Close

Microsoft CRL Partitions

Schedule a Demo

  • CRL partitioning can solve real problems in Microsoft ADCS PKI

    …or create new ones if implemented without forethought and planning.

    Watch the full recording on-demand below.

    servers stacked in a hexagonal pattern

Description

In this 45-minute live webinar, our experts will break down Microsoft CRL Partitions at a practical level. The first 30 minutes will focus on what CRL partitioning is, why organizations consider it, and the benefits and drawbacks of configuring it in your ADCS revocation strategy.

The final 15 minutes are dedicated to live Q&A, where we’ll address real-world scenarios and the indicators we use to advise clients on whether CRL partitions will improve scalability and performance — or simply add unnecessary complexity.

If you’re designing, operating, or modernizing an ADCS environment, this session will help you make informed, defensible decisions.

Join the live session and bring the PKI question you’ve been meaning to ask.
 

 

Webinar Recap

In our January PKI Insights webinar, we dug into how Microsoft CRL partitioning actually behaves in real ADCS environments, including how it compares to other revocation options like delta CRLs and OCSP.

One of the most important takeaways was that certificates are permanently tied to a specific CRL partition at issuance. That design choice has long-term implications, especially if the number of partitions is changed later. As discussed during the session, reducing partitions can silently break certificate validation for certificates tied to now-orphaned CRLs, without clear warnings or guardrails.

The conversation also highlighted why CRL partitioning isn’t something to “try and see.” Once enabled, it becomes part of your revocation strategy for the life of those certificates, impacting monitoring tools, third-party products, and future PKI changes.

If you’re considering CRL partitioning—or want to understand the trade-offs before someone enables it — the full recording and Q&A provide critical context that isn’t obvious from documentation alone.

Watch the full webinar recording to hear the complete discussion and audience questions.

 

Presenters

Mark B. Cooper

Founder and CEO 

Mark B. Cooper, president and founder of PKI Solutions, has been known as “The PKI Guy” since his early days at Microsoft. He has deep knowledge and experience in all things Public Key Infrastructure (PKI). PKI Solutions LLC provides consulting, training — including online training — and Gartner-recognized software for PKI Posture Management at enterprises, many of them Fortune 500 companies. PKI Solutions has led hundreds of PKI training sessions, including private training sessions, across the country and around the world. Cooper is an avid proponent of the SHAKEN/STIR global standard to end robocalls, which uses authentication and PKI to verify callers’ identities. Prior to founding PKI Solutions, Cooper was a senior engineer at Microsoft, where he was a PKI and identity management subject matter expert who designed, implemented, and supported Active Directory Certificate Services (ADCS) environments for Microsoft’s largest customers. 

 

Jake Grandlienard

Managing PKI Consultant

Jake Grandlienard brings more than 20 years of industry experience as a senior level engineer. He has spent the past 10 years designing, leading, and training clients in Public Key Infrastructure (PKI) implementations for medium to enterprise-scale Fortune 500 companies. He specializes in PKI implementations of Microsoft-based identity solutions, including Microsoft Active Directory Certificate Services (ADCS) as well as integration with other security and identity management technologies. Jake is a subject matter expert in PKI, mobile device management software, smart card management software, and Hardware Security Module (HSM) integration.