You should put the CRL capabilities toward the top of your priority list of features to recover in a disaster situation. Checking on the currently posted CRL and determining how long that CRL will be valid is very important. The closer that CRL is to expiration, the more pressure you are under to produce a new CRL and get that new CRL posted so that all of the subscribers can get to it to check the status of their certificates. Prioritizing the CRL signing capability near the top of your DR priority list will prevent turning the PKI disaster into a companywide disaster situation.
Zitat des Tages
Written by georg on September 8, 2016