Updated on 2023-07-26 GMT+08:00

Configuring a CRL

If you want to publish the certificate revocation list (CRL) for a private CA, you can enable CRL configuration.

This topic walks you through how to enable or disable CRL configuration.

Prerequisites

The private CA for which you want to configure a CRL is in the Activated or Disabled state.

Enabling CRL Configuration

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security > Cloud Certificate Management Service.
  3. Click the name of a private CA to go to its details page.
  4. On the private CA details page, click the CRL Configuration tab and configure certificate revocation by referring to Table 1.

    Figure 1 CRL Configuration
    Table 1 Certificate revocation parameters

    Parameter

    Description

    OBS Authorization

    Whether to authorize CCM to access your OBS bucket and upload the CRL file.

    If you want to authorize, click Authorize Now and complete the authorization as prompted.

    If you want to cancel the authorization, go to the IAM console to delete the PCAAccessPrivateOBS agency from the agency list.

    After the permission has been granted, follow-up operations do not require the permission to be granted again.

    Enable CRL publishing

    Indicates whether to enable CRL publishing.

    OBS Bucket

    Select an existing OBS bucket or click Create OBS Bucket to create an OBS bucket.

    CRL Update Period

    Indicates the CRL update period. PCA will generate a new CRL at the specified time.

    You can set the period to an integer between 7 and 30. If you do not specify a value, it is set to 7 days by default.

  5. Click Enable to enable the CRL. If the system displays a message indicating that the CRL configuration is enabled, the CRL configuration has been enabled.

Disabling CRL Configuration

  1. Log in to the management console.
  2. Click in the upper left corner of the page and choose Security > Cloud Certificate Management Service.
  3. Click the name of a private CA to go to its details page.
  4. On the private CA details page, click the CRL Configuration tab and click Disable. If the system displays a message indicating that the CRL configuration is disabled, the CRL configuration has been disabled.