We have received a bug report that there are duplicate entries in the generated CRL on MSSQL.
So far, this is beleived to be caused by a bug/limitation in the Hibernate driver for MSSQL. EJBCA fetches certificate data in batches of 500 000 rows by default. For this, we set the maximum results and start result in iterations. It appears that the Hibernate driver for MSSQL does not guarantee ordering in this case, which leads to duplicated and/or missing rows.
A suggested workaround is to request fixed ordering of the data in the query (perhaps using "ORDER BY" syntax, and ordering by the revocation date ascending).
As this would slow down the query (especially when there is no index on this column), we should probably make it an optional feature. Since we haven't (to my knowledge) had any reports of this on other databases, we could have it off by default with a configuration option in a properties file for MSSQL users.