PKIaaS publishes Certificate Revocation Lists (CRLs) with the following settings.
Setting | Value |
|---|---|
CRL validity | 7 days |
CRL extensions | crlNumber, invalidityDate, expiredCertsOnCRL |
Signing key | CA key |
CRL type | Full CRL |
Maximum size | 22 MB |
CA type | Root and issuing CAs |
Each CRL is updated:
- Automatically, every 24 hours.
- When including the "publish now" option on revocation requests to the API—this option results in the issuance of a new CRL within 15 minutes.
- When revoking an end-entity certificate using the ECS Enterprise UI or the Entrust Certificate Enrollment Gateway (CEG)—this type of revocation also results in the issuance of a new CRL within 15 minutes.
CRLs are available at the following URLs.
US region
http://crl.pkiaas.entrust.com/crl/{accountId}/{caId}/crl.crl EU region
http://crl.eu.pkiaas.entrust.com/crl/{accountId}/{caId}/crl.crl PQ Lab region
http://crl.pqlab.pkiaas.entrust.com/crl/{accountId}/{caId}/crl.crl Where {accountId} is your account identifier, and {caId} is the Certification Authority identifier.