I am using an EJBCA pki to store certificates ... I implemented connection with EJBCA using soap and rest interfaces . My problem now that i want to get the revocation status of certificates. I tried two methods : first one was with soap like below :
revocation_status = client.service.checkRevokationStatus(cert.issuer.rfc4514_string(), cert.serial_number)
and second one was using rest url but it didin't even worked :
/v1/certificate/{issuer_dn}/{certificate_serial_number}/revocationstatus
I have to mention that I am implementing all these using python I want to know , if someoneknows how to get the revocation status of certificates on EJBCA in an easy way . thank you very much .
You can use either of the above methods (REST only in Enterprise), or use thet standard OCSP protocol (RFC6960) to check revocation status. OCSP is the most standardized approach, and will work against any CA that has an OCSP responder. If yo want to try WS, so you can check (debug log) the SOAP messages and look so that it implements the same in python, you can use cientToolBox. ./ejbcaClientToolBox.sh EjbcaWsRaCli checkrevocationstatus
What does a rfc4514_string look like? Some of these methods mess up the DN instead of giving a good string.