Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-9409

Don't generate new CRL when renewing CA with existing key

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: EJBCA 6.7.0
    • Fix Version/s: None
    • Component/s: None
    • Provenance:
      Internal Delivery
    • Issue discovered during:
      Integration

      Description

      Currently, EJBCA always generates a CRL when renewing a CA, even if the same CA key is used. In this case it is not necessary to generate a new CRL.

      CRL generation can take a really long time (which can in turn trigger transaction timeouts in the application server). And renewing without rekeying is the common case for SubCAs.

      We should skip the CRL generation when the CA is renewed with the existing key.

        Attachments

          Activity

            People

            Assignee:
            Unassigned
            Reporter:
            samuel Samuel Lidén Borell
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:

                Time Tracking

                Estimated:
                Original Estimate - 2 days
                2d
                Remaining:
                Remaining Estimate - 2 days
                2d
                Logged:
                Time Spent - Not Specified
                Not Specified