How to retrieve the CRL from RSA Certificate Manager via ldapsearch
Originally Published: 2009-12-22
Article Number
Applies To
RSA Version/Condition: 6.8
Platform: Microsoft Windows Server 2003 SP2
Platform (Other): Certificate Revocation List (CRL)
Issue
CRL timers are configured on RCM to automatically generate CRLs for the selected CAs.
Resolution
- Create a batch file, say pullCRL.bat, on Windows with the following contents:
@echo OFF REM C:\CRL folder will contain the CRL retrieved from RCM set TEMP=C:\crl c: REM Assuming ldapsearch tool is available under C:\ldapsearch folder cd c:\ldapsearch REM Assuming RCM is installed on rcmhost.domain.net and RCM Secure Directory Server LDAP port is 389 REM Assuming that the CRL being pulled is for CA with md5=<CA-MD5> (replace <CA-MD5> with actual md5) ldapsearch -h rcmhost.domain.net -p 389 -1 -T -t -b \ "(&(objectclass=xuda_rl)(md5=<CA-MD5>))" revocationlist cd c:\crl REM Lets wait for 2 seconds: choice /t 2 /d y REM Replace name of the file from 'CAnickname.crl' to a filename with actual nickname of the CA and with file extension .crl if exist ldapsearch-revocationlist* del CAnickname.crl REM Add CRL header to the CRL file being created: echo -----BEGIN X509 CRL----->>CAnickname.crl REM Now push the PEM encoded CRL content to the new CRL file: type ldapsearch-revocationlist* >>CAnickname.crl REM If the last line in the new CRL file is not empty, need to add an empty line: echo. >>CAnickname.crl REM Add CRL footer to the CRL file: echo -----END X509 CRL----->>CAnickname.crl REM Now we can delete the ldapsearch result file del ldapsearch-revocationlist*
- Create a Windows Scheduled Task to run the above batch file (to retrieve CRL) on regular basis.
Start => All Programs => Accessories => System Tools => Scheduled Tasks => follow prompts to select pullCRL.bat as the program and your preferred schedule.
Related Articles
How to configure private key settings for Internet Explorer on Microsoft Vista Number of Views How to run the RegisterUserExample Admin API example code in RSA Mobile Authentication Server 1.5 Number of Views How to manual deploy Federated Identity Manager (FIM) 2.5 / 2.6 Number of Views Deploying DLP Endpoint Enforce Agent using SCCM Fails. Number of Views Browser locale problems for administration Number of Views
Trending Articles
Artifacts to gather in RSA Identity Governance & Lifecycle Oracle 12c TEMP_UNDO_ENABLED parameter for managing GTT UNDO activity in RSA Identity Governance & Lifecycle RSA announces the availability of the RSA SecurID Hardware Appliance 230 based on the Dell PowerEdge R240 Server RSA Authentication Manager 8.9 Release Notes (January 2026) RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
Don't see what you're looking for?
