Hi
I have a issuing CA server in a lab environment to test a production configuration. I have a certificate policy determined by an external body, who operate the root CA server, which state a CRL validity of 48 hours. There are no restrictions on the publication period, but I plan to set this to 1 hour because of a certificate revocation and CRL publication latency of 1 hour. I will do this using a script to call certutil -crl.
When I set the publication to 48 hours, I seem to have a default 10% overlap added - which I don't want.
Is there a way to turn the overlap off, or is it a case of reducing the publication period to account for the default overlap. At this time I have the overlap set to 0.
From the wealth of experience on this formal, are there any better suggestions on how to do this?
Regards
Stuart