Configuring Crls For Each Issuing Point - Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual

You need to configure this new issuing point, and set up any CRL extensions
8.
that will be used in this CRL. See "Configuring CRLs for Each Issuing Point,"
on page 603 for details on configuring an issuing point. See "Setting CRL
Extensions," on page 605 for details on setting up the CRL extensions.

Configuring CRLs for Each Issuing Point

You can specify information, such as the generation interval, the CRL version
(whether to include CRL extensions), and the signing algorithm the Certificate
Manager should use for signing the CRL object for each CRL defined by an issuing
point. You need to configure the CRLs for each issuing point you set up.
To configure CRLs for an issuing point:
In the navigation tree, select Certificate Manager, and then select CRL Issuing
1.
Points.
Select the Issuing Point by selecting its name below the Issuing Points entry.
2.
Configure the CRL for this issuing point by specifying the fields in the
3.
Revocation List tab for that issuing point.
You may want to expand the CMS console window by dragging at one of the
corners, some fields in this window do not appear large enough to read the
content.
In the Update Frequency section, specify the interval for publishing the CRL to
the directory:
Every time a certificate is revoked, or taken off-hold. Select this option if you
want the Certificate Manager to generate the CRL every time it revokes a
certificate. Keep in mind that the Certificate Manager attempts to publish the
CRL to the configured directory whenever it is generated, in this case, every
time a certificate is revoked. Publishing a CRL can be time consuming if the
CRL is large. Configuring the Certificate Manager to publish CRLs every time a
certificate is revoked may engage the server for a considerable amount of time;
during this time, the server will not be able to update the directory with any
changes it receives.
(This setting is not recommended for a standard installation. You can select this
option if you want to see the results of revocation immediately, for example,
when testing whether the server publishes the CRL to a flat file.)
Update at this frequency. Select this option if you want the Certificate
Manager to generate CRLs at regular intervals. In this case, the server
publishes the CRL to the configured directory at the interval you specify.
Setting Up the Issuance of CRLs
Chapter 14 Revocation and CRLs 603