Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual page 201

Figure 6.4. CRL Format Tab
• The CRL Format section has two options:
• Revocation list signing algorithm is a drop down list of allowed ciphers to encrypt the CRL.
• Allow extensions for CRL v2 is a checkbox which enabled CRL v2 extensions for the
issuing point. If this is enabled, set the required CRL extensions described in
"Setting CRL Extensions".
NOTE
Extensions must be turned on to create delta CRLs.
• The CRL Contents section has three checkboxes which set what types of certificates to include
in the CRL:
• Include expired certificates. This includes revoked certificates that have expired. If this
is enabled, information about revoked certificates remains in the CRL after the certificate
expires. If this is not enabled, information about revoked certificates is removed when the
certificate expires.
• CA certificates only. This includes only CA certificates in the CRL. Selecting this option
creates an Authority Revocation List (ARL), which lists only revoked CA certificates.
• Certificates issued according to profiles. This only includes certificates that were issued
according to the listed profiles; to specify multiple profiles, enter a comma-separated list.
7. Click Save.
8. Extensions are allowed for this issuing point and can be configured. See
CRL Extensions"
for details.
Configuring CRLs for Each Issuing Point
Section 6.3.3, "Setting
Section 6.3.3,
179