Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help


       This activity publishes a single	crl. The context must hold the
       crl_serial and the ca_alias parameters. crl_serial can have the value
       "latest"	which will resolve to the crl with the highest last_update
       date for	the issuer.

       The data	point you specify at prefix must contain a list	of connectors.
       Each connector is called	with the CN of the issuing ca as location.
       The data	portion	contains a hash	ref with the keys pem, der and subject
       (issuer subject)	holding	the appropriate	strings	and issuer which is
       the issuer subject parsed into a	hash as	used in	the template
       processing when issuing the certificates.

       There are severeal options to handle errors when	the connectors fail,
       details are given below (see on_error parameter).

	      class: OpenXPKI::Server::Workflow::Activity::Tools::PublishCRL
	      prefix: publishing.crl

   Activity parameters
	   The config path where the connector configuration resides, in the
	   default configuration this is publishing.crl.

	   Define what to do on	problems with the publication connectors. One

	   exception (default)
	       The connector exception bubbles up and the workflow terminates.

	       Skip the	publication target and continue	with the next one.

	       Similar to skip,	but failed targets are added to	a queue. As
	       long as the queue is not	empty, pause/wake_up is	used to	retry
	       those targets with the retry parameters set. This obvioulsy
	       requires	retry_count to be set.

	   The serial of the crl to publish or the keyword "latest" which
	   pulls the CRL with the latest last_update date for the given
	   issuer. Only	effective if NOT set in	the context.

	   Boolean, only used in conjunction with crl_serial = latest. Will
	   silently skip publication of	no CRL is found	for the	given issuer.

   Context parameters
	   The alias name of the CA

	   The serial of the crl to publish or the keyword "latest" which
	   pulls the CRL with the latest last_update date for the given

	   Used	to temporary store unpublished targets when on_error is	set.

   Data	Source Configuration
       At the configuration path given in the prefix parameter,	you must
       provide a list of connectors:

	     repo1@: connector:....
	     repo2@: connector:....

       To publish the crl to your webserver, here is an	example	connector:

	       class: Connector::Builtin::File::Path
	       LOCATION: /var/www/myrealm/
	       file: "[% ARGS %].crl"
	       content:	"[% pem	%]"

       The ARGS	placeholder is replaced	with the CN part of the	issuing	ca. So
       if you name your	ca generations as "ServerCA-1" and "ServerCA-2", you
       will end	up with	two crls at "http://myhost/myrealm/ServerCA-1.crl"
       resp.  "http://myhost/myrealm/ServerCA-2.crl"

perl v5.32.0	    OpenXPKI::Server::Workflow::Activity::Tools::PublishCRL(3)

Name | Description | Configuration

Want to link to this manual page? Use this URL:

home | help