View CRLs
In Manage CA the View CRLs function provides the ability to view and search the CRLs that have been published by a Local CA. When a CA is selected and the View CRLs button is clicked then all the CRLs previously retrieved for that CA are displayed as shown below:
The following table describes each item in the above screenshot:
Items |
Description |
|< < > >| |
These buttons are for navigating the different pages. Note the number of records shown per page is configured within the ADSS Global Settings. |
Clear Search |
After a Search the window will only show the filtered records; this button provides a view of the full set of records. |
Search |
This opens a new window where you can enter the search criteria based on each column of the transaction grid (see below for further details). |
View Latest CRL Content |
You can view the contents of the latest CRL by pressing this button (see below for further details). |
CRL Number |
This table column shows the CRL number (taken from the extension within the CRL or a system defined value in case the extension was not present). In the case of a partition CRL, multiple CRLs are zipped together in the form of a zip file. Hence, in this case, the CRL number that is being displayed on the console is the latest CRL number stored in the Partition CRL zip file. |
This Update |
This table column shows the thisUpdate field from the CRL (it identifies when the CA issued this CRL) |
Next Update |
This table column shows the nextUpdate field from the CRL (it identifies when the CA was planning to issue an update for this CRL). |
Export CRL |
You can select a CRL and then use this button to export a copy of the CRL as a file. |
Delete all CRLs |
This deletes all CRLs for respective CA. |
Import CRL |
You can click this button to manually import the CRL from a local/network path. Operator can import DER, Base64 or PEM encoded CRL. The CRLs that can be imported include:
Note: ADSS Server does not support PEM encoded CRLs which are larger than 1 MB. Generally the use of PEM encoded CRLs is discouraged as this increases the size of the CRL and its processing time. |
The list of CRLs for a particular CA can be sorted in either Ascending or Descending order by selecting a table column from the drop down list. The list can be sorted on the basis of following columns:
- CRL Number
- This Update
- Next Update
The Import CRL button can be used to filter the CRL details. This is particularly useful when one wants to search for CRLs issued in a particular time period or in a particular CRL number range.
The Search button can be used to filter the CRL details. This is particularly useful when one wants to search for CRLs issued in a particular time period or in a particular CRL number range.
If "_" character is used in the search then it will act as wildcard. |
According to PKI standards a revoked certificate will continue to appear in successive CRLs issued by a CA until the point that the certificate expires. PKI rules also mandate that a revoked certificate must appear on at least one CRL. |
See also
View CRLs
External CAs
Local AAs
Local CVCAs
Local DVCAs
Manual Certification
Certificate Templates
CV Certificate Template
Alerts