Creating, renewing or removing a CRL

When an authority or sub-authority is added to the PKI, its Certificate Revocation List (CRL) must be created.

Likewise, even though a CRL automatically updates on a regular basis, it may be necessary to renew it manually after revoking certificates that were signed by the authority that owns the CRL.

Creating a CRL

1. In the list on the left, select the authority or sub-authority for which the CRL needs to be created.
2. Click on Actions.
3. Select Create CRL.
   A dialog box opens.
4. Enter the password of the authority or sub-authority.
5. In the CRL export section, check or uncheck Export CRL after revocation depending on your requirements.
   If this checkbox is selected, choose the File format for the export:

• Base64 format (PEM),
• Binary format (DER).

6. Click on Apply.
7. If you have chosen to export the CRL, a window will open with a link to download the CRL export file.

Renewing a CRL

1. In the list on the left, select the authority or sub-authority for which the CRL needs to be renewed.
2. Click on Actions.
3. Select Renew CRL.
   A dialog box opens.
4. Enter the password of the authority or sub-authority.
5. In the CRL export section, check or uncheck Export CRL after revocation depending on your requirements.
   
   If this checkbox is selected, choose the File format for the export:

• Base64 format (PEM),
• Binary format (DER).

6. Click on Apply.
7. If you have chosen to export the CRL, a window will open with a link to download the CRL export file.

Removing a CRL

1. In the list on the left, select the authority or sub-authority for which the CRL needs to be removed.
2. Click on Actions.
3. Select Remove CRL.
   A dialog box opens.
4. Confirm by clicking on OK.