3.1.4.2.1 ICertAdminD2::PublishCRLs (Opnum 31)
The PublishCRLs method instructs a CA to publish CRLs and delta CRLs. This call can either cause the republishing of the current CRLs or cause the CA to create and publish new CRLs.
-
HRESULT PublishCRLs( [in, string, unique] wchar_t const* pwszAuthority, [in] FILETIME FileTime, [in] DWORD Flags );
pwszAuthority: See the definition of the pwszAuthority parameter in section 3.1.4.1.1.
FileTime: Contains a 64-bit value that represents the number of 100-nanosecond intervals since January 1, 1601 (UTC). Specifies the nextUpdate value of the CRL, as specified in [RFC3280] section 5.1.2.5, in Greenwich Mean Time.
Flags: An unsigned integer value that specifies the type of CRL to publish and the publishing parameters. This parameter MUST be set to a combination of the following values. Flags uses B as the least-significant bit. It uses B, D and F as shown in the following table.
-
0
1
2
3
4
5
6
7
8
91
0
1
2
3
4
5
6
7
8
92
0
1
2
3
4
5
6
7
8
93
0
1B
D
0
0
F
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
-
Value
Description
B
If 1, the CA MUST publish a base CRL.
D
If 1, the CA MUST publish a delta CRL.
F
If 1, the CA MUST republish the existing CRLs.
The CA server MUST apply the following processing rules:
If the F bit is set in Flags, the FileTime parameter is ignored and the following MUST occur:
If the B bit is set in Flags, the CA MUST republish the most recent base CRL (the CRL identified by the CRL table row with CRL_Min_Base of 0 and the highest CRL_Number) for each valid CA key (CRL_Name_ID) to the locations that are identified in Config_CA_CDP_Publish_To_Base using the logic in section 3.1.5.2, rules 2 and 3 only.<69>
If the D bit is set in Flags, the CA MUST publish the most recent delta CRL (the CRL identified by the CRL table row with CRL_Min_Base not equal to 0 and the highest CRL_Number) for each valid CA key (CRL_Name_ID) to the locations that are identified in Config_CA_CDP_Publish_To_Delta using the logic in section 3.1.5.2, rules 2 and 3 only.<70>
If neither the B bit nor the D bit is set in Flags, the CA MUST return an error. The error SHOULD be ERROR_INVALID_PARAMETER.
If the F bit is NOT set in Flags, the following SHOULD occur:
The CA MUST create a CRL for each valid CA key using the logic in section 3.1.4.1.6, rules 2 through 7. The CRL type is determined as follows:
If the B bit is set in Flags, the type of CRL that the CA creates for each valid CA key MUST be a new base CRL and, if delta CRLs are enabled, a delta CRL.
If the D bit is set in Flags, the type of CRL that the CA creates for each valid CA key MUST be a new delta CRL.
If neither the B bit nor the D bit is set in Flags, the CA MUST return an error. The error SHOULD be ERROR_INVALID_PARAMETER.
The CA MUST then publish the CRLs using the logic in section 3.1.4.1.6, rules 8 through 13.
Return value: The method returns the first error code returned from the first CRL write operation that failed or was aborted. If none of the CRL write operations failed, the method returns 0.