PKI Reading Time: 4 minutes

How to disable Delta CRL

How to disable Delta CRL
Last updated on

What is a CRL and Delta CRL?

A list of digital certificates that have had their issuing certificate authority (CA) revoke them before their actual or assigned expiration date is known as a certificate revocation list (CRL).

A Delta CRL is a supplemental CRL that is optional and only includes the updates made since the last Base CRL update. The standard CRL we’ve been discussing is called “Base” about a delta CRL if one is present.

Steps to Disable Delta CRL

Delta CRL can be disabled either by running certain commands on an administrative command prompt or by using GUI, which is discussed below:

By Command Prompt:

  • Set Delta CRL Validity to zero by running this command on an administrative command prompt: Certutil -setreg CA\CRLDeltaPeriodUnits 0

    Delta CRL Validity

  • Run net stop certsvc and net start certsvc to restart the ADCS Service.

    certsvc

  • Run certutil -crl to publish new CRLs.

    certutil-crl

By using GUI:

  • Open Certificate Authority (CA) Console. To do so, open Server Manager -> Tools -> Certification Authority.

    Certification Authority

  • Right-click on Revoked Certificates and open properties.

    Revoked Certificates properties

  • On the properties page, uncheck “Publish Delta CRLs.”

    To publish Delta and new CRLs
  • Click on Apply and OK.

  • To Publish new CRLs, Right click on Revoked Certificates -> All tasks -> Publish.

    Publish CRLS

  • Click on New CRL to publish.

    Published Certificate Revocation List (CRL)

If you need help with your PKI environment, feel free to email us at [email protected].

Tags:

Free Downloads

Datasheet of Public Key Infrastructure

We have years of experience in consulting, designing, implementing & migrating PKI solutions for enterprises across the country.

Download

About the Author

Hemant Bhatt's profile picture

Hemant Bhatt is a dedicated and driven Consultant at Encryption Consulting. He works with PKIs, HSMs, and cloud applications. With a focus on encryption methodologies and their application in data security, Hemant has honed his skills in developing applications tailored to clients' unique needs. Hemant excels in collaborating with cross-functional teams to analyze requirements, develop strategies, and implement innovative solutions. Hemant is deeply fascinated by cloud security, encryption, cutting-edge cryptographic protocols such as Post-Quantum Cryptography (PQC), Public Key Infrastructure (PKI), and all things cybersecurity.

You might also be interested in

Benefits of Professional Support in Windows Server Migration
Benefits of Professional Support in Windows Server Migration August 6, 2023
How we can use PKI to solve IoT challenges?
How we can use PKI to solve IoT challenges? February 4, 2023
How can Microsoft PKI enhance your Network Security?
How can Microsoft PKI enhance your Network Security? August 10, 2023
Windows Server Migration: An In-Depth Checklist and Guide
Windows Server Migration: An In-Depth Checklist and Guide July 26, 2023

Explore More Topics

Explore the full range of services offered by Encryption Consulting.

Feel free to schedule a demo to gain a comprehensive understanding of all the services Encryption Consulting provides.

Request a demo