A certificate revocation list (CRL) can be generated by running CertUtil.exe with the following syntax:
CertUtil -crl OutputFile
Use the optional OutputFile parameter to cause the CRL to be written to the specified file (otherwise the CRL is not immediately written to a file). Specify the character "-" to write the CRL to the Default Web Location.
To run CertUtil and create a CRL that is written to the Default Web Location, click on Start, Programs, Windows NT 4.0 Option Pack, and Microsoft Certificate Server. Then click on the "Generate New Certificate Revocation List" shortcut.
Alternatively, CertUtil can be run by starting a Command Prompt window or clicking on Start and Run in the Windows NT Taskbar and entering the following command:
CertUtil -crl -
A previously generated CRL can be retrieved and written to a file by running CertUtil with the following syntax:
CertUtil -getcrl OutputFile
A certificate revocation list (CRL) can also be generated by running a process that calls the ICertAdmin:PublishCRL method.
See CertUtil for complete information on the CertUtil program.