Configuring Issuing Points - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual

Chapter 13. Revocation and CRLs

13.4.1. Configuring Issuing Points

Issuing points define which certificates are included in a new CRL. A master CRL issuing point is
created by default for a master CRL containing a list of all revoked certificates for the Certificate
Manager.
To create a new issuing point, do the following:
1. Open the Certificate System Console.
pkiconsole https://hostname:SSLport/ca
2. In the Configuration tab, select Certificate Manager from the left navigation menu. Then select
CRL Issuing Points.
3. To edit an issuing point, select the issuing point, and click Edit. The only parameters which can be
edited are the name of the issuing point and whether the issuing point is enabled to disabled.
To add an issuing point, click Add. The CRL Issuing Point Editor window opens.
Figure 13.2. CRL Issuing Point Editor
NOTE
If some fields do not appear large enough to read the content, expand the window by
dragging one of the corners.
Fill in the following fields:
• Enable. Enables the issuing point if selected; deselect to disable.
• CRL Issuing Point name. Gives the name for the issuing point; spaces are not allowed.
• Description. Describes the issuing point.
4. Click OK.
To view and configure a new issuing point, close the CA Console, then open the Console again. The
new issuing point is listed below the CRL Issuing Points entry in the navigation tree.
Configure CRLs for the new issuing point, and set up any CRL extensions that will be used with
Section 13.4.2, "Configuring CRLs for Each Issuing Point"
the CRL. See
Section 13.4.3, "Setting CRL Extensions"
an issuing point. See
294
for details on configuring
for details on setting up the CRL