IPA Listmail via FreeIPA-users wrote: > 1) Is there a way to shrink a CRL? That is, to remove revoked certs (per > cert or en masse) from the CRL? While not optimal, even breaking the CRL > number by resetting it back to 0 would be a workable solution if that is > the only way.
There is currently no way to prune certificates. You can also look at Delta CRLs but those are untested with IPA. I don't know why resetting the crl number would affect the set of revoked certificates. > > 2) Is there a way to manually trigger a new CRL before the "Next Update" > time? I don't know of a way. You may want to check the RHCS docs at docs.redhat.com. There is also https://github.com/dogtagpki/pki/wiki/Configuring-CRL which doesn't mention it. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
