Check that certificate is not revoked

app/models/api_user.rb

@@ -66,22 +66,24 @@ class ApiUser < User
 
   def registrar_pki_ok?(crt, cn)
     return false if crt.blank? || cn.blank?
+
     crt = crt.split(' ').join("\n")
     crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
     crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
     cert = OpenSSL::X509::Certificate.new(crt)
     md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
-    certificates.registrar.exists?(md5: md5, common_name: cn)
+    certificates.registrar.exists?(md5: md5, common_name: cn, revoked: false)
   end
 
   def api_pki_ok?(crt, cn)
     return false if crt.blank? || cn.blank?
+
     crt = crt.split(' ').join("\n")
     crt.gsub!("-----BEGIN\nCERTIFICATE-----\n", "-----BEGIN CERTIFICATE-----\n")
     crt.gsub!("\n-----END\nCERTIFICATE-----", "\n-----END CERTIFICATE-----")
     cert = OpenSSL::X509::Certificate.new(crt)
     md5 = OpenSSL::Digest::MD5.new(cert.to_der).to_s
-    certificates.api.exists?(md5: md5, common_name: cn)
+    certificates.api.exists?(md5: md5, common_name: cn, revoked: false)
   end
 
   def linked_users

app/models/certificate.rb

@@ -116,6 +116,7 @@ class Certificate < ApplicationRecord
       -revoke #{crt_file.path} -key '#{ENV['ca_key_password']}' -batch")
 
     if err.match(/Data Base Updated/) || err.match(/ERROR:Already revoked/)
+      self.revoked = true
       save!
       @cached_status = REVOKED
     else