Free PKI Insights webinar: "Post-Quantum Cryptography (PQC) and PKI" 9/19 - Register Here!

PowerShell PKI Module Documentation

Documentation Home
This command requires installed Remote Server Administration Tools (RSAT)

Set-CRLValidityPeriod

Synopsis

Sets CRL validity period setting.

Syntax

Set-CRLValidityPeriod -InputObject <CRLValiditySetting[]> [[-BaseCRL] <String>] [[-BaseCRLOverlap] <String>] [[-DeltaCRL] <String>] [[-DeltaCRLOverlap] <String>] [-RestartCA] [<CommonParameters>]

Description

Sets CRL validity period and overlap settings for both BaseCRL and DeltaCRL.

Parameters

-InputObject <CRLValiditySetting[]>

Must be existing CRLValidityPeriod object that contains current issued certificate validity settings. This object can by retrieved by running Get-CRLValidityPeriod command

Required? True
Position? named
Default value
Accept pipeline input? true (ByValue, ByPropertyName)
Accept wildcard characters? False

-BaseCRL <String>

Specifies new CRL validity settings. Must be set in the format: '<Digit> <PeriodUnit>'. For example, '5 days'. Possible values for PeriodUnit are:
— Hours
— Days
— Weeks
— Months
— Years

Required? False
Position? 1
Default value
Accept pipeline input? false
Accept wildcard characters? False

-BaseCRLOverlap <String>

Specifies the time to extend Base CRL. For example if BaseCRL is published every 7 days with 1 day overlap the resulting validity period for Base CRL will be 8 days. But the CA server will still publish CRL evey 7 days, so administrators will have one day to distribute CRL to the target CRL publishing locations. For input format please refer to BaseCRL parameter.

Required? False
Position? 2
Default value
Accept pipeline input? false
Accept wildcard characters? False

-DeltaCRL <String>

Specifies new Delta CRL validity settings. Delta CRL is an incremental CRL issued several times between Base CRL publishing and will contain only those certificates that was revoked since the last Base CRL was issued. Usually Delta CRLs are published quite frequently (for example, each 1-2 days) to keep certificate revocation status information up to date. For input format please refer to BaseCRL parameter.

Note: if you wish to disable DeltaCRL publishing, set Digit value to zero (see examples).

Required? False
Position? 3
Default value
Accept pipeline input? false
Accept wildcard characters? False

-DeltaCRLOverlap <String>

Specifies the time to extend Delta CRL. For additional info refer to BaseCRLOverlap parameter. For input format please refer to BaseCRL parameter.

Required? False
Position? 4
Default value
Accept pipeline input? false
Accept wildcard characters? False

-RestartCA <SwitchParameter>

Restarts CA service on the specified CA server to immediately apply changes.

Required? False
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? False

<CommonParameters>

This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, InformationAction, InformationVariable,
WarningAction, WarningVariable, OutBuffer, PipelineVariable and OutVariable.
For more information, see about_CommonParameters (https://go.microsoft.com/fwlink/?LinkID=113216).

Inputs

PKI.CertificateServices.CRLValidityPeriod

Outputs

PKI.CertificateServices.CRLValidityPeriod

Notes

Examples

Example 1

PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -BaseCRL "22 weeks" -BaseCRLOverlap "2 days" -RestartCA

Sets Base CRL publishing period as 22 weeks and overlap delay as 2 days. After configuration is changed, the command will restart certificate services to immediately apply changes.

Example 2

PS C:\> Get-CertificationAuthority -Name Company-CA | Get-CRLValidityPeriod | Set-CRLValidityPeriod -DeltaCRL "0 days" -RestartCA

Disables Delta CRL publishing for all Certification Authorities in current forest. After configuration is changed, the command will restart certificate services to immediately apply changes.

Related links

Get-CertificationAuthority
Connect-CertificationAuthority
Get-CRLValidityPeriod

Minimum PowerShell version support

  • Windows PowerShell 3.0

Operating System Support

  • Windows 7
  • Windows 8
  • Windows 8.1
  • Windows 10
  • Windows 11
  • Windows Server 2008 R2 all editions
  • Windows Server 2012 all editions
  • Windows Server 2012 R2 all editions
  • Windows Server 2016 all editions
  • Windows Server 2019 all editions
  • Windows Server 2022 all editions