Skip to main content
Skip table of contents

Generate CRLs and Make Public

To generate CRLs and make a CRL public, do the following:

  1. Go to EJBCA Admin Web > CA Functions >CA Structures & CRLs.

  2. Click Create CRL for each CA (for example: Corporate Root CA- G1 and Corporate Issuing CA - G1) to generate the CRLs and publish the CRL files to the S3 bucket.
  3. Login to the AWS console and select the s3bucket that was created, in this example s3crlbucket.
  4. Select the CRL that is desired to be made public, and then click Make Public.
  5. Confirm that the Success text in green is displyed at the top of the screen.  
  6. Click the object URL at the bottom of the screen. If the CRL downloads, the access is correct.

NOTE A CName entry can then be placed into DNS that points to this file location. For example, can be used instead of, resulting in a CDP of Ensure not to use HTTPS since you do not want the end entities to need a certificate to retrieve a CRL.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.