Discussion:
[Ejbca-develop] Create Delta CRL through web service call
Nikita Bedmutha
2017-03-02 10:53:15 UTC
Permalink
Hi,

I am using EJBCA 6.5.0.4 and have configured the Delta CRL Period greater
than 0 for a CA, so that it supports issuing delta CRLs.
I am unable to locate any webservice SOAP call to create the delta CRL for
a CA. The createCRL WS call does not have any 'delta' option, it takes only
CA name and creates the complete CRL.
The getLatestCRL method does support fetching delta CRL using 'delta' as
one of the boolean parameter. However, to fetch it, the delta CRL must be
created first.
Hence, every time I fetch the latest delta CRL, it comes out to be a CRL
with no revoked certificates in it, as the delta CRL must have not been
created.

When I tried creating the delta CRL through CLI (createcrl -delta) and then
getLatestCRL using delta, it worked fine.
But I want to trigger the createCRL with delta option through WS call, is
there any way to do so?


Regards,
Nikita Bedmutha
Software Engineer | m: +91 94042 02790 | [image: G]
G <http://www.linkedin.com/in/nikitabedmutha>reat Software Laboratory
<http://www.gslab.com/>
Tomas Gustavsson
2017-03-03 01:39:46 UTC
Permalink
As far as I can see the WS method will create both a full CRL and a
deltaCRL, if delta CRLs are enabled.

publishingCrlSession.forceCRL(admin, cainfo.getCAId());
publishingCrlSession.forceDeltaCRL(admin, cainfo.getCAId());

Regard,
Tomas
Post by Nikita Bedmutha
Hi,
I am using EJBCA 6.5.0.4 and have configured the Delta CRL Period
greater than 0 for a CA, so that it supports issuing delta CRLs.
I am unable to locate any webservice SOAP call to create the delta CRL
for a CA. The createCRL WS call does not have any 'delta' option, it
takes only CA name and creates the complete CRL.
The getLatestCRL method does support fetching delta CRL using 'delta' as
one of the boolean parameter. However, to fetch it, the delta CRL must
be created first.
Hence, every time I fetch the latest delta CRL, it comes out to be a CRL
with no revoked certificates in it, as the delta CRL must have not been
created.
When I tried creating the delta CRL through CLI (createcrl -delta) and
then getLatestCRL using delta, it worked fine.
But I want to trigger the createCRL with delta option through WS call,
is there any way to do so?
Regards,
Nikita Bedmutha
Software Engineer | m: +91 94042 02790 | G
G <http://www.linkedin.com/in/nikitabedmutha>reat Software Laboratory
<http://www.gslab.com/>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Ejbca-develop mailing list
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
Loading...