Retrieving Crls Using Wget; Retrieving Partial Crls - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

Chapter 8. Publishing Certificates and CRLs
wget --no-check-certificate -d https://server.example.com:9444/ca/ee/ca/crl/MasterCRL.bin
mv MasterCRL.bin MasterCRL.bin.full
dd if=MasterCRL.bin.full of=MasterCRL.bin count=200 bs=1
Then attempt to download the partial CRL using wget -c.
wget --no-check-certificate -c -d https://server.example.com:9444/ca/ee/ca/crl/
MasterCRL.bin

8.3.2. Retrieving CRLs Using wget

Because CRLs can be published as a text file over HTTP, they can be manually retrieved from the CA
using a tool like wget. wget can be used to retrieve any type of published CRL:
• Full CRLs. For example:
wget --no-check-certificate -d https://server.example.com:9444/ca/ee/ca/crl/MasterCRL.bin
• Delta CRLs. For example:
wget --no-check-certificate -N -d https://server.example.com:9444/ca/ee/ca/crl/MasterCRL.bin
The relevant parameters for wget are summarized in
CRLs".
Argument
no argument
-N
-c
--no-check-certificate
-d
Table 8.4. wget Options to Use for Retrieving CRLs

8.3.3. Retrieving Partial CRLs

Because CRLs can be so large, the publishing process can take a long time, which opens up the
possibilities of the publishing process being interrupted.
Resume after Interrupted Downloads"
can be resumed after a publishing operation is interrupted.
To retrieve a partial CRL, run the wget command with -c option. This picks upm the CRL download at
the place it was terminated.
wget --no-check-certificate -c -d https://server.example.com:9444/ca/ee/ca/crl/MasterCRL.bin
228
Table 8.4, "wget Options to Use for Retrieving
Description
Retrieves the full CRL.
Retrieves the CRL that is newer than the local
copy (delta CRL).
Retrieves a partially-downloaded file.
Skips SSL for the connection, so it is not
necessary to configure SSL between the host
and client.
Prints debug information.
Section 8.3.1, "Configuring CRL Publishing to
describes how to configure publishing so that the partial CRL