result-example.md 2019-07-22 02:29:32 +02:00			`FriendlyName\|uaDedicated01(02)`
			`IssuerName\|System.Security.Cryptography.X509Certificates.X500DistinguishedName`
			`NotAfter\|12/07/2020 14:10:54`
			`NotBefore\|13/07/2018 14:10:54`
Update result-example.md 2019-07-22 02:43:51 +02:00			`HasPrivateKey\|False (NOT IMPORTED BY THIS POWERSHELL SCRIPT)`
Update result-example.md 2019-07-22 02:29:32 +02:00			`PrivateKey\|`
			`PublicKey\|System.Security.Cryptography.X509Certificates.PublicKey`
			`RawData\|{18, ...}`
			`SerialNumber\|3F`
			`SubjectName\|System.Security.Cryptography.X509Certificates.X500DistinguishedName`
			`SignatureAlgorithm\|System.Security.Cryptography.Oid`
			`Thumbprint\|4AD2BBE653414EE1A10E01FB3D26F62D003B52C7`
			`Version\|3`
			`Handle\|2788955271140`
			`Issuer\|CN=internal-ca, E=mail@mycompany.com, O=MYCOMP, L=myCity, S=myCity, C=ES`
			`Subject\|CN=uaDedicated01, E=mail@mycompany.com, O=MYCOMP, L=myCity, S=myCity, C=ES`
			`IsCA\|False`
			`IsServer\|False`
			`IsClient\|True`
			`sIssuer\|internal-ca`
			`sSubject\|uaDedicated01`
			`refid\|5b85b04689ad1`
			`isRevoked\|True`
			`revokedOn\|{revocados, revCAcert}`
Update result-example 2019-07-22 01:32:34 +02:00
			`---`
			`You can show certs that will expire in the next 90 days`
Update result-example.md 2019-07-22 02:06:12 +02:00			```powershell
Update result-example 2019-07-22 01:41:06 +02:00			`$listaC \| Where-Object {$_.NotAfter -le (Get-Date).AddDays(90)} \| Select sIssuer, SerialNumber, FriendlyName, DnsNameList, sSubject, revokedOn \| ft`
Update result-example.md 2019-07-22 02:06:12 +02:00			```
Update result-example 2019-07-22 01:41:06 +02:00			`---`
			`Or the list of revoked Certs`
Update result-example.md 2019-07-22 02:06:12 +02:00			```powershell
Update result-example 2019-07-22 01:41:06 +02:00			`$listaC \| Where-Object {$_.revokedOn -ne $null} \| Select sIssuer, SerialNumber, FriendlyName, DnsNameList, sSubject, revokedOn \| ft`
Update result-example.md 2019-07-22 02:06:12 +02:00			```
Update result-example 2019-07-22 01:41:06 +02:00			`And everything you want :)`