Re: [Ejbca-develop] no new CRL gets generated?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

On 25/08/2008, at 12.08, Tomas Gustavsson wrote:

>
> I guess you have configured Apache or something to use CRLs? Since
> JBoss/EJBCA will not deny anything because a CRL is not generated.

apache

> Your CRL settings look good. Are you sure it's that the CRLs is not
> generated (in the database) and not that Apache has not understood  
> there
> is a new CRL (since you have to reload apache whan CRLs are updated)?

i have a cronscript that downloads a new crl and restarts apache.
I ran it by hand, and it didnt make any difference. The CRL it got
from ejbca was the same as the one it already downloaded last
time. The cronscript runs every 5 minutes.

> Your crl settings means that the CRL service will check every 5  
> minutes
> if a new CRL needs to be generated. And it should generate a new one
> every 24 hours.
> If the CRL service for some reason would fail, you should get error
> messages in server.log in JBoss.

I suppose i can go look.

JonB