Re: [Pki-users] Revoking all certificates issued by Dogtag at once
On Wed, Oct 14, 2015 at 02:17:49PM -0400, Peter P. wrote:
Hi,
I have an instance of Dogtag installed on my Fedora 22 server and I wanted
to know if there is a way to revoke all the certificates ever issued by my
Dogtag CA in one shot.
The web interface does give you a way to revoke many certs at once.
Whether it can do "all" depends on how many certs you've issued :)
You could also script this using the CLI. But what is it you are
actually trying to achieve? Would it be sufficient to revoke the
issuer certificate instead?
Also, is there any bound/limit to the amount of valid certificates
that can
be issued by an instance of Dogtag?
Conceptually no. In reality, you could run out of disk or, on
operations that involve many certificates (e.g. generate a CRL with
a huge number of non-expired revoked certs) then possibly hit memory
limits.
Cheers,
Fraser
Thank you,
Peter
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users