Find out how to retrieve Certificate Revocation Lists (CRLs) from EJBCA and what configuration options are available.
The purpose of Certificate Revocation Lists (CRLs) is to convey the revocation status of digital certificates that are either revoked or on hold. CRLs are periodically issued, time-stamped, and signed data structures by certificate authorities (CA) or CRL issuers. This format is standardized in RFC 5280.
CRLs are published according to internal CA policies, with a periodicity ranging from hourly to daily or weekly. The status of a certificate within the CRL is categorized as either revoked, which indicates that it is irreversibly revoked, or hold, which denotes temporary invalidity.
EJBCA also supports another method to convey information about revoked certificates: the Online Certificate Status Protocol (OCSP).
In this tutorial video, you will learn how to obtain CRLs from EJBCA, configure different options, and set up the CRL download location within the CA or Certificate Profile.
A running EJBCA instance that is accessible via the CA UI.
Note: In this tutorial, the following version is used: EJBCA CE 8.1 beta
Check out the supplementary EJBCA and CRL documentation.
Get your hands on the EJBCA Docker container by downloading it now.
Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.
You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.