Hi Guys,
I'm doing a maintenace on our neglected CA which has been running ftom 2005. It has around 250k requests and 20k issued certificates meaning around 230k denied requests. I want to delete as much denied requests as possible and also very old expired certificates using the certutil tool. Looking around I found some good articles describing its usage and I just want to confirm with you guys before doing a CA pudding.
- Is it OK if I remove all failed/pending requests before February 2012 using 'certutil -deleterow 1/3/2012 Request'
- Can I remove expired certs, and if so, will this work 'certutil -deleterow 1/1/2010 Cert'
- Remove old CRLs using 'certutil -deleterow 1/1/2012'
- Can someone explain what are the Ext and Attrib options in the certutil -deleterow
Any help on this is very much appreciated.
Thanks!