Skip to content

Commit

Permalink
section 5.7.3 updates for crl #556
Browse files Browse the repository at this point in the history
  • Loading branch information
@lachellel
lachellel committed Dec 14, 2018
1 parent 9d09383 commit c34c5ad
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion certificate-policy.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1041,9 +1041,11 @@ In the event of a Subordinate CA private key compromise, the following operation

- The FPKIPA shall be immediately notified
- All subscriber certificates shall be revoked within twenty-four (24) hours
- The Root CA shall revoke the Subordinate CA certificate within seven (7) days

If the CA publishes revocation information via CRLs:
- A final long term CRL with a nextUpdate time past the validity period of all issued subscriber certificates shall be generated
- The final CRL shall be available for all relying parties until the validity period of all issued certificates has passed
- The Root CA shall revoke the Subordinate CA certificate within seven (7) days

If the Root Certificate private key is compromised, the CA shall notify the FPKIPA immediately.

Expand Down

0 comments on commit c34c5ad

Please sign in to comment.