Establishing Certificate Revocation Policies

Applies To: Windows Server 2003, Windows Server 2003 R2, Windows Server 2003 with SP1, Windows Server 2003 with SP2

All certificates have specified lifetimes. However, in some situations, you might need to invalidate a certificate before it has reached the end of its lifetime. Creating policies for certificate revocation involves the following tasks:

  • Defining the conditions that warrant the revocation of a certificate.

  • Selecting a certificate revocation list publication location.

  • Selecting the type or types of CRLs that you intend to use.

  • Establishing schedules for the publication of CRLs.

  • Establishing a cached CRL validity period.