Configure CRLs to be Cached

To configure CRL caching, complete the following steps:

1. Run the Management Console and click the CRL Cache tab.

   

2. Select the “Enable CRL Caching. By default cached CRLs will be used before making OCSP requests” option, then click Add to view the CRL Selection dialog box.

   

3. Enter the URL where the CRL or MiniCRL to be cached by the Validation Extension is located. Recognized URL protocols are HTTP, HTTPS, or LDAP.

   Note: Make sure that you configure only 1 CRL for a given Certificate Authority. Do not specify delta CRLs or segmented CRLs.

4. Specify the frequency at which the cached CRL is updated using the options in the Schedule pane and click OK. You can schedule updates using minutes, hours, days, or weeks and a beginning date and time on that date.

   For example, to download a CRL at midnight every night, set the schedule to run every 1 day starting at 00:00:00 on the current day.

   Note: The CRLs are downloaded immediately after you click Apply and updated thereafter according to the time specified in the Schedule pane.

5. Repeat steps 2 to 4 for additional CRL locations.

6. Select the Use OCSP before checking cached CRLs option if you want the Validation Extension to make OCSP requests (that is, use configured issuerresponder mappings, the AIA field, and fallback responders) before checking cached CRLs. If you do not select this option, the Validation Extension will first attempt to obtain the revocation status of the certificate using cached CRLs and will use OCSP only if no valid CRL has been cached.

7. Click Apply to save the changes.