[Pki-users] Revoking all certificates issued by Dogtag at once
Fraser Tweedale
ftweedal at redhat.com
Thu Oct 15 00:56:44 UTC 2015
On Wed, Oct 14, 2015 at 02:17:49PM -0400, Peter P. wrote:
> Hi,
>
> I have an instance of Dogtag installed on my Fedora 22 server and I wanted
> to know if there is a way to revoke all the certificates ever issued by my
> Dogtag CA in one shot.
>
The web interface does give you a way to revoke many certs at once.
Whether it can do "all" depends on how many certs you've issued :)
You could also script this using the CLI. But what is it you are
actually trying to achieve? Would it be sufficient to revoke the
issuer certificate instead?
> Also, is there any bound/limit to the amount of valid certificates that can
> be issued by an instance of Dogtag?
>
Conceptually no. In reality, you could run out of disk or, on
operations that involve many certificates (e.g. generate a CRL with
a huge number of non-expired revoked certs) then possibly hit memory
limits.
Cheers,
Fraser
> Thank you,
>
> Peter
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list