1. Home
  2. /
  3. Retrieve Certificate Revocation Lists from EJBCA

Retrieve Certificate Revocation Lists from EJBCA 

Find out how to retrieve Certificate Revocation Lists (CRLs) from EJBCA and what configuration options are available.

hero-sub-2
CRLs-image

Find out if a digital certificate has been revoked

The purpose of Certificate Revocation Lists (CRLs) is to convey the revocation status of digital certificates that are either revoked or on hold. CRLs are periodically issued, time-stamped, and signed data structures by certificate authorities (CA) or CRL issuers. This format is standardized in RFC 5280

CRLs are published according to internal CA policies, with a periodicity ranging from hourly to daily or weekly. The status of a certificate within the CRL is categorized as either revoked, which indicates that it is irreversibly revoked, or hold, which denotes temporary invalidity.

EJBCA also supports another method to convey information about revoked certificates: the Online Certificate Status Protocol (OCSP).  

How to get started

In this tutorial video, you will learn how to obtain CRLs from EJBCA, configure different options, and set up the CRL download location within the CA or Certificate Profile.

Prerequisites:

A running EJBCA instance that is accessible via the CA UI.

Note: In this tutorial, the following version is used: EJBCA CE 8.1 beta

Documentation 

Tutorials/documentation

Documentation

Check out the supplementary EJBCA and CRL documentation.

Docker Hub

Get your hands on the EJBCA Docker container by downloading it now.

YouTube

Take a peek at our tutorial video on YouTube, and browse through some of our other videos as well.

Discuss

You can ask your questions and learn from PKI specialists in the EJBCA forum on GitHub Discussions.