000025670 - How to fetch a CRL directly from KCA LDAP database

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025670
Applies ToKeon Certificate Authority
IssueHow to fetch a CRL directly from KCA LDAP database
ResolutionThere are two ways to download the CRL from the KCA database:

1. To retrieve PEM formatted CRL, you can use the following:

  ldap://<KCA-host-name>:<LDAP-port>/md5=<MD5-of-the-CA>?certificaterevocationlist?


2. To retrieve the CRL in binary(DER), the following would work (*** Only when local CRL publishing is enabled):

  ldap://<KCA-host-name>:<LDAP-port>/<DN-of-the-CA-cert>?certificaterevocationlist?

For example:

ldap://host.name:389:/c=us,st=ca,l=westerville,o=acme,ou=security,cn=myca?certificaterevocationlist?
Legacy Article IDa14436

Attachments

    Outcomes