TechNet
Export (0) Print
Expand All

Schedule Publication of Certificate Revocation Lists

Applies To: Windows Server 2008 R2, Windows Server 2012

You must establish a regular publication schedule for certificate revocation data so that a highly accurate certificate revocation list (CRL) is always available to clients. When establishing this schedule, the need for accurate, up-to-date data must be balanced against the impact that frequent downloads of new CRLs can have on clients.

You must be a certification authority (CA) administrator to complete this procedure. For more information, see Implement Role-Based Administration.

To schedule the publication of the CRL

  1. Open the Certification Authority snap-in.

  2. In the console tree, click Revoked Certificates .

  3. On the Action menu, click Properties .

  4. In CRL publication interval , type the increment and click the unit of time to use for the automatic publishing of the CRL.

At the defined interval, a new CRL will be published by default in the following folder: systemroot \system32\CertSrv\CertEnroll\. If the computer is a domain member and has permission to write to Active Directory Domain Services (AD DS), then the CRL is also published to AD DS.

The publishing period for a CRL is not the same as the validity period for a CRL. By default, the validity period of a CRL exceeds the publishing period of a CRL by 10 percent (up to a 12-hour maximum) to allow for directory replication.

Scheduling publication of delta CRLs

You can extend your CRL publication schedule by also establishing a schedule for the publication of delta CRLs.

You must be a CA administrator to complete this procedure. For more information, see Implement Role-Based Administration.

To schedule the publication of the delta CRL

  1. Open the Certification Authority snap-in.

  2. In the console tree, click Revoked Certificates .

  3. On the Action menu, click Properties .

  4. Select the Publish Delta CRLs check box.

  5. In Publication interval , type the increment and click the unit of time to use for the automatic publishing of the delta CRL.

Community Additions

ADD
Show:
© 2016 Microsoft