|Applies To||Keon Certificate Authority 5.7|
Keon Certificate Authority 6.0
Certificate Revocation List (CRL)
|Issue||How to set the NextUpdate field in a CRL to a specific time & date on the Keon Certificate Authority|
CRL does not contain an expiration date by default
|Cause||A NextUpdate attribute will not be included in CRLs issued by KCA unless the CA is configured to automatically issue the CRL at a regular interval|
|Resolution||Edit the xudad.conf file to set a CRL timer directive to automatically generate the CRL at a specified interval. The format for a CRL directive is as follows:|
crltimer <MD5> <period> [start time]
- <MD5> is the CA?s MD5 hash value, in the form md5=.........
- <period> is a period between CRL generations, specified in seconds and with a maximum value of 2147483647 seconds
- [start time] is an optional start time, in the form HH:MM:SS
If the [start time] parameter is omitted, the first CRL is generated when the Secure Directory Server starts up. Also, you will need to restart the KCA services before this change takes effect.
Please refer to the RSA Keon Certificate Authority Administrator's Guide for more information on setting this directive.
|Legacy Article ID||a7266|