Certificate and CRL Reader Service

ENTERPRISE EDITION This is an EJBCA Enterprise Edition (EE) feature.

The Certificate and CRL Reader populates a VA with certificates and CRLs sent from a CA using the SCP Publisher. The data read consists of either complete revocation information (including the certificate), or only the issuer, serial number and status, depending on what has been published by the SCP Publisher. Upon successfully writing to the database, the certificate or CRL file will be removed automatically from the disk. If any error occurs, it will be left for future reads.

Note that the publishing CA's certificates need to be imported as External CAs prior to importing certificates in order to verify the signatures.

images/download/attachments/41288656/Screenshot_2018-11-14_at_16.16.15.png

The following lists configurable fields:

Field

Description

Local Directory containing Certificates

A directory containing certificate output. Note that the application server must have read/write rights to this directory.

Local Directory containing CRLs

A directory containing CRL output. Note that the application server must have read/write rights to this directory.

Certificate Signing CA (if any)

If a CA was selected to sign the certificate output files prior to writing. The public certificate will be used to verify the signature on the envelope.