Blog Post

Core Infrastructure and Security Blog

12 MIN READ

CRL & AIA Publishing Guidance (Practical PKI Part 2)

RonArestia

Microsoft

Feb 08, 2026

Managing Certificate Revocation Lists (CRLs) and Authority Information Access (AIA) extensions in a Microsoft Active Directory Certificate Services (ADCS) Public Key Infrastructure (PKI)

My name is Ron Arestia, and I am a Security Researcher with Microsoft’s Detection and Response Team (DART). We respond to customer cybersecurity incidents to assist with containment and recovery from...

Updated Jan 26, 2026

Version 1.0

PKI

RonArestia

Microsoft

Joined November 13, 2020

View Profile

Core Infrastructure and Security Blog

Follow this blog board to get notified when there's new activity

ajf8729

Copper Contributor

Feb 09, 2026

Great series so far, and good shout here about no sensitive data in the CRL. I've seen people assume that full information such as DNS names about revoked certs are included, which could be a potential information disclosure, but it's just the serial number, revocation date, and revocation reason.