#9294 Enable the certificate pruning job in PKI
Closed: fixed a year ago by frenaud. Opened 2 years ago by rcritten.

Request for enhancement

As an administrator , I want to remove expired certificates so that I can maintain performance and the size of my certificate database.

With ACME generating short-lived certificates, expired certificates can quickly build up in the certificate database. https://pagure.io/dogtagpki/issue/1750 provides a job that can be scheduled or run manually to remove (prune) expired certificates.


master:

  • 5d9f590 doc: Design for certificate pruning

ipa-4-10:

  • 51b1c22 doc: Design for certificate pruning

Metadata Update from @frenaud:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=2162677

a year ago

master:

  • 78298fd ipa-acme-manage: add certificate/request pruning management
  • 7d1d91f doc: add the --run command for manual job execution

ipa-4-10:

  • 9246a8a ipa-acme-manage: add certificate/request pruning management
  • f10d1a0 doc: add the --run command for manual job execution

Metadata Update from @frenaud:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

a year ago

master:

  • 828f6e7 ipatests: tests for certificate pruning

ipa-4-10:

  • 0f77b35 ipatests: tests for certificate pruning

master:

  • e76b219 ipatests: fix tests in TestACMEPrune

ipa-4-10:

  • e7c642b ipatests: fix tests in TestACMEPrune

Metadata Update from @rcritten:
- Custom field changelog adjusted to Removing (pruning) expired certificates is supported when Random Serial Numbers are enabled. One cannot upgrade from sequential serial numbers to random. This feature is enabled using the ipa-acme-manage(1) command.

a year ago

Log in to comment on this ticket.

Metadata