I have a 3 Tier PKI and I have issued 90,000+ certificates. Within 2 days Root and Policy CA CRL is getting expired and I can't renew the Root and Policy CA CRL before 2 months so what is the best approach to handle this situation ? Also, what will happen if they get expired ? Do, I have to apply any group policy within the whole organization ?
Asked
Active
Viewed 80 times
0
-
Do you have OCSP as well as CRLs, or is CRLs the only revocation/status service you're using? – Jenny D Aug 13 '19 at 09:33
-
Certificates which are issued by Issuing CA, In that Under CDP I can only see ldap and CRL. In AIA on certificates which are issued by Issuing CA I can see ldap,CRL and OCSP. Also, on Root and Policy CA there is only ldap and CRL under AIA and CDP. – Manish Aug 13 '19 at 15:53