To specify certificate revocation list distribution points in issued certificates

1. Log on to the system as a Certification Authority Administrator.
2. Open Certification Authority.
3. In the console tree, click the certification authority.

   Where?

   • Certification Authority (Computer)
   • CA name
4. On the Action menu, click Properties.
5. On the Extensions tab, confirm that Select extension is set to CRL Distribution Point (CDP).
6. Do one or more of the following. (The list of CRL distribution points is in the Specify locations from which users can obtain a certificate revocation list (CRL) box.)

   To	Do this
   Add a new certificate revocation list (CRL) distribution point.	Click Add, type the name of the new CRL distribution point, and click OK.
   Remove a CRL distribution point from the list.	Click the CRL distribution point, and then click Remove and click OK.
   Indicate that you want to use a URL as a CRL distribution point.	Click the CRL distribution point, select the Include in the CDP extension of issued certificates check box, and then click OK.
   Indicate that you do not want to use a URL as a CRL distribution point.	Click the CRL distribution point, clear the Include in the CDP extension of issued certificates check box, and then click OK.
   Indicate that you want to use a URL as a delta CRL distribution point.	Click the CRL distribution point, select the Publish Delta CRLs to this location check box, and then click OK.
   Indicate that you do not want to use a URL as a delta CRL distribution point.	Click the CRL distribution point, clear the Publish Delta CRLs to this location check box, and then click OK.
   Indicate that you want to publish this location in CRLs to point clients to a delta CRL.	Click the CRL distribution point, select the Include in CRLs. Clients use this to find Delta CRL locations. check box, and then click OK.
   Indicate that you do not want to publish this location in CRLs to point clients to a Delta CRL.	Click the CRL distribution point, clear the Include in CRLs. Clients use this to find Delta CRL locations. check box, and then click OK.

7. Click Yes to stop and restart the Certificate Services service.

Notes

• XOX
• Certificate revocation list URLs can be either HTTP, FTP, LDAP, or FILE addresses. You can use the following variables when specifying the address of the CRL.

  Variable	Value
  CAName	The name of the certification authority
  CAObjectClass	The object class identifier for a certification authority, used when publishing to an LDAP URL
  CATruncatedName	The "sanitized" name of the certification authority, truncated to 32 characters with a hash on the end
  CDPObjectClass	The object class identifier for CRL distribution points, used when publishing to an LDAP URL
  CertificateName	The renewal extension of the certification authority
  ConfigurationContainer	The location of the Configuration container in Active Directory
  CRLNameSuffix	Inserts a name suffix at the end of the file name when publishing a CRL to a file or URL location
  DeltaCRLAllowed	When a delta CRL is published, this replaces the CRLNameSuffix with a separate suffix to distinguish the delta CRL
  ServerDNSName	The DNS name of the certification authority server
  ServerShortName	The NetBIOS name of the certification authority server

• To stop and restart the Certificate Services service, see Related Topics.

Related Topics