Setting Up a Remote OCSP Responder694 Netscape Certificate Management System Installation and Setup Guide • March 20025. In the CRL Cache section, specify whether to enable CRL caching:Enable cache. Check this box to enable CRL caching. Leave the box uncheckedif you don’t want the server to maintain a cache.Update interval. If you enabled caching, type the interval for updating thecache.6. In the CRL Format section, specify the format for publishing the CRL:Include expired certificates. Check this box if you want the server to includerevoked certificates that have expired in the CRL.Allow extensions. Check this box if you want to allow extensions in the CRL. Ifyou enable this option, the server generates and publishes CRLs conforming toX.509 version 2 standard. If you disable this option, the server generates andpublishes CRLs conforming to X.509 version 1 standard. By default, the serverpublishes version 1 CRLs. If you enable this option, be sure to set the requiredCRL extensions as described in “Step B. Set the CRL Extensions” on page 694.Revocation list signing algorithm. Select the algorithm the server should useto sign the CRL. If the Certificate Manager’s signing key type is RSA, select MD2with RSA, MD5 with RSA, or SHA-1 with RSA. If the Certificate Manager’ssigning key type is DSA, select SHA-1 with DSA.7. To save your changes, click Save.If the changes you made require you to restart the server, you are promptedaccordingly. However, don’t restart the server yet; you can restart it afteryou’ve made all the required changes.Step B. Set the CRL ExtensionsComplete this step only if you configured the Certificate Manager to publishversion 2 CRLs—that is, you selected the “Allow extensions” option in “Step A.Specify CRL Format and Publishing Interval” on page 693.During installation, the Certificate Manager creates default CRL extension rules;these are documented in CMS Plug-Ins Guide. Note that the server is configured toadd the CRL Reason extension only; all the other rules are in the disabled state. Inthis step, you modify the default CRL extension rules to add the required CRLextensions.