Re: [Ejbca-develop] Options for CRL downloading?

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

In "Edit CA" you have a field to fill in, "External CRL Distribution Point"

Regards,
Tomas

On 2019-06-27 14:23, ohaya--- via Ejbca-develop wrote:
> Hi,
> 
> I just found some messages that say "No external CDP configured for CA
> 'XXXXXXXXXXXXXX'. Ignoring CA".
> 
> I also checked the CA cert that was imported into EJBCA and, in the
> Adminweb, it has AIA populated with:
> 
> CA issuer URI:
> http://xxxx/yyyyy.p7c
> ldap://xxxxxx/zzzzz?crossCertificatePair;binary
> 
> BUT the Adminweb does not show CDP.
> 
> However, when I look at the actual CA cert that I imported, that has
> both AIA and CDP populated.
> 
> Is it possible that EJBCA "doesn't like" the CDP that is in the CA cert
> that I imported, and that is why EJBCA is skipping/ignoring the CA when
> it is trying to do the CRL Downloader service?
> 
> Thanks,
> Jim
> 
> On Thursday, June 27, 2019, 7:12:29 AM EDT, <oh...@ya...> wrote:
> 
> 
> Hi,
> 
> BTW, I've had one CA/CRL that I imported into EJBCA last night and I had
> the CRL Downloader service enabled and active for that since last night
> and, at least from the server.log, I don't see any attempts to download
> the CRL from the CA endpoint.
> 
> Is there something else that I need to do to activate the service?
> 
> Thanks,
> Jim
> 
> 
> On Thursday, June 27, 2019, 6:10:41 AM EDT, <oh...@ya...> wrote:
> 
> 
> Hi,
> 
> Ahh. I think that the CRL Downloader service will only download the CRL
> for a CA if the CA certificate has the CDP correctly populated with the
> URL to download the CRL?
> 
> Is that correct?
> 
> Thanks,
> Jim
> 
> 
> On Thursday, June 27, 2019, 6:03:37 AM EDT, <oh...@ya...> wrote:
> 
> 
> Hi,
> 
> I will look at ejbca.sh, but re. the CRL Downloader service, how does
> that actually work? I mean when you use that for a CRL, how does it know
> where to download the CRLs from? The configuration only includes
> choosing which CA. Does the CRL Downloader somehow automatically figure
> out the URL for the CRL download by just know which CA?
> 
> Thanks,
> Jim
> 
> 
> On Thursday, June 27, 2019, 4:02:33 AM EDT, Tomas Gustavsson
> <to...@pr...> wrote:
> 
> 
> Hi,
> 
> You can find basic documentation for services, including the CRL
> downloader service here:
> https://download.primekey.se/docs/EJBCA-Enterprise/latest/Services.html
> 
> The CLI have importcrl possibilities. Check the "bin/ejbca.sh" on-line
> help functions for documentation on that.
> 
> Best regards,
> Tomas
> 
> On 2019-06-27 03:06, ohaya--- via Ejbca-develop wrote:
>> Hi,
>>
>> I just ran across the EJBCA eval guide
> (https://download.primekey.com/docs/EJBCA-Enterprise-Cloud/1_11/ejbca-evaluation-guide.pdf)
> and saw that it mentions the CRL Downloader service.  How does that
> service work?  Do you provide it with a URL and then it will
> automatically periodically download the CRL for a CA?
>>
>> Also, it was mentioned previously that there was a way (an API or a
> script) to import a CRL into EJBCA?  Can you provide
> information/reference about that?
>>
>> Thanks,
>> Jim
> 
>>
>>
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
> <mailto:Ejb...@li...>
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> <mailto:Ejb...@li...>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> 
> 
> 
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>