Configuring Issuing Points - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

• ARL is an Authority Revocation List containing only revoked CA certificates.
• CRL with expired certificates includes revoked certificates that have expired in the CRL.
• CRL from certificate profiles determines the revoked certificates to include based on the profiles
used to create the certificates originally.
3. Configure the CRLs for each issuing point. See
Point"
for details.
4. Set up the CRL extensions which are configured for the issuing point. See
CRL Extensions"
for details.
5. Set up the delta CRL for an issuing point by enabling extensions for that issuing point,
DeltaCRLIndicator or CRLNumber.
6. Set up the CRLDistributionPoint extension to include information about the issuing point.
7. Set up publishing CRLs to files, an LDAP directory, or an OCSP responder. See
Publishing Certificates and CRLs

6.3.1. Configuring Issuing Points

Issuing points define which certificates are included in a new CRL. A master CRL issuing point is
created by default for a master CRL containing a list of all revoked certificates for the Certificate
Manager.
To create a new issuing point, do the following:
1. Open the Certificate System Console.
pkiconsole https://server.example.com:9445/ca
2. In the Configuration tab, select Certificate Manager from the left navigation menu. Then select
CRL Issuing Points.
3. To edit an issuing point, select the issuing point, and click Edit. The only parameters which can be
edited are the name of the issuing point and whether the issuing point is enabled or disabled.
To add an issuing point, click Add. The CRL Issuing Point Editor window opens.
Section 6.3.2, "Configuring CRLs for Each Issuing
for details about setting up publishing.
Configuring Issuing Points
Section 6.3.3, "Setting
Chapter 8,
175