Historical Content Alert
This is a historical content for Windows NT 4.0 product and is presented for informative purposes only. All content in this directory is copyrighted and owned by Microsoft.

Publishing CRLs

A certificate revocation list (CRL) can be generated by running CertUtil.exe with the following syntax:

CertUtil -crl OutputFile

Use the optional OutputFile parameter to cause the CRL to be written to the specified file (otherwise the CRL is not immediately written to a file). Specify the character "-" to write the CRL to the Default Web Location.

To run CertUtil and create a CRL that is written to the Default Web Location, click on Start, Programs, Windows NT 4.0 Option Pack, and Microsoft Certificate Server. Then click on the "Generate New Certificate Revocation List" shortcut.

Alternatively, CertUtil can be run by starting a Command Prompt window or clicking on Start and Run in the Windows NT Taskbar and entering the following command:

CertUtil -crl -

A previously generated CRL can be retrieved and written to a file by running CertUtil with the following syntax:

CertUtil -getcrl OutputFile

A certificate revocation list (CRL) can also be generated by running a process that calls the ICertAdmin:PublishCRL method.

See CertUtil for complete information on the CertUtil program.

Share this article: