You are here: Preparing the Certification Authority > CRL XML Format

CRL XML Format

If you are using mutual authentication, you can also configure the Intel AMT device with data from a Certificate Revocation List (CRL). Intel SCS does not use the original CRL file supplied by the Certification Authority. The information from the CRL file must be placed in the <CRLs> tag of the configuration profile.

You can use the Configuration Profile Wizard to import the CRL into the configuration profile (see Defining Advanced Mutual Authentication Settings).

Note:
The profile can contain a maximum of four CRLs. The combined CRLs can contain a maximum total of 64 serial numbers.

This is an example of the XML format required by the Configuration Profile Wizard:

<?xml version="1.0" encoding="UTF-8"?>

<!--

This file maps the untrusted certificates serial number to the URI of the issuer.

The URI value represents a valid CRL distribution point of a Certificate Authority.

-->

<crl>

<uri name="http://certification.authority.example.1.CRL">

<cert serialnumber="15 27 82 20 00 00 00 00 00 01"/>

<cert serialnumber="15-27-82-20-00-00-00-00-00-02"/>

<cert serialnumber="15278220000000000003"/>

</uri>

<uri name="http://certification.authority.example.2.CRL">

<cert serialnumber="15 27 82 20 00 00 00 00 00 04"/>

<cert serialnumber="15 27 82 20 00 00 00 00 00 05"/>

</uri>

</crl>

For the serial number attribute: