Show Table of Contents
7.8. Setting up Resumable CRL Downloads
Certificate System provides option for interrupted CRL downloads to be resumed smoothly. This is done by publishing the CRLs as a plain file over HTTP. This method of downloading CRLs gives flexibility in retrieving CRLs and lowers overall network congestion.
7.8.1. Retrieving CRLs Using wget
Because CRLs can be published as a text file over HTTP, they can be manually retrieved from the CA using a tool such as
wget. The wget command can be used to retrieve any published CRL. For example, to retrieve a full CRL which is newer than the previous full CRL:
[root@server ~]# wget --no-check-certificate -d https://server.example.com:8443/ca/ee/ca/crl/MasterCRL.bin
The relevant parameters for
wget are summarized in Table 7.4, “wget Options to Use for Retrieving CRLs”.
Table 7.4. wget Options to Use for Retrieving CRLs
| Argument | Description |
|---|---|
| no argument | Retrieves the full CRL. |
| -N | Retrieves the CRL that is newer than the local copy (delta CRL). |
| -c | Retrieves a partially-downloaded file. |
| --no-check-certificate | Skips SSL for the connection, so it is not necessary to configure SSL between the host and client. |
| -d | Prints debug information. |
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.