NAME

OpenXPKI::Server::API2::Plugin::Cert::get_crl

COMMANDS

get_crl

returns a CRL.

If no parameter is set at all, the newest CRL of the active signer token in the current realm is selected. To get the latest CRL of another issuer, set issuer_identifier, to select a particular CRL set crl_serial. Both works across realms.

The default is to return the PEM encoded CRL, other formats can be selected setting format.

Parameters

crl_serial: the serial (crl_key) of the database table
issuer_identifier: certificate identifier of the issuer, if set the latest crl of this issuer is returned.
ignore_expired: Will return undef if the next_update timestamp of the lastest crl found is in the past. Ineffective when used with crl_serial.
profile: CRL profile. For security reasons you must set this also when requesting a non-default CRL by its serial number!
format

PEM (default)
DER
TXT
HASH - detailed information parsed from the CRL object
FULLHASH also adds the list of revocation entries (this might become a very expensive task if your CRL is large!).
DBINFO - unmodified result from the database

Changes compared to API v1:

When called with "format => "DBINFO"" the returned HashRef contains lowercase keys. Additionally the following keys changed:

    crl_serial              --> crl_key