<html>
  <head>
    <meta content="text/html; charset=ISO-8859-1"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Oleg,<br>
    <br>
    Are you talking about removing certificate records from the Dogtag
    internal directory server?<br>
    <br>
    First of all, you are not supposed to remove unexpired revoked certs
    from the internal db as that's where CRL's are built.<br>
    <br>
    However, if "old" means "expired" certificates, then I imagine you
    could use ldapmodify to do that.  You can probably write a script to
    do that as a cron job. You can "man ldapmodify" to see the
    documentation.<br>
    <br>
    Now, if you are talking about removing expired certs from a
    publishing directory, there is a job called "UnpublishExpiredJob"
    that can be turned on to "unpublish"(remove) them from the
    publishing directory for you periodically:<br>
    <a class="moz-txt-link-freetext"
href="https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Setting_up_Specific_Jobs.html#Configuration_Parameters_of_unpublishExpiredCerts">https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Setting_up_Specific_Jobs.html#Configuration_Parameters_of_unpublishExpiredCerts</a><br>
    <br>
    Hope that answered your question.<br>
    Christina<br>
    <br>
    <div class="moz-cite-prefix">On 02/13/2014 03:16 AM, Oleg Antonenko
      wrote:<br>
    </div>
    <blockquote
cite="mid:34A5A0661B86944184C25952A4F1699087670B12@Exchange-AMS.adaptivemobile.com"
      type="cite">
      <meta http-equiv="Content-Type" content="text/html;
        charset=ISO-8859-1">
      <meta name="Generator" content="Microsoft Word 14 (filtered
        medium)">
      <style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0cm;
        margin-bottom:.0001pt;
        font-size:11.0pt;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
span.EmailStyle17
        {mso-style-type:personal-compose;
        font-family:"Calibri","sans-serif";
        color:windowtext;}
.MsoChpDefault
        {mso-style-type:export-only;
        font-family:"Calibri","sans-serif";
        mso-fareast-language:EN-US;}
@page WordSection1
        {size:612.0pt 792.0pt;
        margin:72.0pt 72.0pt 72.0pt 72.0pt;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
      <div class="WordSection1">
        <p class="MsoNormal">Hi!<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">Could anyone point me at documentation
          regarding physical removal of “old” revoked certificates from
          the system (db)? <o:p></o:p></p>
        <p class="MsoNormal">I looked at the redhat & dogtag
          documentation online but didn’t find any relevant info…<o:p></o:p></p>
        <p class="MsoNormal"><o:p> </o:p></p>
        <p class="MsoNormal">With thanks,<o:p></o:p></p>
        <p class="MsoNormal">Oleg<o:p></o:p></p>
      </div>
      <p></pre>****************************************************************************************<br>This


        email and any files transmitted with are confidential and
        intended solely for the<br>use of the individual or entity
        to whom they are addressed.  If you have received
        this<br>email in error then please delete it and notify
        the sender. Do not make a copy or forward<br>it to
        anyone.  This footnote also confirms that this email message has
        been swept for the<br>presence of computer
        viruses.<br><br>Adaptive Mobile Security Ltd, Ferry
        House, 48 Lower Mount Street, Dublin 2,
        Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N.
        Grierson (UK), J. Ennis (UK), D. Summers
        (UK).<br>Registered in Ireland, Company No. 370343, VAT
Reg.No.IE6390343O<br>****************************************************************************************</pre></p>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Pki-users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Pki-users@redhat.com">Pki-users@redhat.com</a>
<a class="moz-txt-link-freetext" href="https://www.redhat.com/mailman/listinfo/pki-users">https://www.redhat.com/mailman/listinfo/pki-users</a></pre>
    </blockquote>
    <br>
  </body>
</html>