As mentioned in the CA Overview a Root CA is needed to be the root of trust for your PKI Deployment. In this page we will guide you on how you can create your own Root CA either using EZCA or creating your own offline CA.
For Root CAs we recommend to have a manual Lifecycle since the new Root will have to be added to the trusted root stores of your clients which requires manual steps from the IT team.
Changes to this section are only recommended for PKI experts with specific requirements.
Custom CRL endpoints are supported by EZCA by adding the CRL endpoint as the CRL endpoint in the certificate. However, your PKI admins are responsible from getting the CRL from EZCA and posting it in that specific endpoint.