Re: [OpenXPKI-users] ldap connector - publishing CRL, un-publish user certificate

Sun, 09 Feb 2025 06:28:44 -0800 

 Hi Oliver,
Thanks for the response. yes it publishes again but only the recent version 
only.
Guide me how to store various versions of CRL .... 
Regards


    On Sunday 9 February 2025 at 12:42:10 pm GMT+5, Oliver Welter 
<m...@oliwel.de> wrote:  
 
  
Hi,
 
while you can of course use LDAP to keep historic versions of the CRL, the 
regular use case is to have the most recent one at a dedicated name and this is 
usually along with the CA certificate located at the DN (this is at least what 
you can find in the default configuration of the OpenXPKI profiles). 
 
 
If this matches your setup, just put "filter: (CN=[% ARGS.0 %])" into the 
config.
 
Oliver
 
 On 09.02.25 05:16, Scott Thomas via OpenXPKI-users wrote:
  
 
 Bonjour, 
  I am also at the same point of publishing CRL in LDAP. It always says 
"Already exists" ... Can we create multiple versions of CRL in the LDAP 
directory ? 
  Cheers Scotty 
  
      On Wednesday 1 September 2021 at 01:39:15 am GMT+5, Montajab Saleh 
<montajab.sa...@gmail.com> wrote:  
  
    Hi,
 
 I try on to publish all users certificates and CRLs to LDAP directory,
 when issuing a user certificate it get published as supposed to,
 Also, first CRL also get published, but when issuing another CRL it get Failed 
with error "ERROR Already exists"
 any advice on how to update the CRL if it already exist
 my current config for CRL publishing
 -------
 ldap-crl:
     class: Connector::Proxy::Net::LDAP::Single
     LOCATION: ldap://<ldap.myorg.local>
     base: dc=myorg,dc=local
     filter: (objectCategory=cRLDistributionPoint)
     binddn: cn=admin,dc=myorg,dc=local
     password: mysecret
     attrmap:
         der: certificateRevocationList;binary
 
     create:
         basedn: dc=myorg,dc=local
         rdnkey: cn
 
     schema:
         cn:
             objectclass: cRLDistributionPoint
             values:
                 cn: copy:self
 -------
 another question,
 is there a way to unpublish a certificate from ldap directory, when it gets 
revoked for example
 
 Thanks
 
 -- 
   Regards
  Montajab Saleh
     _______________________________________________
 OpenXPKI-users mailing list
 OpenXPKI-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/openxpki-users
    
  
  _______________________________________________OpenXPKI-users mailing 
listOpenXPKI-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/openxpki-users
 -- 
Protect your environment -  close windows and adopt a penguin! 
 _______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
  
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to