You can modify the settings for the following options:
Additonal Settings for the Certificate Revocation Check Service
Setting | Default | Description |
---|---|---|
Keystore for CRL signature |
TrustedCAs |
Specifies which keystore view contains the public-key certificate used to verify the signature provided with the CRLs.
You cannot specify different keystore views for different CAs or different CRLs. All of the public-key certificates used to verify the signatures used for the CRLs must be in the same keystore view. |
Keystore for SSL |
TrustedCAs |
Specifies which keystore view contains the server's SSL certificate for the servers hosting the CRLs, for the case that SSL is used for the connections to the distribution points.
As with the keystore used for the CRL signatures, all of the SSL server certificates used for the connections to the distribution points must be in the same keystore view. |
Auto Update Begin (Days) |
2 |
Specifies the number of days prior to expiration that the CRL will start to be automatically updated. |
Auto Update Interval (Hours) |
3 |
Specifies the interval used for updating the CRL in the case of failure. |
In the Certificate Revocation Check service, under Configuration: