UpdateCRL Service - dogtagpki/pki GitHub Wiki

Overview

The UpdateCRL service can be used to force the update of the CRL.

Request

  • Operation: POST /ca/agent/ca/updateCRL

  • Authentication: Client certificate

Response

Forcing CRL Update

$ curl \
    --cert-type P12 \
    --cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
  <header>
    <crlIssuingPoint>MasterCRL</crlIssuingPoint>
    <crlUpdate>Scheduled</crlUpdate>
  </header>
  <fixed/>
  <records/>
</xml>

Forcing CRL Update with Future thisUpdate

$ curl \
    --cert-type P12 \
    --cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "crlIssuingPoint=MasterCRL&waitForUpdate=true&clearCRLCache=true&customFutureThisUpdateDateValue=2020:9:22:13:0:0&xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
  <header>
    <crlIssuingPoint>MasterCRL</crlIssuingPoint>
    <time>47</time>
  </header>
  <fixed/>
  <records/>
</xml>

Forcing CRL Update and Cancel Future thisUpdate

$ curl \
    --cert-type P12 \
    --cert /root/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "crlIssuingPoint=MasterCRL&waitForUpdate=true&clearCRLCache=true&cancelCurCustomFutureThisUpdateValue=true&xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
  <header>
    <crlIssuingPoint>MasterCRL</crlIssuingPoint>
    <time>52</time>
  </header>
  <fixed/>
  <records/>
</xml>
Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
⚠️ **GitHub.com Fallback** ⚠️