Certificate and CRL Reader Service

ENTERPRISE  This is an EJBCA Enterprise feature.

The Certificate and CRL Reader populates a VA with certificates and CRLs sent from a CA using the SCP Publisher. The data read consists of either complete revocation information (including the certificate), or only the issuer, serial number and status, depending on what has been published by the SCP Publisher. Upon successfully writing to the database, the certificate or CRL file will be removed automatically from the disk. If any error occurs, it will be left for future reads.  

Note that the publishing CA's certificates need to be imported as External CAs prior to importing certificates in order to verify the signatures.


The following lists configurable fields:

FieldDescription
A directory containing certificate output. Note that the application server must have read/write rights to this directory.
Local Directory containing CRLsA directory containing CRL output. Note that the application server must have read/write rights to this directory.
Certificate Signing CA (if any)If a CA was selected to sign the certificate output files prior to writing. The public certificate will be used to verify the signature on the envelope.