Start of changeHow distribution point CRLs/ARLs workEnd of change

PKI Services always creates a global CRL regardless of whether you choose to use DP CRLs. The global CRL contains revocation information for certificates that have no CRLDistributionPoints extension (in other words, certificates defined with CRLDistSize=0). When a certificate contains a CRLDistributionPoints extension, PKI Services publishes its revocation status to the appropriate DP CRL, not in the global CRL.

The following topics help you understand more about how DP CRLs work. This information is useful if you write applications that process CRLs.

Parent topic: Advanced customization