Entrust PKIaaS Certificate Revocation Lists
PKIaaS publishes Certificate Revocation Lists (CRLs) with the following settings.
|
Setting |
Value |
|
CRL validity |
7 days |
|
CRL extensions |
crlNumber, invalidityDate, expiredCertsOnCRL |
|
Signing key |
CA key |
|
CRL type |
Full CRL |
|
Maximum size |
22 MB |
|
CA type |
Root and issuing CAs |
Each CRL is updated:
Automatically, every 24 hours.
When including the "publish now" option on revocation requests to the API—this option results in the issuance of a new CRL within 15 minutes.
When revoking an end-entity certificate using the ECS Enterprise UI or the Entrust Certificate Enrollment Gateway (CEG)—this type of revocation also results in the issuance of a new CRL within 15 minutes.
CRLs are available at the following URLs.
http://crl.pkiaas.entrust.com/crl/{accountId}/{caId}/crl.crl http://crl.eu.pkiaas.entrust.com/crl/{accountId}/{caId}/crl.crl http://crl.pqlab.pkiaas.entrust.com/crl/{accountId}/{caId}/crl.crl Where {accountId} is your account identifier, and {caId} is the Certification Authority identifier.