Novell LINUX ENTERPRISE SERVER 11 - SECURITY Manual page 224

The system maintains only one CRL for each CA. To create or update this CRL, do the
following:
1 Start YaST and open the CA module.
2 Enter the required CA, as described in
3 Click CRL. The dialog that opens displays a summary of the last CRL of this
4 Create a new CRL with Generate CRL if you have revoked new sub-CAs or
5 Specify the period of validity for the new CRL (default: 30 days).
6 Click OK to create and display the CRL. Afterwards, you must publish this CRL.
NOTE
Applications that evaluate CRLs reject every certificate if CRL is not available
or expired. As a PKI provider, it is your duty always to create and publish a new
CRL before the current CRL expires (period of validity). YaST does not provide
a function for automating this procedure.
17.2.7 Exporting CA Objects to LDAP
The executing computer should be configured with the YaST LDAP client for LDAP
export. This provides LDAP server information at runtime that can be used when
completing dialog fields. Otherwise, although export may be possible, all LDAP data
must be entered manually. You must always enter several passwords (see
"Passwords during LDAP Export"
210 Security Guide
Sub-CA" (page 204).
CA.
certificates since its creation.
Section 17.2.3, "Creating or Revoking a
(page 211)).
Table 17.3,