8.8. Setting up Resumable CRL Downloads
Certificate System provides option for interrupted CRL downloads to be resumed smoothly. This is done by publishing the CRLs as a plain file over HTTP. This method of downloading CRLs gives flexibility in retrieving CRLs and lowers overall network congestion.
8.8.1. Retrieving CRLs Using wget
Because CRLs can be published as a text file over HTTP, they can be manually retrieved from the CA using a tool such as
wget. The wget command can be used to retrieve any published CRL. For example, to retrieve a full CRL which is newer than the previous full CRL:
[root@server ~]# wget --no-check-certificate -d https://server.example.com:8443/ca/ee/ca/crl/MasterCRL.bin
The relevant parameters for
wget are summarized in Table 8.4, “wget Options to Use for Retrieving CRLs”.
Table 8.4. wget Options to Use for Retrieving CRLs
| Argument | Description |
|---|---|
| no argument | Retrieves the full CRL. |
| -N | Retrieves the CRL that is newer than the local copy (delta CRL). |
| -c | Retrieves a partially-downloaded file. |
| --no-check-certificate | Skips SSL for the connection, so it is not necessary to configure SSL between the host and client. |
| -d | Prints debug information. |