Stefano,
Hi, I have a CA environment with OpenCA 0.9.2 and my question is:
It's possible to decrease the size of the CRL? What are the techniques usually
used?
Usually you'd never do something like that. And you don't want to.
Revocation information have to be consistent, and the size of a CRL should
not be a problem for applications. For example in Germany the "Deutsche
Telekom" issues CRL's with a size of 6Mb and up.
My friend has told me that maybe I can create a new (empty) CRL when it
becomes too large. I've tried to generate a new CRL but I don't know how to
generate it empty.
In case you really wanted to accomplish this task, you would have to delete
all revocation information from OpenCA and simply issue a new CRL. I do not
remember wether 0.9.2 stores revocation information in the index.txt plain
text file or in the database already. Anyway, you will run into some trouble
while trying this. I'd strongly recommend not to.
Regards
Felix
------------------------------------------------------------------------------
All of the data generated in your IT infrastructure is seriously valuable.
Why? It contains a definitive record of application performance, security
threats, fraudulent activity, and more. Splunk takes this data and makes
sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-d2d-c2
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
