UpdateCRL Service - dogtagpki/pki GitHub Wiki
The UpdateCRL service can be used to force CA to update the CRL.
-
Operation:
POST /ca/agent/ca/updateCRL -
Authentication: Client certificate
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
<header>
<crlIssuingPoint>MasterCRL</crlIssuingPoint>
<crlUpdate>Scheduled</crlUpdate>
</header>
<fixed/>
<records/>
</xml>
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
<header/>
<fixed>
<authorityName>Certificate Manager</authorityName>
<unexpectedError>You did not provide a valid certificate for this operation</unexpectedError>
<requestStatus>7</requestStatus>
</fixed>
<records/>
</xml>
$ curl \
--cert-type P12 \
--cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
-sk \
-d "xml=true" \
https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
| xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
<header>
<crlIssuingPoint>MasterCRL</crlIssuingPoint>
<crlUpdate>Scheduled</crlUpdate>
</header>
<fixed/>
<records/>
</xml>
$ curl \
--cert-type P12 \
--cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
-sk \
-d "crlIssuingPoint=MasterCRL&waitForUpdate=true&clearCRLCache=true&customFutureThisUpdateDateValue=2020:9:22:13:0:0&xml=true" \
https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
| xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
<header>
<crlIssuingPoint>MasterCRL</crlIssuingPoint>
<time>47</time>
</header>
<fixed/>
<records/>
</xml>
$ curl \
--cert-type P12 \
--cert /root/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
-sk \
-d "crlIssuingPoint=MasterCRL&waitForUpdate=true&clearCRLCache=true&cancelCurCustomFutureThisUpdateValue=true&xml=true" \
https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
| xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
<header>
<crlIssuingPoint>MasterCRL</crlIssuingPoint>
<time>52</time>
</header>
<fixed/>
<records/>
</xml>