You can configure Certificate Manager to add revocation-related extensions to identity certificates issued by its internal CA. By default, certificates issued by Certificate Manager do not contain revocation-related extensions. You can enable or disable revocation for certificates issued by the Certificate Manager CA during a fresh installation or upgrade. When revocation is enabled, certificates contain extensions related to Certificate Revocation List (CRL) distribution, Online Certificate Status Protocol (OCSP) authority information access, or both. If Certificate Manager is configured to add CRL-related extensions to certificates, it issues a CRL every 24 hours with a validity of 7 days. You can download the CRLs from http://<cluster_FQDN>/ejbca/publicweb/webdist/certdist?cmd=crl&format=PEM&issuer=CN%3DCertificate+Manager+CA%2cO%3DAvaya.