|Applies To||Keon Certificate Authority 6.5|
|Issue||Can KCA configure whether the Invalidity Date extension is included in revocation lists?|
CRL contains Invalidity Date extension
|Cause||By default, the Invalidity Date extension is included in revocation lists. If you configure a CA to include the extension in its revocation lists, the extension is included in all revocation lists (CRLs, ARLs, and delta CRLs) that CA issues, and is always marked as non-critical.|
This issue has been corrected in KCA 6.5 build 154. Please contact RSA Security Customer Support and request KCA 6.5 build 154. As a result of this new build, Administrators can configure - on a per-CA basis - whether to include the Invalidity Date extension in revocation lists. This functionality is accessed through a new button labeled "Configure Revocation List Extensions, on the View CA page".
|Legacy Article ID||a19484|