When you use Certificate Services 2.0 as a root certificate authority to approve and digitally sign certificates, a CRL (Certificate Revocation List) is added to the certificates that are issued. A CRL is a list that certificate authorities use to publish certificates that have been revoked. This can be used by applications (such as Internet Explorer 5.0 for example) to check the validity of certificates.
You may want to change the location of your CRL. There are several reasons you may want to do this. For example, the URL may point to the local NetBIOS name of the server instead of a valid URL that internet users use to check for certificate revocation (such as the DNS name of the Web server and the path to the CRL). To change the location of your CRL, do the following:
- On the Certificate Server computer, open the Certificate Authority console (MMC). Make sure you are logged in as the administrator before performing the following tasks or this procedure may fail.
- Right-click on the name of the certification authority and click Properties.
- Click Policy Module, and then click Configure.
- Click the X.509 extensions.
- In the CRL Distribution Points section, do one of the following:
- Click Add and type in a new CRL distribution point to be published in issued certificates.
- Click Remove and remove a CRL distribution point.
- Uncheck a URL that you do not want to publish as a CRL distribution point, but want to remain in the list.
- Check a URL that you now want to publish as a CRL distribution point, which was previously unchecked.
- When this is changed, you will receive a message stating that you must restart the Certificate Services in order for the change to take effect. Click OK on this message.
- Restart the Certificate Services by right-clicking on the name of the server, and then choose All Tasks and click Stop Service.
- To restart the server, perform the same steps as above, but select Start Service.
Article ID: 232161 - Last Review: Jun 19, 2014 - Revision: 1