Martin Kosek wrote:
On 11/10/2015 10:59 PM, Fraser Tweedale wrote:
On Tue, Nov 10, 2015 at 07:02:42PM +0100, Natxo Asenjo wrote:

do we need to keep all the MasterCRL-YYYYMMDD-HHMMSS.der files or can we
purge them on a regular basis (say, keep 60 days dump the rest)?

$ ls -l | wc -l

this is in a server installed 3 years ago.


Hi Natxo,

You can purge them.  I am not sure why we keep the old ones around;
can someone fill me in?

This was not touched loong ago. CCing Rob in case he has an idea, but if
not - you are probably the best person to improve it :-)

I don't know if I considered this at all back in the day but I agree it is probably up to dogtag to prune this directory. The files to keep should be based on the generation schedule. I can't think of any value an older CRL might provide though perhaps that should be configurable too.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to