000025903 - How to set up a CRL Distribution Point in a certificate during certificate manual approval

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000025903
Applies ToKeon Certificate Authority 6.5.1
Microsoft Windows Server 2003
CRL Distribution Point (CRLdp) certificate extension
IssueHow to set up a CRL Distribution Point in a certificate during certificate manual approval
CRLdp value must be configured manually during approval process



The first steps involve taking note of what CA, Jurisdiction and certificate profile that you are currently using.  For example we start off with a system which does not have a CRL Distribution Point (CDP) currently configured:




In this example, we have:


            CA = Production1024

            Jurisdiction = Production1024?s Initial Jurisdiction

            Profile = SSL Server


So, we will modify the system such that certificates which this Jurisdiction issues have a CDP.


Select the workbench on the administration GUI, and then select to copy the profile we currently use:    



This will mean that we can always return to the original configuration.  Once you click ?Copy? you will be lead straight into a configuration page where you may select a radio Button to make a CDP mandatory for this type of certificate:





Then scroll to the bottom and press ?Save?.


Now, we can go any approve a certificate on the workbench.  As you work through the approval wizard you should start seeing the following, additional, questions for the vettor/approver to answer.









 The end result is that the generated certificate should have a CDP which (when viewed with the default Microsoft certificate viewer) like this:




Legacy Article IDa24672