You must be a certification authority (CA) administrator to complete this procedure. For more information, see Implement Role-Based Administration.
To schedule the publication of the CRL
- Open the Certification Authority snap-in.
- In the console tree, click Revoked Certificates .
- On the Action menu, click Properties .
- In CRL publication interval , type the increment and click the unit of time to use for the automatic publishing of the CRL.
At the defined interval, a new CRL will be published by default in the following folder: systemroot \system32\CertSrv\CertEnroll\. If the computer is a domain member and has permission to write to Active Directory Domain Services (AD DS), then the CRL is also published to AD DS.
The publishing period for a CRL is not the same as the validity period for a CRL. By default, the validity period of a CRL exceeds the publishing period of a CRL by 10 percent (up to a 12-hour maximum) to allow for directory replication.
Scheduling publication of delta CRLs
You can extend your CRL publication schedule by also establishing a schedule for the publication of delta CRLs.
You must be a CA administrator to complete this procedure. For more information, see Implement Role-Based Administration.
To schedule the publication of the delta CRL
- Open the Certification Authority snap-in.
- In the console tree, click Revoked Certificates .
- On the Action menu, click Properties .
- Select the Publish Delta CRLs check box.
- In Publication interval , type the increment and click the unit of time to use for the automatic publishing of the delta CRL.
No comments:
Post a Comment