Export (0) Print
Expand All
0 out of 1 rated this helpful - Rate this topic

Manually publish the certificate revocation list

Updated: January 21, 2005

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

To manually publish the certificate revocation list

Using the Windows interface

  1. Log on to the system as a Certification Authority Administrator.

  2. Open Certification Authority.

  3. In the console tree, click Revoked Certificates.

    Where?

    • Certification Authority (Computer)/CA name/Revoked Certificates

  4. On the Action menu, point to All Tasks, and click Publish.

  5. Select New CRL to overwrite the previously-published certificate revocation list (CRL), or select Delta CRL only to publish a current delta CRL.

Notes

  • To open Certification Authority, click Start, click Control Panel, double-click Administrative Tools, and then double-click Certification Authority.

  • Clients that have a cached copy of the previously-published CRL or delta CRL will continue using it until its validity period has expired, even though a new CRL has been published. Manually publishing a CRL does not affect cached copies of CRLs that are still valid; it only makes a new CRL available for systems that do not have a valid CRL.

  • See Related Topics for the procedure clients can use to get the most recent CRL published by the certification authority (CA) even if they still have a valid CRL cached.

  • By default, on the server on which the CA is installed, the CRL and delta CRL are published in:

    Systemroot\system32\CertSrv\CertEnroll\

  • If the Active Directory directory service is available, they are also published to Active Directory.

Using a command line

  1. Open Command Prompt.

  2. Type:

    certutil -crl

 

Value Description

crl

Specifies that a full certificate revocation list will be published.

Notes

  • To open a command prompt, click Start, point to All programs, point to Accessories, and then click Command prompt.

  • To view the complete syntax for this command, at a command prompt, type:

    certutil -crl -?

Information about functional differences

  • Your server might function differently based on the version and edition of the operating system that is installed, your account permissions, and your menu settings. For more information, see Viewing Help on the Web.

See Also

Did you find this helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft. All rights reserved.