Log In
Home
11/20/2018
Offline
I have an infrastructure with an Offline CA server, CA server, more than 100 UA Servers and more than 100 UA Clients.
To keep track on expire dates for the Certificates I use information from the GDS Server.
How do I keep track on the next update for the Offline CA Crl and the CA Crl on every server and client. When the next update time has expired I get errors telling me that the Crl has expired.
I don't have access to the machines and folders where the Crl's are stored so I can't read them with an application to check for the expiration (i.e. next update) date.
Do you have any good suggestions for how to keep the Crl's up to date at any time?
I have also noticed that Kepware doesn't seem to have any Crl's. Is that correct?
05/30/2017
Offline
If your applications are using Pull Management they must periodically connect to the GDS to see if there is an updated TrustList.
The GDS will have a TrustList object assigned to the application:
https://reference.opcfoundatio.....cs/7.8.2.1
The LastUpdateTime will tell the client that the TrustList (and any CRLs in it have changed).
You do not keep track of CRLs - you only care about the TrustList assigned to the application which will contain the latest CRLs that the application needs.
If your applications are using Push Management then the GDS connects to the application and provides an updated TrustList when it changes. The LastUpdateTime on the TrustList Object exposed by the application tells the GDS if the TrustList needs an update.
1 Guest(s)
Usage Policy