Table of Contents
Advertisement
Setting Up the Issuance of CRLs
In the adjoining text field, type the interval, in minutes, at which the Certificate
Manager should publish CRLs. For example, if you want the server to publish
CRLs every day, you should type 1440 in this field.
with a skew of. If you configure the Certificate Manager to update the CRL at a
specific frequency, the server by default adds a 5 second skew to the next
update time to allow time to create the CRL and publish it. For example, if you
configure the server to update the CRL every 20 minutes, and if the CRL is
updated at 16:00:00, the CRL will be updated again at 16:19:55. You can change
the skew by editing the default value, which is specified in seconds.
In the CRL Cache section, specify whether to enable CRL caching:
Enable CRL cache. Select to enable the cache. Note, if the cache is disabled,
you cannot create delta CRLs. For more information about the cache, see "How
CRLs Work," on page 599.
Cache update interval. Specifies the period of time when the cache is written
to file. Set to
revoked.
Include expired certificates. Select if you want the server to include revoked
certificates that have expired in the CRL. If this is enabled, information about
revoked certificates will remain in the CRL after the certificate expires. If you
do not enable, information about revoked certificates is removed when the
certificate expires.
CA certificates only. Select to include only CA certificates in the CRL; deselect
to include all certificates. Selecting this option will create an Authority
Revocation List (ARL) listing only revoked CA certificates.
Allow extensions. Select if you want to allow extensions in the CRL. If you
enable this option, the server generates and publishes CRLs conforming to
X.509 version 2 standard. If you disable this option, the server generates and
publishes CRLs conforming to X.509 version 1 standard. By default, the server
publishes version 1 CRLs. If you enable this option, be sure to set the required
CRL extensions as described in "Setting CRL Extensions" on page 605.
Note: Extensions must be turned on in order to create delta CRLs.
Revocation list signing algorithm. Select the algorithm the server should use
to sign the CRL. If the Certificate Manager's signing key type is RSA, select
with RSA
signing key type is DSA, select
To save your changes, click Save.
4.
604
Netscape Certificate Management System Administrator's Guide • June 2003
to have the cache written to file every time a certificate is
0
,
, or
MD5 with RSA
SHA-1 with RSA
. If the Certificate Manager's
.
SHA-1 with DSA
MD2
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
Related Products for Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 4.5 - PLUG-IN