For the latest version, please use Certificate Lifecycle Manager 5.0.2!

Archiving & Removing Data

Action : Archive

For archiving operations, admin rights are required.

Αrchive functionalities of records play a pivotal role in addressing governance, risk and compliance (GRC) objectives. A CLM system requires such functionalities, especially when considering following key parameters:

  1. Compliance & Legal Obligations: Archived certificates provide immutable records for audits and regulatory requirements (e.g., GDPR, PCI-DSS). Failure to retain them risks fines or legal penalties.

  2. Risk Mitigation: Isolating expired/revoked certificates prevents accidental reuse or exploitation in attacks (e.g., replay attacks), reducing vulnerabilities.

  3. Cost Optimization: Archiving offloads obsolete certificates from high-cost primary storage to cheaper tiers, freeing resources for active infrastructure.

  4. Lifecycle Governance: Ensures end-to-end management (issuance → archival), preventing certificate sprawl and maintaining a clean, auditable inventory.

  5. Operational Efficiency: Separating active and archived certificates simplifies monitoring, reduces human error, and streamlines IT workflows.

  6. Forensic Preparedness: Archived certificates serve as historical evidence to investigate past incidents or breaches.

While the above examples explicitly mention certificates, they are also applicable to other archivable entities such as:

You can archive a record to keep it accessible, while ensuring it is no longer actively used or modified.

In order to delete records you must first archive them.

Archiving Chain

chainsvgtest
Figure 1. Archiving chain order

  1. Realms, end entities, policies & certificate requests linked to an active certificate can not be archived. Archiving any of the above, without first revoking the linked certificate, will result in an error.

  2. Upon archiving of an entity in archiving chain, all following (child) entities will also be archived. For example, upon end entity archiving its corresponding certificate requests and certificates will also be archived.

  3. Upon archiving of a certificate / certificate request its linked certificate request / certificate will also be archived.

  4. Archived end entities & policies belonging to an archived realm can not be unarchived. Archived realms, end entities & policies can not be used for new operations.

  5. Active certificates & certificate requests can not be archived. Archived certificates & certificate requests that are linked to an archived policy, end entity or realm can not be unarchived. Archived certificates & certificate requests can not be used for new operations.

Use the Show Archived menu option from the Actions dropdown button, to view previously archived entities.

Archived Data Removal

In order to permanently remove archived records, you can use the Archived Data Removal utility. Choose a date on the left side hand of the panel and a type of records for deletion. Data which were archived before the end of the day of the selected date will be then irrevocably deleted.

1200
Figure 2. Archived Data Removal