Re: [Pki-users] Revoking all certificates issued by Dogtag at once
Hi Fraser,
Thank you for your reply. I am trying to revoke certificates in bulk
quantities because I'm using my instance of Dogtag for internal testing of
an application that over time enrolls a large amount of certificates. I
figured it be a good idea to clear them out periodically. If there is no
issue with letting the issued certificates accumulate then I won't worry
about needing to clear them out.
Thank you,
Peter
On Wed, Oct 14, 2015 at 8:56 PM, Fraser Tweedale <ftweedal(a)redhat.com>
wrote:
On Wed, Oct 14, 2015 at 02:17:49PM -0400, Peter P. wrote:
> Hi,
>
> I have an instance of Dogtag installed on my Fedora 22 server and I
wanted
> to know if there is a way to revoke all the certificates ever issued by
my
> Dogtag CA in one shot.
>
The web interface does give you a way to revoke many certs at once.
Whether it can do "all" depends on how many certs you've issued :)
You could also script this using the CLI. But what is it you are
actually trying to achieve? Would it be sufficient to revoke the
issuer certificate instead?
> Also, is there any bound/limit to the amount of valid certificates that
can
> be issued by an instance of Dogtag?
>
Conceptually no. In reality, you could run out of disk or, on
operations that involve many certificates (e.g. generate a CRL with
a huge number of non-expired revoked certs) then possibly hit memory
limits.
Cheers,
Fraser
> Thank you,
>
> Peter
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
Attachments:
- attachment.html (text/html — 2.3 KB)