Configuring Extended Updated Intervals For Crls In The Console - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - ADMINISTRATION:
- Manual (240 pages) ,
- Reference manual (337 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
A full CRL is also called an extended update. By default, every CRL publishing period has an
extended update. However, this can be configured so that not every publishing period is an extended
update and to set the interval of when the extended updates are published.
If the interval is set to 3, for example, then the first CRL publishing is both a full and delta CRL, then
the next two publishing updates are only delta CRLs, and then the fourth interval is both a full and
delta CRL again. In other words, every third publishing interval has both a full CRL and a delta CRL.
Interval
1, 2, 3, 4, 5, 6, 7 ...
Full CRL
1
4
Delta CRL
1, 2, 3, 4, 5, 6, 7 ...
NOTE
For delta CRLs to be published independent of full CRLs, the CRL cache must be
enabled.
13.5.1. Configuring Extended Updated Intervals for CRLs in the
Console
1. Open the console.
pkiconsole https://server.example.com:9443/ca
2. In the Configuration tab, expand the Certificate Manager folder and the CRL Issuing Points
subfolder.
3. Select the MasterCRL node.
4. Deselect the Extend next update time in full CRLs check box, which disables publishing a full
CRL every time a CRL is published. Then, set the new full CRL interval in the Generate full CRL
every ... deltas field.
Configuring Extended Updated Intervals for CRLs in the Console
7 ...
301
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - ADMINISTRATION and is the answer not in the manual?
Questions and answers