The tasks can be summarized in four steps assuming you followed the steps in your key signing ceremony to retrieve the CA.

  1. Issue a new Certificate Revocation List (CRL) and publish it to the configured Offline Certification Authority distribution points.

  2. Apply major release updates to the offline Certification Authori>