[Pki-users] Revoking all certificates issued by Dogtag at once
Peter P.
p.pan48711 at gmail.com
Mon Oct 19 15:25:49 UTC 2015
Hi Fraser,
Thank you for your reply. I am trying to revoke certificates in bulk
quantities because I'm using my instance of Dogtag for internal testing of
an application that over time enrolls a large amount of certificates. I
figured it be a good idea to clear them out periodically. If there is no
issue with letting the issued certificates accumulate then I won't worry
about needing to clear them out.
Thank you,
Peter
On Wed, Oct 14, 2015 at 8:56 PM, Fraser Tweedale <ftweedal at redhat.com>
wrote:
> On Wed, Oct 14, 2015 at 02:17:49PM -0400, Peter P. wrote:
> > Hi,
> >
> > I have an instance of Dogtag installed on my Fedora 22 server and I
> wanted
> > to know if there is a way to revoke all the certificates ever issued by
> my
> > Dogtag CA in one shot.
> >
> The web interface does give you a way to revoke many certs at once.
> Whether it can do "all" depends on how many certs you've issued :)
> You could also script this using the CLI. But what is it you are
> actually trying to achieve? Would it be sufficient to revoke the
> issuer certificate instead?
>
> > Also, is there any bound/limit to the amount of valid certificates that
> can
> > be issued by an instance of Dogtag?
> >
> Conceptually no. In reality, you could run out of disk or, on
> operations that involve many certificates (e.g. generate a CRL with
> a huge number of non-expired revoked certs) then possibly hit memory
> limits.
>
> Cheers,
> Fraser
>
> > Thank you,
> >
> > Peter
>
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users at redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20151019/90ff379e/attachment.htm>
More information about the Pki-users
mailing list