Menu
▾
▴
Re: [Ejbca-develop] Options for CRL downloading?
|
From: <oh...@ya...> - 2019-06-27 13:45:03
|
Hi,
Can EJBCA handle an "ldap:" CRL URL for the external CRL URL?
Thanks,
Jim
On Thursday, June 27, 2019, 9:27:15 AM EDT, <oh...@ya...> wrote:
Hi,
I just noticed that and tried it and waiting for it to see if it tries the download.
Thanks,
Jim
On Thursday, June 27, 2019, 9:05:14 AM EDT, Tomas Gustavsson <to...@pr...> wrote:
In "Edit CA" you have a field to fill in, "External CRL Distribution Point"
Regards,
Tomas
On 2019-06-27 14:23, ohaya--- via Ejbca-develop wrote:
> Hi,
>
> I just found some messages that say "No external CDP configured for CA
> 'XXXXXXXXXXXXXX'. Ignoring CA".
>
> I also checked the CA cert that was imported into EJBCA and, in the
> Adminweb, it has AIA populated with:
>
> CA issuer URI:
> http://xxxx/yyyyy.p7c
> ldap://xxxxxx/zzzzz?crossCertificatePair;binary
>
> BUT the Adminweb does not show CDP.
>
> However, when I look at the actual CA cert that I imported, that has
> both AIA and CDP populated.
>
> Is it possible that EJBCA "doesn't like" the CDP that is in the CA cert
> that I imported, and that is why EJBCA is skipping/ignoring the CA when
> it is trying to do the CRL Downloader service?
>
> Thanks,
> Jim
>
> On Thursday, June 27, 2019, 7:12:29 AM EDT, <oh...@ya...> wrote:
>
>
> Hi,
>
> BTW, I've had one CA/CRL that I imported into EJBCA last night and I had
> the CRL Downloader service enabled and active for that since last night
> and, at least from the server.log, I don't see any attempts to download
> the CRL from the CA endpoint.
>
> Is there something else that I need to do to activate the service?
>
> Thanks,
> Jim
>
>
> On Thursday, June 27, 2019, 6:10:41 AM EDT, <oh...@ya...> wrote:
>
>
> Hi,
>
> Ahh. I think that the CRL Downloader service will only download the CRL
> for a CA if the CA certificate has the CDP correctly populated with the
> URL to download the CRL?
>
> Is that correct?
>
> Thanks,
> Jim
>
>
> On Thursday, June 27, 2019, 6:03:37 AM EDT, <oh...@ya...> wrote:
>
>
> Hi,
>
> I will look at ejbca.sh, but re. the CRL Downloader service, how does
> that actually work? I mean when you use that for a CRL, how does it know
> where to download the CRLs from? The configuration only includes
> choosing which CA. Does the CRL Downloader somehow automatically figure
> out the URL for the CRL download by just know which CA?
>
> Thanks,
> Jim
>
>
> On Thursday, June 27, 2019, 4:02:33 AM EDT, Tomas Gustavsson
> <to...@pr...> wrote:
>
>
> Hi,
>
> You can find basic documentation for services, including the CRL
> downloader service here:
> https://download.primekey.se/docs/EJBCA-Enterprise/latest/Services.html
>
> The CLI have importcrl possibilities. Check the "bin/ejbca.sh" on-line
> help functions for documentation on that.
>
> Best regards,
> Tomas
>
> On 2019-06-27 03:06, ohaya--- via Ejbca-develop wrote:
>> Hi,
>>
>> I just ran across the EJBCA eval guide
> (https://download.primekey.com/docs/EJBCA-Enterprise-Cloud/1_11/ejbca-evaluation-guide.pdf)
> and saw that it mentions the CRL Downloader service. How does that
> service work? Do you provide it with a URL and then it will
> automatically periodically download the CRL for a CA?
>>
>> Also, it was mentioned previously that there was a way (an API or a
> script) to import a CRL into EJBCA? Can you provide
> information/reference about that?
>>
>> Thanks,
>> Jim
>
>>
>>
>> _______________________________________________
>> Ejbca-develop mailing list
>> Ejb...@li...
> <mailto:Ejb...@li...>
>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> <mailto:Ejb...@li...>
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
_______________________________________________
Ejbca-develop mailing list
Ejb...@li...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
|
