5.5.1. Viewing or Examining CRLs

5.5.1. Viewing or Examining CRLs

It may be necessary to view or examine a CRL, such as before manually updating a directory with the latest CRL. To view or display the CRL, do the following:

  1. Go to the CM agent services page.

  2. Click Display Certificate Revocation List to display the form for viewing the CRL.

  3. Select the CRL to view. If the administrator has created multiple issuing points, these are listed in the Issuing point drop-down list. Otherwise, only the master CRL is shown.

  4. Choose how to display the CRL by selecting one of the options from the Display Type menu. The choices on this menu are as follows:

    • Cached CRL. Views the CRL from the cache rather than from the CRL itself. This option displays results faster than viewing the entire CRL.

    • Entire CRL. Retrieves and views the entire CRL.

    • CRL header. Retrieves and views the CRL header only.

    • Base 64 Encoded. Retrieves and views the CRL in base-64 encoded format.

  5. To examine the selected CRL, click Display.

    The CRL appears in the browser window. This allows the agent to check whether a particular certificate (by its serial number) appears in the list and to note recent changes such as the total number of certificates revoked since the last update, the total number of certificates taken off hold since the last update, and the total number of certificates that expired since the last update.