A Delta CRL is a supplemental CRL that is optional and only includes the updates made since the last Base CRL update. The standard CRL we’ve been discussing is called “Base” about a delta CRL if one is present.
Steps to Disable Delta CRL
Delta CRL can be disabled either by running certain commands on an administrative command prompt or by using GUI, which is discussed below:
By Command Prompt:
Set Delta CRL Validity to zero by running this command on an administrative command prompt:
Certutil -setreg CA\CRLDeltaPeriodUnits 0
Run net stop certsvc and net start certsvc to restart the ADCS Service.
Run certutil -crl to publish new CRLs.
By using GUI:
Open Certificate Authority (CA) Console. To do so, open Server Manager -> Tools -> Certification Authority.
Right-click on Revoked Certificates and open properties.
On the properties page, uncheck “Publish Delta CRLs.”
Click on Apply and OK.
To Publish new CRLs, Right click on Revoked Certificates -> All tasks -> Publish.