Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4316

Option to skip generating CRL when importing CA

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Critical
    • Resolution: Won't Do
    • Affects Version/s: EJBCA 6.3.2
    • Fix Version/s: None
    • Component/s: CLI
    • Issue discovered during:
      Integration

      Description

      Currently, when importing an existing CA into EJBCA (let's say during a migration project), two CRLs will automatically get generated for the imported CA - one regular CRL, and one delta CRL.

      In case of migration projects, this is possibly not something that should be done, because the CA has already had a lifecycle of its own, and has already generated a number of CRLs as it is.

      It would be beneficial if an option was introduced to the "bin/ejbca.sh ca importca" command that would allow the user to skip generation of the CRLs during import.

      Additional notes:

      I have ran into a problem where, in case no index has been created on CRLData table, a CA ended-up with duplicate CRL with CRL number 2 - one generated from EJBCA during import, and one from import of an actual CRL. This caused an exception to be thrown on homepage (something about non-unique results, probably for CRL).

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            branko Branko Majic (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: