-
Notifications
You must be signed in to change notification settings - Fork 138
PKI Server CA CRL CLI
Endi S. Dewata edited this page Aug 23, 2023
·
6 revisions
The pki-server ca-crl-*
commands provide an interface to manage the CRL configuration in CA.
Availability: Since PKI 11.5.
$ pki-server ca-crl-show Page Size: 100
$ pki-server ca-crl-ip-find ID: MasterCRL Description: CA's complete Certificate Revocation List Class: com.netscape.ca.CRLIssuingPoint Enable: true
$ pki-server ca-crl-ip-show MasterCRL ID: MasterCRL Description: CA's complete Certificate Revocation List Class: com.netscape.ca.CRLIssuingPoint Enable: true Allow Extensions: true Always Update: false Auto Update Interval (minutes): 240 CA Certs Only: false Cache Update Interval (minutes): 15 Unexpected Exception Wait Time (minutes): 30 Unexpected Exception Loop Max: 10 Daily Updates: 1:00 Enable CRL Cache: true Enable CRL Updates: true Enable Cache Testing: false Enable Cache Recovery: true Enable Daily Updates: true Enable Update Interval: true Extended Next Update: true Include Expired Certs: false Min Update Interval (minutes): 0 Next Update Grace Period (minutes): 0 Publish On Start: false Save Memory: false Signing Algorithm: SHA256withRSA Update Schema: 1
$ pki-server ca-crl-ip-mod \ --desc "Master CRL" \ --class com.example.ca.CRLIssuingPoint \ --enable false \ -D alwaysUpdate=true \ -D autoUpdateInterval=5 \ MasterCRL
See also Configuring CRL.
Tip
|
To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis. |