To generate CRLs and make a CRL public, do the following:

  1. Go to EJBCA Admin Web > CA Functions >CA Structures & CRLs.

  2. Click Create CRL for each CA (for example: Corporate Root CA- G1 and Corporate Issuing CA - G1) to generate the CRLs and publish the CRL files to the S3 bucket.
  3. Login to the AWS console and select the s3bucket that was created, in this example s3crlbucket.
  4. Select the CRL that is desired to be made public, and then click Make Public.
  5. Confirm that the Success text in green is displyed at the top of the screen.  
  6. Click the object URL at the bottom of the screen. If the CRL downloads, the access is correct.

NOTE A CName entry can then be placed into DNS that points to this file location. For example, crl.company.com can be used instead of s3.amazonaws.com/s3crlbucket, resulting in a CDP of http://crl.company.com/CorporateIssuingCAG1.crl. Ensure not to use HTTPS since you do not want the end entities to need a certificate to retrieve a CRL.