Configuring a CRL

Prerequisites

The private CA for which you want to configure a CRL is in the Activated or Disabled state.

Enabling CRL Configuration

1. Log in to the management console.
2. Click the name of a private CA to go to its details page.
3. On the private CA details page, click the CRL Configuration tab and configure certificate revocation by referring to Table 1.
   Figure 1 CRL Configuration
   

   Table 1 Certificate revocation parameters

   Parameter	Description
   OBS Authorization	Whether to authorize PCA to access your OBS bucket and upload the CRL file. If you want to authorize, click Authorize Now and complete the authorization as prompted. If you want to cancel the authorization, go to the IAM console to delete the PCAAccessPrivateOBS agency from the agency list. After the permission has been granted, follow-up operations do not require the permission to be granted again.
   Enable CRL publishing	Indicates whether to enable CRL publishing.
   OBS Bucket	Select an existing OBS bucket or click Create OBS Bucket to create an OBS bucket.
   CRL Update Period	Indicates the CRL update period. PCA will generate a new CRL at the specified time. You can set the period to an integer between 7 and 30. If you do not specify a value, it is set to 7 days by default.

4. Click Enable to enable the CRL. If the system displays a message indicating that the CRL configuration is enabled, the CRL configuration has been enabled.

Disabling CRL Configuration

1. Log in to the management console.
2. Click the name of a private CA to go to its details page.
3. On the private CA details page, click the CRL Configuration tab and click Disable. If the system displays a message indicating that the CRL configuration is disabled, the CRL configuration has been disabled.