openssl ca -config /etc/openxpki/ca/realm_name/.openssl/openssl.cnf -cert /etc/openxpki/ca/realm_name/realm_name_Root_CA_01.crt -passin file:/etc/openxpki/ca/realm_name/realm_name_Root_CA_01.pass -keyfile /etc/openxpki/ca/realm_name/realm_name_Root_CA_01.key -gencrl -out /var/www/download/realm_name_Root_01.crl -crldays 365
This command can generate the Root CRL as is necessary for an 'offline' CA requirement but openxpki should have a function to host that CRL as well.
Need to update the install script to run this command on first install, place the CRL in /var/www/download, change ownership to openxpki and chmod to 755 for web access.
openssl ca -config /etc/openxpki/ca/realm_name/.openssl/openssl.cnf -cert /etc/openxpki/ca/realm_name/realm_name_Root_CA_01.crt -passin file:/etc/openxpki/ca/realm_name/realm_name_Root_CA_01.pass -keyfile /etc/openxpki/ca/realm_name/realm_name_Root_CA_01.key -gencrl -out /var/www/download/realm_name_Root_01.crl -crldays 365This command can generate the Root CRL as is necessary for an 'offline' CA requirement but openxpki should have a function to host that CRL as well.
Need to update the install script to run this command on first install, place the CRL in /var/www/download, change ownership to openxpki and chmod to 755 for web access.