CRL Download and CRL Update Service

The service periodically downloads a CRL from the provided URL and imports it into EJBCA, also updating any revocation information for the certificates. For more information on how to use this on a Validation Authority, see Populating the OCSP Responder Database using the CRL Download Service in OCSP Management.

Setting

Description

CAs to Check

Select the imported CA (or select ANY to process all external X509 CAs with a configured external CDP).

Ignore nextUpdate and always download the CRL

Select to force a download of the CRL whenever the service is executed instead of only downloading the CRL when the last known CRL indicates that a new one will be available.

Maximum allowed size to download (bytes)

The Service will refuse to process CRLs that exceed this limit.

Period

How often the Service should check if a new CRL needs to be downloaded.

Active

Select to activate the service.

When the service is executed, there will be log entries showing if the CRL download and processing was successful.

If the downloaded CRL from the external CDP contains the Freshest CRL extension, the service will try to download and process any such URL that uses "http" as protocol.