Offline CA Maintenance Tasks - TechNet Articles - United States (English) - TechNet Wiki

The tasks can be summarized in four steps assuming you followed the steps in your key signing ceremony to retrieve the CA.

Issue a new Certificate Revocation List (CRL) and publish it to the configured Offline Certification Authority distribution points.
Apply major release updates to the offline Certification Authori>

Offline CA Maintenance Tasks

Offline Certification Authority should never be connected to the network.

Take a new CA backup and save it to a location outlined in your key signing ceremony.

Power off the Offline Certification Authority and follow the steps in the key signing ceremony to secure the CA.