Before you begin
Enable certificate revocation checking. For information, see Enable certificate revocation checking in a domain and X.509 Certificate Revocation Checking.
Configuring a certificate authority override allow you to specify CR checking behavior that is specific to certificates issued by a particular certificate authority (CA). A certificate authority override always supersedes the corresponding domain-wide CR checking configuration that is set.
A certificate authority override can be used to supersede, for a given CA, any domain-wide CR checking configuration settings, with the exception of the CRL local cache, which is configured on a domain-wide basis only.
To configure a certificate authority override for a CA:
The Create a New Certificate Revocation Checking Certificate Authority Override page is displayed.
For example, if the CA Subject Name is
OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState,
C=US, this unique name could consist of the value of the
common name (CN); that is,
CN=CertGenCAB, OU=FOR TESTING ONLY, O=MyOrganization, L=MyTown, ST=MyState, C=US.
The Settings for certificate-authority-name page is displayed.
See Configuring OCSP Certificate Authority Overrides for more information about OCSP properties you can specify in a CA override.
See Configuring CRL Certificate Authority Overrides for more information about CRL properties you can specify in a CA override.