As an administrator , I want to remove expired certificates so that I can maintain performance and the size of my certificate database.
With ACME generating short-lived certificates, expired certificates can quickly build up in the certificate database. https://pagure.io/dogtagpki/issue/1750 provides a job that can be scheduled or run manually to remove (prune) expired certificates.
Design PR https://github.com/freeipa/freeipa/pull/6600
master:
ipa-4-10:
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2162677
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @rcritten: - Custom field changelog adjusted to Removing (pruning) expired certificates is supported when Random Serial Numbers are enabled. One cannot upgrade from sequential serial numbers to random. This feature is enabled using the ipa-acme-manage(1) command.
Login to comment on this ticket.