NAME

OpenXPKI::Server::API2::Plugin::Import::import_crl

COMMANDS

import_crl

Import a CRL into the current realm. This should be used only within realms that work as a proxy to external CA systems or use external CRL signer tokens.

The issuer is extracted from the CRL. Note that the issuer must be defined as alias in the "certsign" group.

A check for duplicate CRLs is done based on "issuer" and "crl_number", in case the given CRL has no CRL Number extension, it is considered as duplicate if an existing CRL without number and the same value for "last_update" and "next_update" exists.

By default, the method throws an exception if the given CRL exists already, you can set skip_duplicate to silently ignore duplicates in which case no new record will be created and the existing one will be returned.

The content of the CRL is NOT parsed, therefore the certificate status of revoked certificates is NOT changed in the database!

Returns a HashRef with the CRL informations inserted into the database, e.g.:

    {
        crl_key => '6655',
        profile => undef, 
        issuer_identifier => 'RE35XR3XIBXiIbAu8P5aGMCmH7o',
        last_update => 1521556123,
        next_update => 3098356123,
        pki_realm => 'democa',
        publication_date => 0,
        items =>  42,
        crl_number  => 1234567,
    }

Parameters

"data" Str - PEM formated CRL. Required.
"profile" Str - sets the profile field for the CRL, optional.
"skip_duplicate" Bool
"nosigner" Bool - import CRLs for issuers not in the certsign group

Changes compared to API v1:

The previously unused parameter "ISSUER" was removed.