In Manage CA the View CRLs function provides the ability to view and search the CRLs that have been published by a Local CA. When a CA is selected and the View CRLs button is clicked then all the CRLs previously retrieved for that CA are displayed as shown below:

The following table describes each item in the above screenshot:

Items

Description

|< < > >|

These buttons are for navigating the different pages. Note the number of records shown per page is configured within the ADSS Global Settings.

Clear Search

After a Search the window will only show the filtered records; this button provides a view of the full set of records.

Search

This opens a new window where you can enter the search criteria based on each column of the transaction grid (see below for further details).

View Latest CRL Content

You can view the contents of the latest CRL by pressing this button (see below for further details).

CRL Number

This table column shows the CRL number (taken from the extension within the CRL or a system defined value in case the extension was not present).

In the case of a partition CRL, multiple CRLs are zipped together in the form of a zip file. Hence, in this case, the CRL number that is being displayed on the console is the latest CRL number stored in the Partition CRL zip file.

This Update

This table column shows the thisUpdate field from the CRL (it identifies when the CA issued this CRL) 

Next Update

This table column shows the nextUpdate field from the CRL (it identifies when the CA was planning to issue an update for this CRL).

Export CRL

You can select a CRL and then use this button to export a copy of the CRL as a file.

Delete all CRLs

This deletes all CRLs for respective CA.

Import CRL

You can click this button to manually import the CRL from a local/network path. Operator can import DER, Base64 or PEM encoded CRL. The CRLs that can be imported include: 

  • Full CRL
  • Partitioned CRL
  • Segmented CRL

Note: ADSS Server does not support PEM encoded CRLs which are larger than 1 MB. Generally the use of PEM encoded CRLs is discouraged as this increases the size of the CRL and its processing time.


The list of CRLs for a particular CA can be sorted in either Ascending or Descending order by selecting a table column from the drop down list. The list can be sorted on the basis of following columns:

  • CRL Number
  • This Update
  • Next Update


The Import CRL button can be used to filter the CRL details. This is particularly useful when one wants to search for CRLs issued in a particular time period or in a particular CRL number range. 

 


The Search button can be used to filter the CRL details. This is particularly useful when one wants to search for CRLs issued in a particular time period or in a particular CRL number range. 


If "_" character is used in the search then it will act as wildcard.


 


According to PKI standards a revoked certificate will continue to appear in successive CRLs issued by a CA until the point that the certificate expires. PKI rules also mandate that a revoked certificate must appear on at least one CRL.


See also

Local CAs

View CRLs
External CAs
Local AAs
Local CVCAs
Local DVCAs
Manual Certification
Certificate Templates
CV Certificate Template
Alerts