CRL and delta CRL is generated daily at the same time in test environment (sometimes offset may be about 1 minute).
Delta CRL generation statistics (effective date) in production environment :
2014.07.12 23:01
2014.07.14 00:00
2014.07.15 00:43
2014.07.16 01:22
2014.07.17 01:59
2014.07.18 03:10
2014.07.19 03:48
One can see that delta CRL generation time is constantly shifting and it's not the same as time period when delta CRL is being generated. Delta CRL validyti is 1 day, so it should be generated each day at the same time. CRL size is about 10MB, delta CRL size is about 0,5 MB. Delta CRL generation time is about 1,5 H.
Question: is it possible to fix CRL and delta CRL generation time (make it constant), using standard ADCS tools/settings? Role separation is used in solution, therefore it's not safe to run daily task (with CA administrator's permissions) to force publishing time in CA registry (if it's possible at all?), or similar "workoround.