A basic configuration: CACRLCertificateRevocationList /etc/pki/ca/ca-crl.pem SetHandler crl