This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 17%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJG%3C/text%3E%3C/svg%3E)
If the CRL on an internal Active Directory CA has been out of date for sometime. Will there be any issues if an up to date CRL is published. What would be the safest way to go about updating the CRL Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 80%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETB%3C/text%3E%3C/svg%3E)
Hi You can update CRL without any issues. It’s important to keep it up to date to let clients able to identify revoked certificates. It is recommended to keep CRL up to date automatically.
Please don’t forget to accept helpful answer
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 62%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EDZ%3C/text%3E%3C/svg%3E)
Hello james gledson,
Thank you for posting in Q&A forum.
*
If the CRL on an internal Active Directory CA has been out of date for sometime. Will there be any issues if an up to date CRL is published.*
A: If there is any certificate is revoked during this time, then after you update the CRL to the newest file, and if this certificate can access the newest CRL file and Delta CRL file when it is used, then this certificate may not be used (because it checks that this certificate is revoked).
If there is no any certificate is revoked during this time, then there will be no impact.
What would be the safest way to go about updating the CRL.
A: You can right click Revoked Certificate container and select Publish\All Tasks and select New CRL\Click OK.*
*
And right click Revoked Certificate container and select Publish\All Tasks and select Delta CRL only\Click OK.
Or you can publish CRL with command:
Certutil -config "CAMchineName\CAName" -CRL
Certutil -config "CAMchineName\CAName" -CRL delta
For example:
If the Answer is helpful, please click "Accept Answer" and upvote it.