Ca Cert And Crl (driver-CaCertAndCrl)

This component is a frozen slot on the CA Configuration. It lets you configure a CA and whether or not Certificate Revocation Lists (CRLs) will be used. Client certificates must be signed by at least one configured CA. If CRLs are used, any certificate in the CRL will be rejected and the user will not be able to log in or connect to the station while using that certificate.

You do not directly add CaCertAndCrl to the PKI Authentication Scheme. Instead, you add CA Configurations, which have a CA Cert and CRL frozen slot. CaCertAndCrl functions the same way as bacnet-IssuerCertAndCrl.

Property	Value	Description
Status	read-only (`ok, fault, alarm, unacked`)	Describes the current status of the CA Cert and CRL.
CA Certificate	file choose	Selects a CA certificate, which should be the CA that has signed or will sign the client certificates. Note: The CA does not need to have directly signed the certificate. It can be a root or intermediate CA. Note: Only the public certificate of the CA is needed. The private key should not be included in the selected file.
Use CRL Distribution Point in CA	true or false	If true, the CA certificate will be parsed to find a CRL Distribution Point extension. If any are found, their values will be used in the CRL Distribution Point URLs property, which will be read-only. If false, the CRL Distribution Point URL property will be editable.
CRL Distribution Point URLs	text	Displays a list of URLs where a CRL may be found. Each URL should be on its own line. If Use CRL Distribution Point in CA is set to true, it is read-only and is set to the values found in the CA. If the CA does not have any CRL Distribution Point extension, it may be blank. If Use CRL Distribution Point in CA is set to false, you can manually enter the URLs. Note: If this property is not blank, CRLs are assumed to be configured and required. If this property is not blank and a CRL cannot be acquired (for example, due to lack of connectivity or a bad URL), the Jetty Server will not start. An error message will be logged in the station output.
CRL Descriptor	text	Handles fetching the CRL from the specified CRL Distribution Point URLs. You can configure the time trigger as needed. The default is to fetch a new CRL daily.
Alarm Source Info	additional properties	Generates an alarm if a CRL cannot be fetched. The alarm is created based on the information in this property.