Skip navigation

JSI Tip 3853. The Certificate Revocation List (CRL) distribution point in the Root CA certificate is NOT suppressed when you modify the CAPolicy.inf file?

Windows help contains Installing and configuring a certification authority:

You can specify CRL Distribution Points (CDPs) in CAPolicy.inf.

If no URLs are specified (in other words, if the \[CRLDistributionPoint\] section is empty),
the default CRL Distribution point extension will be suppressed.
This does NOT work!

To suppress the CRLDistributionPoint in the Root CA certificate, place the following entry in the Capolicy.inf file, add: URL = \"\" to the \[CRLDistributionPoint\] section.

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.