Oliver Welter wrote:
So this means the index file for crl creation is creted on transition between the states ? If the index-update is availabel through the API I can call this from the new created batch command, so this wont be an issue - is the CRR used for anything else or there any arguemnts against calling the API and setting the database-status of the certs directly ??
Please don't mix 1.1 and 1.2 too in the dicsussion. You have two options:1. Implement the batch system like the normal CRR. This means that you must call the function revoke on the CA token. Please see OpenCA::OpenSSL->revoke for more details.
2. Simply set the certificate state to REVOKE and call the function export_openssl_db (in crypto-utils.lib) with the correct parameters.
Both methods work. The new HEAD version will only support a modified version of the second method because the HEAD has no statical index.txt.
Confusion completed ? ;) Michael -- _______________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 2482 ZE Computer- und Medienservice Fax: +49 (0)30-2093 2704 Unter den Linden 6 [EMAIL PROTECTED] D-10099 Berlin _______________________________________________________________
smime.p7s
Description: S/MIME Cryptographic Signature
