Menu
▾
▴
Re: [Ejbca-develop] Options for CRL downloading?
|
From: <oh...@ya...> - 2019-06-27 12:23:34
|
Hi,
I just found some messages that say "No external CDP configured for CA 'XXXXXXXXXXXXXX'. Ignoring CA".
I also checked the CA cert that was imported into EJBCA and, in the Adminweb, it has AIA populated with:
CA issuer URI:
http://xxxx/yyyyy.p7c
ldap://xxxxxx/zzzzz?crossCertificatePair;binary
BUT the Adminweb does not show CDP.
However, when I look at the actual CA cert that I imported, that has both AIA and CDP populated.
Is it possible that EJBCA "doesn't like" the CDP that is in the CA cert that I imported, and that is why EJBCA is skipping/ignoring the CA when it is trying to do the CRL Downloader service?
Thanks,
Jim
On Thursday, June 27, 2019, 7:12:29 AM EDT, <oh...@ya...> wrote:
Hi,
BTW, I've had one CA/CRL that I imported into EJBCA last night and I had the CRL Downloader service enabled and active for that since last night and, at least from the server.log, I don't see any attempts to download the CRL from the CA endpoint.
Is there something else that I need to do to activate the service?
Thanks,
Jim
On Thursday, June 27, 2019, 6:10:41 AM EDT, <oh...@ya...> wrote:
Hi,
Ahh. I think that the CRL Downloader service will only download the CRL for a CA if the CA certificate has the CDP correctly populated with the URL to download the CRL?
Is that correct?
Thanks,
Jim
On Thursday, June 27, 2019, 6:03:37 AM EDT, <oh...@ya...> wrote:
Hi,
I will look at ejbca.sh, but re. the CRL Downloader service, how does that actually work? I mean when you use that for a CRL, how does it know where to download the CRLs from? The configuration only includes choosing which CA. Does the CRL Downloader somehow automatically figure out the URL for the CRL download by just know which CA?
Thanks,
Jim
On Thursday, June 27, 2019, 4:02:33 AM EDT, Tomas Gustavsson <to...@pr...> wrote:
Hi,
You can find basic documentation for services, including the CRL
downloader service here:
https://download.primekey.se/docs/EJBCA-Enterprise/latest/Services.html
The CLI have importcrl possibilities. Check the "bin/ejbca.sh" on-line
help functions for documentation on that.
Best regards,
Tomas
On 2019-06-27 03:06, ohaya--- via Ejbca-develop wrote:
> Hi,
>
> I just ran across the EJBCA eval guide (https://download.primekey.com/docs/EJBCA-Enterprise-Cloud/1_11/ejbca-evaluation-guide.pdf) and saw that it mentions the CRL Downloader service. How does that service work? Do you provide it with a URL and then it will automatically periodically download the CRL for a CA?
>
> Also, it was mentioned previously that there was a way (an API or a script) to import a CRL into EJBCA? Can you provide information/reference about that?
>
> Thanks,
> Jim
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
|
