Set-CRLValidityPeriod

Synopsis

Sets CRL validity period setting.

Syntax

Set-CRLValidityPeriod -InputObject <CRLValiditySetting[]> [[-BaseCRL] <String>] [[-BaseCRLOverlap] <String>] [[-DeltaCRL] <String>] [[-DeltaCRLOverlap] <String>] [-RestartCA] [<CommonParameters>]

Description

Sets CRL validity period and overlap settings for both BaseCRL and DeltaCRL.

Parameters

-InputObject <CRLValiditySetting[]>

Must be existing CRLValidityPeriod object that contains current issued certificate validity settings. This object can by retrieved by running Get-CRLValidityPeriod command

-BaseCRL <String>

Specifies new CRL validity settings. Must be set in the format: '<Digit> <PeriodUnit>'. For example, '5 days'. Possible values for PeriodUnit are:
— Hours
— Days
— Weeks
— Months
— Years

-BaseCRLOverlap <String>

Specifies the time to extend Base CRL. For example if BaseCRL is published every 7 days with 1 day overlap the resulting validity period for Base CRL will be 8 days. But the CA server will still publish CRL evey 7 days, so administrators will have one day to distribute CRL to the target CRL publishing locations. For input format please refer to BaseCRL parameter.

-DeltaCRL <String>

Specifies new Delta CRL validity settings. Delta CRL is an incremental CRL issued several times between Base CRL publishing and will contain only those certificates that was revoked since the last Base CRL was issued. Usually Delta CRLs are published quite frequently (for example, each 1-2 days) to keep certificate revocation status information up to date. For input format please refer to BaseCRL parameter.

Note: if you wish to disable DeltaCRL publishing, set Digit value to zero (see examples).

-DeltaCRLOverlap <String>

Specifies the time to extend Delta CRL. For additional info refer to BaseCRLOverlap parameter. For input format please refer to BaseCRL parameter.

-RestartCA <SwitchParameter>

Restarts CA service on the specified CA server to immediately apply changes.

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CRLValidityPeriod

Outputs

PKI.CertificateServices.CRLValidityPeriod

Notes

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -BaseCRL "22 weeks" -BaseCRLOverlap "2 days" -RestartCA

Sets Base CRL publishing period as 22 weeks and overlap delay as 2 days. After configuration is changed, the command will restart certificate services to immediately apply changes.

Example 2

PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -DeltaCRL "0 days" -RestartCA

Disables Delta CRL publishing for all Certification Authorities in current forest. After configuration is changed, the command will restart certificate services to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Get-CRLValidityPeriod

Minimum PowerShell version support

• Windows PowerShell 3.0

Operating System Support

• Windows 7
• Windows 8
• Windows 8.1
• Windows 10
• Windows 11
• Windows Server 2008 R2 all editions
• Windows Server 2012 all editions
• Windows Server 2012 R2 all editions
• Windows Server 2016 all editions
• Windows Server 2019 all editions
• Windows Server 2022 all editions