When is it OK to delete a user certificate?



  • Our certificate list is slowly filling up with revoked certificates. Is it OK to delete certificates that have been revoked?


  • LAYER 8 Rebel Alliance

    After adding any user Cert into your CRL the Cert+Key is copied into the CRL section. You can check the
    <crl>
    </crl>
    section in your config.xml and find the Cert there again.
    The User cert should then be safe to remove in the Certificate Manager.

    But as always, perform a Backup first. ☺

    -Rico


  • Rebel Alliance Developer Netgate

    If you know you won't have to revoke the cert again in the future, then it can be removed.

    As @Rico said though the details are copied to the CRL so you could re-import them from there if needed.

    Though that may go away in the future. Certificates are always revoked by serial, having the extra info is handy but not strictly needed.


Log in to reply