Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: grammatical changes


  1. The FQDN and TLS certificate of one or more CRL Store.
  2. The TLS certificate of the MA.
  3. Security credentials needed to authenticate the TCotSCMSM (this may be certificate based, user name and password, or secured through privileged access to the CRLG internal storage).

When a new CRLG is added, the MA must be updated with the following information:

  1. The FQDN and TLS certificate of the CRLG.

When a new CRLG is added, all CRL stores must be updated with the following information:

  1. The TLS certificate of the CRLG.

End State

After completing this use case, the CRLG will be configured with the following connection information:


  • If the CRLG's SCMS certificate has retired and a new certificate is issued, there is no need for a special procedure to add the new certificate. It will be learned by all SCMS components when they load the latest CRL and validate the CRLG signature. The CRLG can continue to use the same network address and TLS certificate as before.
  • If the CRLG has decommissioned and replaced, it will be necessary to update the internal memory of the replacement component with the last known state of the CRL. This may be done through secure transfer to the new component or by loading and validating the last published CRL. No other configuration changes are needed (provided that the replacement component has the same network address and TLS certificate as the prior CRLG).
  • If the CRLG's SCMS certificate has been revoked, or if the Root root CA's certificate has been revoked, then the SCMS Manager will have to perform an investigation to validate the contents of the latest CRL state prior to re-certifying a replacement CRLG. Note that once a CRL is published, none of the contents can be removed from the list, even if they were added incorrectly (i.e., you cannot un-revoke a component even if you realize that the component was never compromised).


  • The CRLG has been set up as described in the Setup CRL Generator use case.
  • The Root root CA issues the CRLG’s SCMS certificate.
  • SCMS components and EEs can learn and validate the SCMS certificate when they download the latest CRL. There is no need to distribute the CRLG certificate to all components.
  • The CRLG periodically publishes updated CRLs to the CRL Store.
  • The TCotSCMSM can trigger an immediate CRL update if necessary.
  • The CRLG will provide an interface to allow the addition or removal of CRL Stores from the list of sites that receive new CRL updates. This interface will require that there is always at least one active CRL Store. The mechanism for adding and removing CRL Store addresses in the CRLG is implementation specific and is not defined here.
  • For the PoC there will be only one CRLG in the SCMS.
  • The CRLG will need to incorporate root and elector revocation commands on the CRL. These commands will be assembled by the TCotSCMSM and delivered to the CRLG through the communications mechanism established in this use case.