Thanks Christina, that helps a lot!
From:
pki-users-bounces@redhat.com [mailto:pki-users-bounces@redhat.com] On Behalf Of
Christina Fu
Sent: 14 February 2014 02:08
To: pki-users@redhat.com
Subject: Re: [Pki-users] Deleting revoked certificates
Oleg,
Are you talking about removing certificate records from the Dogtag internal directory server?
First of all, you are not supposed to remove unexpired revoked certs from the internal db as that's where CRL's are built.
However, if "old" means "expired" certificates, then I imagine you could use ldapmodify to do that. You can probably write a script to do that as a cron job. You can "man ldapmodify" to see the documentation.
Now, if you are talking about removing expired certs from a publishing directory, there is a job called "UnpublishExpiredJob" that can be turned on to "unpublish"(remove) them from the publishing directory for you periodically:
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Setting_up_Specific_Jobs.html#Configuration_Parameters_of_unpublishExpiredCerts
Hope that answered your question.
Christina
On 02/13/2014 03:16 AM, Oleg Antonenko wrote:
Hi!
Could anyone point me at documentation regarding physical removal of “old” revoked certificates from the system (db)?
I looked at the redhat & dogtag documentation online but didn’t find any relevant info…
With thanks,
Oleg
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>
_______________________________________________Pki-users mailing listPki-users@redhat.comhttps://www.redhat.com/mailman/listinfo/pki-users
</pre>****************************************************************************************<br>This email and any files transmitted with are confidential and intended solely for the<br>use of the individual or entity to whom they are addressed. If you have received this<br>email in error then please delete it and notify the sender. Do not make a copy or forward<br>it to anyone. This footnote also confirms that this email message has been swept for the<br>presence of computer viruses.<br><br>Adaptive Mobile Security Ltd, Ferry House, 48 Lower Mount Street, Dublin 2, Ireland<br>Directors: B. Collins, G. Maclachlan (UK), N. Grierson (UK), J. Ennis (UK), D. Summers (UK).<br>Registered in Ireland, Company No. 370343, VAT Reg.No.IE6390343O<br>****************************************************************************************</pre>