Step F. Check The File For The Crl - Netscape MANAGEMENT SYSTEM 4.5 Installation And Setup Manual

Step F. Check the File for the CRL

Whenever the Certificate Manager generates a CRL, it automatically attempts to
publish the CRL to the configured repository—in this case, the flat file. The CRL it
publishes is a binary blob, in the DER-encoded format. To check whether the
Certificate Manager published the correct CRL (in this case, the CRL contains only
one certificate), you need to do the following:
Check whether the server generated the DER-encoded file containing the CRL.
1.
To check whether the server published the CRL as a binary blob to the
specified directory, go to the directory you specified for the server to publish
CRLs. You should find a file with its name in the
format, where
<this_update>
time-dependent variable named
If you don't see the file, check your configuration.
Convert the DER-encoded CRL to its base 64-encoded format using the Binary
2.
to ASCII tool (see Chapter 8, "Binary to ASCII Tool" of CMS Command-Line
Tools Guide).
To convert the DER-encoded CRL to its base 64-encoded form:
Open a command window.
a.
Go to this directory:
b.
At the prompt, enter this:
c.
substituting
<input_file>
DER-encoded CRL and
the base-64 encoded CRL. (The optional
this is required only when running the utility on a Windows NT system.)
For example, if the DER-encoded file is in
C:\crls\crl-949102696899.der
to be in
C:\crls\crl-949102696899.txt
this:
BtoA C:\crls\crl-949102696899.der
C:\crls\crl-949102696899.txt
Configuring Certificate Manager to Publish to Files
specifies the value derived from the
This Update
<server_root>/bin/cert/tools
BtoA[.bat] <input_file> <output_file>
with the path to the file that contains the
with the path to the file to write
<output_file>
.bat
and you want the base-64 encoded CRL
Chapter 20 Publishing Certificates and CRLs to a File
crl-<this_update>.der
of the CRL contained in the file.
specifies the file extension;
, the command would look like
683