How to publish the CRL on a web server (Manually and Automatically)
To manually publish the CRL on a web server
1.On the CA server, load Certification Authority, expand your CA, right-click Revoked Certificates, click All Tasks, and then click Publish.
2.On the Publish CRL popup dialog box, ensure that New CRL is selected, and then click OK.
3.Using Explorer, locate the folder that contains the CRL files. By default, these files are in %windir%\system32\certsrv\enroll but this location can be changed on the Extensions tab of the CA properties.
4.Copy all the files with a .crl extension to removable media.
5.On the Web server computer, create a new local folder to contain the CRL (for example, C:\CRL).
6.Paste the files with the .crl extensions into this folder.
To automatically publish the CRL on a web server
1.Ensure that a trust relationship exists such that the Web Server trusts the CA Server.
2.On the Web server computer, create a new local folder to contain the CRL files (for example, C:\CRL).
3.Configure the folder with the following:
oShare the folder, for example, with the share name of CRL.
oSpecify the share permissions of Read and Change to the CA server computer account.
oSpecify NTFS permissions of Read and Write to the CA server computer account.
4.On the CA server, load Certification Authority, right-click your CA, select Properties, and then click the Extensions tab.
5.Ensure that CRL Distribution Point (CDP) is selected, and then click Add.
6.In the Add Location dialog box, type the following and then click OK: file://\\<servername>\<share>\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl For example, if your Web server was called server2 and the folder share name you created for the CRL was called CRL, you would type file://\\server2\CRL\<CaName><CRLNameSuffix><DeltaCRLAllowed>.crl
7.Ensure that only the following options are selected for this new entry:
oPublish CRLs to this location
oPublish Delta CRLs to this location
8.If you are prompted to restart Active Directory Certificate Services, click Yes.
9.After the computer has restarted, load Certification Authority, expand your CA, right-click Revoked Certificates, click All Tasks, and then click Publish.
On the Publish CRL popup dialog box, ensure that New CRL is selected, and then click OK. If you do not see an error, check the folder on the Web server and confirm that it now contains one or more files with .crl extensions. If you do see an error, it is likely that there is a syntax error or permissions error that must be corrected before the CRL can be published to the separate Web server.
Symantec Encryption Server
MS Root CA
Imported Document ID: TECH206996
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.