000018854 - How to set the NextUpdate field in a CRL to a specific time & date on the Keon Certificate Authority

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000018854
Applies ToKeon Certificate Authority 5.7
Keon Certificate Authority 6.0
Certificate Revocation List (CRL)
IssueHow to set the NextUpdate field in a CRL to a specific time & date on the Keon Certificate Authority
CRL does not contain an expiration date by default
CauseA NextUpdate attribute will not be included in CRLs issued by KCA unless the CA is configured to automatically issue the CRL at a regular interval
ResolutionEdit the xudad.conf file to set a CRL timer directive to automatically generate the CRL at a specified interval. The format for a CRL directive is as follows:

crltimer <MD5> <period> [start time]
        
where:

- <MD5> is the CA?s MD5 hash value, in the form md5=.........
- <period> is a period between CRL generations, specified in seconds and with a maximum value of 2147483647 seconds
- [start time] is an optional start time, in the form HH:MM:SS

If the [start time] parameter is omitted, the first CRL is generated when the Secure Directory Server starts up. Also, you will need to restart the KCA services before this change takes effect.

Please refer to the RSA Keon Certificate Authority Administrator's Guide for more information on setting this directive.
Legacy Article IDa7266

Attachments

    Outcomes