Generate CRLs and Make Public
To generate CRLs and make a CRL public, do the following:
Go to EJBCA Admin Web > CA Functions >CA Structures & CRLs.
- Click Create CRL for each CA (for example: Corporate Root CA- G1 and Corporate Issuing CA - G1) to generate the CRLs and publish the CRL files to the S3 bucket.
- Login to the AWS console and select the s3bucket that was created, in this example s3crlbucket.
- Select the CRL that is desired to be made public, and then click Make Public.
- Confirm that the Success text in green is displyed at the top of the screen.
- Click the object URL at the bottom of the screen. If the CRL downloads, the access is correct.
NOTE A CName entry can then be placed into DNS that points to this file location. For example, crl.company.com can be used instead of s3.amazonaws.com/s3crlbucket, resulting in a CDP of http://crl.company.com/CorporateIssuingCAG1.crl. Ensure not to use HTTPS since you do not want the end entities to need a certificate to retrieve a CRL.