packetfence icon indicating copy to clipboard operation
packetfence copied to clipboard

Published 20 hours ago verified publisher icon inverse-inc

pfpki: scheduled task to clean up revoked certificates

Open nqb opened this issue 3 years ago • 3 comments

Is your feature request related to a problem? Please describe. Revoked certificates are kept forever. It could be interesting to have a scheduled task, configurable, which clean these certificates after a period of time (like we have for several items in DB).

Describe the solution you'd like pfcron task.

nqb avatar Feb 21 '22 13:02 nqb

just to make sure, this would be disabled by default like the rest of the cleanup tasks, correct?

julsemaan avatar Feb 21 '22 13:02 julsemaan

Yes, I think. We should not try to automatically delete certificates (even if revoked).

nqb avatar Feb 21 '22 13:02 nqb

Yes, I think. We should not try to automatically delete certificates (even if revoked).

100% agree since it destroys the history of a device/user. Like with the node, person tables, we should let the admin pick his own retention policy and keep everything by default

julsemaan avatar Feb 21 '22 13:02 julsemaan