Generating CRL information

Note: If your server is reachable using the FQDN, then use the DNS of the server instead of its IP address.

Stop the OpenXPKI service using openxpkictl stop.
In nano /etc/openxpki/config.d/realm/democa/publishing.yaml, update the connectors: cdp section to the following:
```
class: Connector::Builtin::File::Path
LOCATION: /var/www/openxpki/CertEnroll/
file: "[% ARGS.0 %].crl"
content: "[% pem %]"
```
1. In nano /etc/openxpki/config.d/realm/democa/profile/default.yaml, update the following:
  - crl_distribution_points: section
```
critical: 0
uri:
    - https://FQDN of the est/openxkpi/CenrtEnroll/[% ISSUER.CN.0 %].crl
    - ldap://localhost/[% ISSUER.DN %]
```
  - authority_info_access: section
```
critical: 0
ca_issuers: http://FQDN of the est/download/MYOPENXPKI.crt
ocsp: http://ocsp.openxpki.org/
```
  Change the IP address and CA certificate name according to your CA server.
  
  Note: The authority_info_access (AIA) path is saved in the Download folder, but you can set the location according to your preference.
2. In nano /etc/openxpki/config.d/realm/democa/crl/default.yaml, do the following:
  - If necessary, update nextupdate and renewal.
  - Add ca_issuers to the following section:
```
extensions:
    		authority_info_access:
        			critical: 0
        			# ca_issuers and ocsp can be scalar or list
        			ca_issuers: https://FQDN of the est/download/MYOPENXPKI.crt
       			#ocsp: http://ocsp.openxpki.org/
```
    Change the IP address and CA certificate name according to your CA server.
Start the OpenXPKI service using openxpkictl start.