8.8. Setting up Resumable CRL Downloads
Certificate System provides option for interrupted CRL downloads to be resumed smoothly. This is done by publishing the CRLs as a plain file over HTTP. This method of downloading CRLs gives flexibility in retrieving CRLs and lowers overall network congestion.
8.8.1. Retrieving CRLs Using wget
Because CRLs can be published as a text file over HTTP, they can be manually retrieved from the CA using a tool such as
wgetcommand can be used to retrieve any published CRL. For example, to retrieve a full CRL which is newer than the previous full CRL:
[root@server ~]# wget --no-check-certificate -d https://server.example.com:8443/ca/ee/ca/crl/MasterCRL.bin
The relevant parameters for
wgetare summarized in Table 8.4, “wget Options to Use for Retrieving CRLs”.
Table 8.4. wget Options to Use for Retrieving CRLs
|no argument||Retrieves the full CRL.|
|-N||Retrieves the CRL that is newer than the local copy (delta CRL).|
|-c||Retrieves a partially-downloaded file.|
|--no-check-certificate||Skips SSL for the connection, so it is not necessary to configure SSL between the host and client.|
|-d||Prints debug information.|