Skip to content

UpdateCRL Service

Endi S. Dewata edited this page May 25, 2023 · 6 revisions


The UpdateCRL service can be used to force the update of the CRL.


  • Operation: POST /ca/agent/ca/updateCRL

  • Authentication: Client certificate


Forcing CRL Update

$ curl \
    --cert-type P12 \
    --cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>

Forcing CRL Update with Future thisUpdate

$ curl \
    --cert-type P12 \
    --cert ~/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "crlIssuingPoint=MasterCRL&waitForUpdate=true&clearCRLCache=true&customFutureThisUpdateDateValue=2020:9:22:13:0:0&xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>

Forcing CRL Update and Cancel Future thisUpdate

$ curl \
    --cert-type P12 \
    --cert /root/.dogtag/pki-tomcat/ca_admin_cert.p12:Secret.123 \
    -sk \
    -d "crlIssuingPoint=MasterCRL&waitForUpdate=true&clearCRLCache=true&cancelCurCustomFutureThisUpdateValue=true&xml=true" \
    https://$HOSTNAME:8443/ca/agent/ca/updateCRL \
    | xmllint --format -
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
Clone this wiki locally