Replies: 1 comment 4 replies
-
|
Adminweb should not hide anything, only if the search query does not produce a match in the database. Could be case sensitivity or something? To delete an old certificate you need to do it manually in the database. As one of the primary tasks of a CA is to keep track of issued certificates, it is not an exposed function to delete certificates (it would happen to easily by mistake). Removing a revoked certificate will of course make revocation lookups return "nothing found", and CRLs will not be populated with this entry. PS: Removing expired certificates is/will be possible with a service. |
Beta Was this translation helpful? Give feedback.
-
|
At first, many thanks for your answer! I really don't know why adminweb does not show the certificates the RA page shows. I tried to find the certificate via its serial no. by copy&paste the serial to avoid any manual mistakes, but it didn't work. As I am using the community edition I don't have the database maintenance service as it is an enterprise feature. Sadly I did not find any further information on how to manually clean up the database, maybe this could help. Is there any description on what the database maintenance service does exactly, so that one could write some kind of clean up SQL script or so? |
Beta Was this translation helpful? Give feedback.
-
|
Ah sorry, I hadn't seen that the mainenance service was an Enterprise feature. |
Beta Was this translation helpful? Give feedback.
-
|
Ah ok! That helps a lot! There are some queries with which I can examine my database a bit further and think about how maintenance could be done safely. As we do use EJBCA solely as CA for a small amount of dedicated certificates, database size is not the problem here. But maybe I can identify my certificate with this somewhat "mystical" show/hide behaviour 😁 |
Beta Was this translation helpful? Give feedback.
-
|
FWIW, it helped: I found the old certificate with a different subjectDN but the same username in the CertificateData table and was able to delete it and now the double subjectDN error is gone. MANY MANY THANKS! |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi!
I have a strange problem: being logged in as SuperAdmin, I can find a revoked certificate via RA website, but not via adminweb website.
I noticed this problem when I revoked and deleted a certificate and wanted to issue a new one for the same user. I always got the message that the SubjectDN was already in use. As I did not find anything via adminweb I did not understand at first why this was happening. But then a collegue of mine searched for the DN via RA and found it! Interestingly, I cannot lookup the revoked certificate even by its serial number I found on the RA page via the adminweb page.
So, why is adminweb hiding it? How can this happen? And how can I now delete ALL references to old certificates, so that I can create a new one without the "SubjectDN already exists" problem?
Regards,
Holger
Beta Was this translation helpful? Give feedback.
All reactions