Question about No IDP Intersection

[aloeee]

Hi!

Maybe someone can help me with some strange issue with CRLs. What exactly means the following error?
No IDP Intersection Base CRL.

This is what my CRL file looks like:

Certificate Revocation List (CRL):
Version 2 (0x1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: /CN=MY CA/OU=MY Dep/O=My Org/C=XX
Last Update: Jan 16 12:12:58 2020 GMT
Next Update: Jan 19 12:12:58 2020 GMT
CRL extensions:
X509v3 Authority Key Identifier:
keyid:E3:79:A9:B3:99:3A:96:6C:AB:A8:07:19:0D:9A:66:F8:F0:E3:58:7E

        Authority Information Access:
            CA Issuers - URI:http://my-ca-url/myca.p7c

        X509v3 CRL Number:
            7674
        X509v3 Issuing Distrubution Point:
            Full Name:
              URI:http://my-ca-uri/myca.crl

Revoked Certificates:

[Tomas Gustavsson]

You have an Issuing Distribution Point (IDP) in the CRL. Why di you have that? Are you trying to use CRL partitioning as defined in RFC5280?
https://tools.ietf.org/html/rfc5280#section-5.2.5

Regards,
Tomas

[aloeee]

Thank you Tomas!
I had read this section of rfc5280 # section-5.2.5 many times, but was still confused. After the "CRL partitioning" you mentioned, things became much clearer and I even found the corresponding lines in the EJBCA documentation https://doc.primekey.com/ejbca/ejbca-operations/ejbca-ca-concept-guide/certificate-authority-overview / partitioned-crls

Regards,
Alo