Hi,
Andreas comments on using "get_crl" is correct but obviously only works
on the machine. The default setup also writes the CRL to the
/var/www/download folder, which can be configured in detail in the
"publishing.yaml" of the realm. The folder is usually mapped into the
apache configuration so you can access the CRL via HTTP directly on the
machine (note that this does not work in a mutlinode setup as the CRL is
not synced between the nodes).
You can alse expose the CRL via the RPC interface but this requires that
you write your own workflow to grab the CRL (see
Activity::Tools::CRLExport) and feed it to the output in the way you
need it.
Commercial Break: A highly configurable CRL export and publication
workflow is one of the add-ons we provide with the EE version of the
software ;)
Oliver
On 03.09.24 20:05, Andreas Piesk via OpenXPKI-users wrote:
Am 03.09.24 um 17:16 schrieb Romina Roshani via OpenXPKI-users:
I have a question regarding the downloading of the CRL.
I am usually downloading the CRL and then load it in mbedTLS for a
task. I was wondering if there is perhaps a command that I can use
for automatically downloading the CRL so that I can automate my
process without using the web interface.
I already saw the command for issuing the CRL in issue:
https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/550943e1-8490-598c-b4db-2a86080fc...@oliwel.de/
<https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/550943e1-8490-598c-b4db-2a86080fc...@oliwel.de/>
However, when I tried the command it was successful the first time
but kept on getting cancelled in other attempts:
Workflow created (ID: 12799), State: CANCELED
I think, the workflow will be cancelled if the CRL is too recent, see
last_update, next_update in the output below. you can enforce the
creation:
# openxpkicmd --realm democa crl_issuance --param force_issue=1
Furthermore, I still don't know how the CRL can be downloaded from
the CLI without the use of web interface.
# openxpkicli --realm democa get_crl_list
[
{
"crl_key" : "1535",
"crl_number" : "1535",
"issuer_identifier" : "p52ci8l8mqcdIZr6jM4nBkJmQiQ",
"items" : 0,
"last_update" : 1725385282,
"max_revocation_id" : 1,
"next_update" : 1726594882,
"pki_realm" : "democa",
"profile" : null,
"publication_date" : 1725385282
},
{
"crl_key" : "1279",
"crl_number" : "1279",
"issuer_identifier" : "p52ci8l8mqcdIZr6jM4nBkJmQiQ",
"items" : 0,
"last_update" : 1725385253,
"max_revocation_id" : 1,
"next_update" : 1726594853,
"pki_realm" : "democa",
"profile" : null,
"publication_date" : 1725385253
}
]
# openxpkicli --realm democa --help get_crl_list
# openxpkicli --realm democa --help get_crl
Best,
-ap
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
