Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
The PublishCRLs method instructs a CA to publish CRLs and delta CRLs. This call can either cause the republishing of the current CRLs or cause the CA to create and publish new CRLs.
-
HRESULT PublishCRLs( [in, string, unique] wchar_t const* pwszAuthority, [in] FILETIME FileTime, [in] DWORD Flags );
pwszAuthority: See the definition of the pwszAuthority parameter in section 3.1.4.1.1.
FileTime: Contains a 64-bit value that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). Specifies the nextUpdate value of the CRL, as specified in [RFC3280] section 5.1.2.5, in Greenwich Mean Time.
Flags: An unsigned integer value that specifies the type of CRL to publish and the publishing parameters. This parameter MUST be set to a combination of the following values. Flags uses B as the least-significant bit. It uses B, D and F as shown in the following table.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1B
D
0
0
F
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
-
Value
Description
B
If 1, the CA MUST publish a base CRL.
D
If 1, the CA MUST publish a delta CRL.
F
If 1, the CA MUST republish the existing CRLs.
The CA server MUST apply the following processing rules:
If the F bit is set in Flags, the FileTime parameter is ignored and the following MUST occur:
If the B bit is set in Flags, the CA MUST republish the most recent base CRL (the CRL identified by the CRL table row with CRL_Min_Base of 0 and the highest CRL_Number) for each valid CA key (CRL_Name_ID) and for each partition to the locations that are identified in Config_CA_CDP_Publish_To_Base using the logic in section 3.1.5.2, rules 2 and 3 only.<79>
If the D bit is set in Flags, the CA MUST publish the most recent delta CRL (the CRL identified by the CRL table row with CRL_Min_Base not equal to 0 and the highest CRL_Number) for each valid CA key (CRL_Name_ID) and for each partition to the locations that are identified in Config_CA_CDP_Publish_To_Delta using the logic in section 3.1.5.2, rules 2 and 3 only.<80>
If neither the B bit nor the D bit is set in Flags, the CA MUST return an error. The error SHOULD be ERROR_INVALID_PARAMETER.
If the F bit is NOT set in Flags, the following SHOULD occur:
The CA MUST create a CRL for each valid CA key and for each partition using the logic in section 3.1.4.1.6, rules 2 through 7. The CRL type is determined as follows:
If the B bit is set in Flags, the type of CRL that the CA creates for each valid CA key and each partition MUST be a new base CRL and, if delta CRLs are enabled, a delta CRL.
If the D bit is set in Flags, the type of CRL that the CA creates for each valid CA key and each partition MUST be a new delta CRL.
If neither the B bit nor the D bit is set in Flags, the CA MUST return an error. The error SHOULD be ERROR_INVALID_PARAMETER.
The CA MUST then publish the CRLs using the logic in section 3.1.4.1.6, rules 8 through 13.
Return value: The method returns the first error code returned from the first CRL write operation that failed or was aborted. If none of the CRL write operations failed, the method returns 0.