Article ID: 232161 - Last Review: November 21, 2006 - Revision: 2.1

Changing the Locations of Your Certificate Revocation List (CRL) in Certificate Services 2.0

Retired KB ArticleRetired KB Content Disclaimer
View products that this article applies to.
This article was previously published under Q232161
Expand all | Collapse all

SUMMARY

When you use Certificate Services 2.0 as a root certificate authority to approve and digitally sign certificates, a CRL (Certificate Revocation List) is added to the certificates that are issued. A CRL is a list that certificate authorities use to publish certificates that have been revoked. This can be used by applications (such as Internet Explorer 5.0 for example) to check the validity of certificates.

MORE INFORMATION

You may want to change the location of your CRL. There are several reasons you may want to do this. For example, the URL may point to the local NetBIOS name of the server instead of a valid URL that internet users use to check for certificate revocation (such as the DNS name of the Web server and the path to the CRL). To change the location of your CRL, do the following:
  1. On the Certificate Server computer, open the Certificate Authority console (MMC). Make sure you are logged in as the administrator before performing the following tasks or this procedure may fail.
  2. Right-click on the name of the certification authority and click Properties.
  3. Click Policy Module, and then click Configure.
  4. Click the X.509 extensions.
  5. In the CRL Distribution Points section, do one of the following:

    • Click Add and type in a new CRL distribution point to be published in issued certificates.
    • Click Remove and remove a CRL distribution point.
    • Uncheck a URL that you do not want to publish as a CRL distribution point, but want to remain in the list.
    • Check a URL that you now want to publish as a CRL distribution point, which was previously unchecked.
  6. When this is changed, you will receive a message stating that you must restart the Certificate Services in order for the change to take effect. Click OK on this message.
  7. Restart the Certificate Services by right-clicking on the name of the server, and then choose All Tasks and click Stop Service.
  8. To restart the server, perform the same steps as above, but select Start Service.
APPLIES TO
  • Microsoft Internet Information Services 5.0
Back to the top
Keywords: 
kbinfo kbpending KB232161
Retired KB ArticleRetired KB Content Disclaimer
This article was written about products for which Microsoft no longer offers support. Therefore, this article is offered "as is" and will no longer be updated.
Back to the top
 

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations