When is it OK to delete a user certificate?
-
Our certificate list is slowly filling up with revoked certificates. Is it OK to delete certificates that have been revoked?
-
After adding any user Cert into your CRL the Cert+Key is copied into the CRL section. You can check the
<crl>
</crl>
section in your config.xml and find the Cert there again.
The User cert should then be safe to remove in the Certificate Manager.But as always, perform a Backup first.
-Rico
-
If you know you won't have to revoke the cert again in the future, then it can be removed.
As @Rico said though the details are copied to the CRL so you could re-import them from there if needed.
Though that may go away in the future. Certificates are always revoked by serial, having the extra info is handy but not strictly needed.