Hi Fraser,

Thank you for your reply. I am trying to revoke certificates in bulk quantities because I'm using my instance of Dogtag for internal testing of an application that over time enrolls a large amount of certificates. I figured it be a good idea to clear them out periodically. If there is no issue with letting the issued certificates accumulate then I won't worry about needing to clear them out.

Thank you,

Peter

On Wed, Oct 14, 2015 at 8:56 PM, Fraser Tweedale <ftweedal@redhat.com> wrote:

On Wed, Oct 14, 2015 at 02:17:49PM -0400, Peter P. wrote:
> Hi,
>
> I have an instance of Dogtag installed on my Fedora 22 server and I wanted
> to know if there is a way to revoke all the certificates ever issued by my
> Dogtag CA in one shot.
>
The web interface does give you a way to revoke many certs at once.
Whether it can do "all" depends on how many certs you've issued :)
You could also script this using the CLI. But what is it you are
actually trying to achieve? Would it be sufficient to revoke the
issuer certificate instead?

> Also, is there any bound/limit to the amount of valid certificates that can
> be issued by an instance of Dogtag?
>
Conceptually no. In reality, you could run out of disk or, on
operations that involve many certificates (e.g. generate a CRL with
a huge number of non-expired revoked certs) then possibly hit memory
limits.

Cheers,
Fraser

> Thank you,
>
> Peter

> _______________________________________________
> Pki-users mailing list
> Pki-users@redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users