[Pki-users] Deleting revoked certificates

Christina Fu cfu at redhat.com
Fri Feb 14 02:07:38 UTC 2014 

Oleg,

Are you talking about removing certificate records from the Dogtag 
internal directory server?

First of all, you are not supposed to remove unexpired revoked certs 
from the internal db as that's where CRL's are built.

However, if "old" means "expired" certificates, then I imagine you could 
use ldapmodify to do that.  You can probably write a script to do that 
as a cron job. You can "man ldapmodify" to see the documentation.

Now, if you are talking about removing expired certs from a publishing 
directory, there is a job called "UnpublishExpiredJob" that can be 
turned on to "unpublish"(remove) them from the publishing directory for 
you periodically:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Setting_up_Specific_Jobs.html#Configuration_Parameters_of_unpublishExpiredCerts

Hope that answered your question.
Christina

On 02/13/2014 03:16 AM, Oleg Antonenko wrote:
>
> Hi!
>
> Could anyone point me at documentation regarding physical removal of 
> "old" revoked certificates from the system (db)?
>
> I looked at the redhat & dogtag documentation online but didn't find 
> any relevant info...
>
> With thanks,
>
> Oleg
>
> </pre>****************************************************************************************<br>This 
> email and any files transmitted with are confidential and intended 
> solely for the<br>use of the individual or entity to whom they are 
> addressed.  If you have received this<br>email in error then please 
> delete it and notify the sender. Do not make a copy or forward<br>it 
> to anyone.  This footnote also confirms that this email message has 
> been swept for the<br>presence of computer viruses.<br><br>Adaptive 
> Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, 
> Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson 
> (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, 
> Company No. 370343, VAT 
> Reg.No.IE6390343O<br>****************************************************************************************</pre>
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140213/123b14ad/attachment.htm>

More information about the Pki-users mailing list