It is called "CRL publishing" (to file), and there are a few configuration steps all in the "main" configuration file called CS.cfg (e.g. /etc/pki/pki-ca1from80/ca/CS.cfg) stop the CA before any manual edits (need to know what to change), or use the pkiconsole UI to make changes. It may seem a little bit confusing at first, but the system is flexible, with the components called "mappers, publishers, and rules". I will refer to the online documentation for the details and examples: You can have one CRL, CRL issuing points, delta CRLs. http://pki.fedoraproject.org/wiki/CRL_Publishing https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/... https://access.redhat.com/documentation/en-US/Red_Hat_Certificate_System/... and https://access.redhat.com/site/solutions/400253 Red Hat Certificate System CRL publishing to file Thanks, M. On Sat, Dec 10, 2016 at 1:22 AM, Rafael Leiva-Ochoa <spawn(a)rloteck.net&gt; wrote: