Import the CRL File

After the certificate revocation list (CRL) file on the CA server is updated, manually import the corresponding CRL file to each server to ensure that the CRL file is the latest during certificate verification.

You need to manually transfer the CRL file to the specified directory on the server and perform related operations.

Node	Directory for Storing the CRL File	Owner	Permission	Soft Link
Host node	Value of cert_path in the haf_host_install.conf file in the installation package. The default value is /opt/haf-host/omnidata. Name format: ca.crl	Consistent with that during installation	600	No soft link is required.
Offload node	Working directory during installation: /opt/haf-target/run/share Name format: ca.crl	haf	640	You need to create soft links. Two soft links are generated in the following working directories and linked to the preceding working directory: /opt/haf-target/run/daemon/ca.crl /opt/haf-target/run/haf_user/ca.crl The command is as follows: ln -s /opt/haf-target/run/share/ca.crl /opt/haf-target/run/daemon/ca.crl ln -s /opt/haf-target/run/share/ca.crl /opt/haf-target/run/haf_user/ca.crl

Node

Directory for Storing the CRL File

Owner

Permission

Soft Link

Host node

Value of cert_path in the haf_host_install.conf file in the installation package.

The default value is /opt/haf-host/omnidata.

Name format: ca.crl

Consistent with that during installation

600

No soft link is required.

Offload node

Working directory during installation:

/opt/haf-target/run/share

Name format: ca.crl

haf

640

You need to create soft links. Two soft links are generated in the following working directories and linked to the preceding working directory:

/opt/haf-target/run/daemon/ca.crl

/opt/haf-target/run/haf_user/ca.crl

The command is as follows:

ln -s /opt/haf-target/run/share/ca.crl /opt/haf-target/run/daemon/ca.crl

ln -s /opt/haf-target/run/share/ca.crl /opt/haf-target/run/haf_user/ca.crl

The following describes how to import the CRL file on an offload node:

Transfer the CRL file to offload nodes.

Parameter	Description
Task Name	Transferring the CRL file to offload nodes
Task Description	Transferring the CRL file to offload nodes
Transfer Direction	From Local to Remote
Local Path	/xx/xx/ca.crl
Remote Path	/opt/haf-target/run/share

Configure the permission of the ca.crl file.

Parameter	Description
Task Name	Configuring the permission of the ca.crl file
Task Description	Configuring the permission of the ca.crl file
Run Directory	/
Run Command	chmod 640 /opt/haf-target/run/share/ca.crl; chown haf:haf /opt/haf-target/run/share/ca.crl
Whether to Check Return Code	Yes
Expected Return Code	0

Create soft links.

Parameter	Description
Task Name	Creating soft links
Task Description	Creating soft links
Run Directory	/
Run Command	ln -s /opt/haf-target/run/share/ca.crl /opt/haf-target/run/daemon/ca.crl; ln -s /opt/haf-target/run/share/ca.crl /opt/haf-target/run/haf_user/ca.crl
Whether to Check Return Code	Yes
Expected Return Code	0

Parent topic: Running and Maintaining the HAF