Skip to content

UpdateCRL Service

Jump to bottom
Endi S. Dewata edited this page Jun 23, 2025 · 7 revisions

Overview

The UpdateCRL service can be used to force CA to update the CRL.

Request

  • Operation: POST /ca/agent/ca/updateCRL

  • Authentication: Client certificate

Response

Success

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
  <header>
    <crlIssuingPoint>MasterCRL</crlIssuingPoint>
    <crlUpdate>Scheduled</crlUpdate>
  </header>
  <fixed/>
  <records/>
</xml>

Failure

<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
<header/>
  <fixed>
    <authorityName>Certificate Manager</authorityName>
    <unexpectedError>You did not provide a valid certificate for this operation</unexpectedError>
    <requestStatus>7</requestStatus>
  </fixed>
  <records/>
</xml>

Examples

Forcing CRL Update

$ curl \
    --cert-type P12 \
    --cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
  <header>
    <crlIssuingPoint>MasterCRL</crlIssuingPoint>
    <crlUpdate>Scheduled</crlUpdate>
  </header>
  <fixed/>
  <records/>
</xml>

Forcing CRL Update with Future thisUpdate

$ curl \
    --cert-type P12 \
    --cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "crlIssuingPoint=MasterCRL&waitForUpdate=true&clearCRLCache=true&customFutureThisUpdateDateValue=2020:9:22:13:0:0&xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
  <header>
    <crlIssuingPoint>MasterCRL</crlIssuingPoint>
    <time>47</time>
  </header>
  <fixed/>
  <records/>
</xml>

Forcing CRL Update and Cancel Future thisUpdate

$ curl \
    --cert-type P12 \
    --cert /root/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "crlIssuingPoint=MasterCRL&waitForUpdate=true&clearCRLCache=true&cancelCurCustomFutureThisUpdateValue=true&xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<xml>
  <header>
    <crlIssuingPoint>MasterCRL</crlIssuingPoint>
    <time>52</time>
  </header>
  <fixed/>
  <records/>
</xml>

See Also

Tip
 To find a page in the Wiki, enter the keywords in search field, press Enter, then click Wikis.
Clone this wiki locally