In light of the security issues fixed in the 2.12.5 release, is there any way to have the CA provide a list of all the certificates that it has signed? Normally an OpenSSL CA maintains copies of all the certs it signs, but I don’t see that anywhere in /var/lib/icinga2, and I don’t think it would be kept anywhere else. And if this isn’t possible, I would suggest that perhaps this would be a good idea, even if it’s just a list of the certs issued? I don’t think the CA and everything need to be replaced, but if I can’t verify that it hasn’t been compromised then due diligence requires that I do so (and so should probably everybody)…
Hello there and welcome to the community forum 
I would suggest opening a feature request over on the Icinga 2 issue page. While the devs do come here sometimes to help out, this forum is primarily for users to help each other out.
If you need to get in contact with the devs, GitHub is the place to be