Mac OS X,  Mac OS X Server,  Mac Security,  Mass Deployment

Refresh OS X CRLs

I recently found an existing image with a lot of stale crl information. We couldn’t rebuild the image, so we decided to instead refresh all of the crl information. This information is stored in /var/db/crls/crlcache.db. Deleting the file turned out to be problematic so we needed to clear items out of the tables instead. While this could be done using a few different tools, it turns out there’s a command built into os x to take care of this process for us called crlrefresh.

To use crlrefresh to clean up stale crlinformation and fetch new crlinformation for all CRL and certificates, use:

crlrefresh rpvv