[Pki-users] Deleting revoked certificates
Oleg Antonenko
Oleg.Antonenko at adaptivemobile.com
Fri Feb 14 09:50:45 UTC 2014
Thanks Christina, that helps a lot!
From: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] On Behalf Of Christina Fu
Sent: 14 February 2014 02:08
To: pki-users at redhat.com
Subject: Re: [Pki-users] Deleting revoked certificates
Oleg,
Are you talking about removing certificate records from the Dogtag internal directory server?
First of all, you are not supposed to remove unexpired revoked certs from the internal db as that's where CRL's are built.
However, if "old" means "expired" certificates, then I imagine you could use ldapmodify to do that. You can probably write a script to do that as a cron job. You can "man ldapmodify" to see the documentation.
Now, if you are talking about removing expired certs from a publishing directory, there is a job called "UnpublishExpiredJob" that can be turned on to "unpublish"(remove) them from the publishing directory for you periodically:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Setting_up_Specific_Jobs.html#Configuration_Parameters_of_unpublishExpiredCerts
Hope that answered your question.
Christina
On 02/13/2014 03:16 AM, Oleg Antonenko wrote:
Hi!
Could anyone point me at documentation regarding physical removal of "old" revoked certificates from the system (db)?
I looked at the redhat & dogtag documentation online but didn't find any relevant info...
With thanks,
Oleg
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
_______________________________________________
Pki-users mailing list
Pki-users at redhat.com<mailto:Pki-users at redhat.com>
https://www.redhat.com/mailman/listinfo/pki-users
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20140214/a97b0fd9/attachment.htm>
More information about the Pki-users
mailing list