Home Similarity Diff BR Diff CS Diff EVG Diff SMIME Diff TLS

Home Show similarity Differences BR (in/out) Differences CS (in/out) Differences EVG (in/out) Differences SMIME (in/out) Differences TLS (in/out)

BR

CS

EVG

SMIME

TLS

BR

### 4.9.7 CRL issuance frequency CRLs must be available via a publicly-accessible HTTP URL (i.e., "published"). Within twenty-four (24) hours of issuing its first Certificate, the CA MUST generate and publish either: - a full and complete CRL; OR - partitioned (i.e., "sharded") CRLs that, when aggregated, represent the equivalent of a full and complete CRL. CAs issuing Subscriber Certificates: 1. MUST update and publish a new CRL at least every: - seven (7) days if all Certificates include an Authority Information Access extension with an id-ad-ocsp accessMethod (“AIA OCSP pointer”); or - four (4) days in all other cases; 2. MUST update and publish a new CRL within twenty-four (24) hours after recording a Certificate as revoked. CAs issuing CA Certificates: 1. MUST update and publish a new CRL at least every twelve (12) months; 2. MUST update and publish a new CRL within twenty-four (24) hours after recording a Certificate as revoked. CAs MUST continue issuing CRLs until one of the following is true: - all Subordinate CA Certificates containing the same Subject Public Key are expired or revoked; OR - the corresponding Subordinate CA Private Key is destroyed.

CS

### 4.9.7 CRL issuance frequency For the status of Subordinate CA Certificates: * The Issuing CA SHALL publish a CRL, then update and reissue a CRL at least once every twelve months and within 24 hours after revoking a Subordinate CA Certificate. The `nextUpdate` field MUST NOT be more than twelve months beyond the value of the `thisUpdate` field. For the status of Code Signing Certificates: * The Subordinate CA SHALL publish a CRL, then update and reissue a CRL at least once every seven days, and the value of the `nextUpdate` field MUST NOT be more than ten days beyond the value of the `thisUpdate` field. For the status of Timestamp Certificates: * The Subordinate CA SHALL update and reissue CRLs at least once every twelve months and within 24 hours after revoking a Timestamp Certificate, and the value of the `nextUpdate` field MUST NOT be more than twelve months beyond the value of the `thisUpdate` field.

EVG

### 4.9.7 CRL issuance frequency (if applicable)

SMIME

### 4.9.7 CRL issuance frequency For the status of Subscriber Certificates: the CA SHALL update and reissue CRLs at least once every seven days, and the value of the `nextUpdate` field SHALL NOT be more than ten days beyond the value of the `thisUpdate` field. For the status of Subordinate CA Certificates: the CA SHALL update and reissue CRLs at least: 1. once every twelve months; and 2. within 24 hours after revoking a Subordinate CA Certificate. The value of the `nextUpdate` field SHALL NOT be more than twelve months beyond the value of the `thisUpdate` field.