Certificate Revocation List retrieval tool
The fetch-crl utility will retrieve certificate revocation lists (CRLs) for a set of installed trust anchors. Using meta-data with URLs and CAs it will provision CRLs for use by OpenSSL or NSS in their native format (.rX files or cert8.db files). It supports parallel downloads, and has failover and caching capabilities to deal with network interruptions. This associated cron entries can ensure that CRLs are periodically retrieved from the web sites of the respective Certification Authorities (CAs) or other repositories.
CA meta-data should be provided in crl_url files or in IGTF-style info files.