--- univention-ssl/make-certificates.sh	(Revision 63847)
+++ univention-ssl/make-certificates.sh	(Arbeitskopie)
@@ -53,6 +53,10 @@ 
 	DEFAULT_BITS="2048"
 fi
+
+CRL_DISTRIBUTION_POINTS="$(/usr/sbin/univention-config-registry get ssl/crl/distribution_points)"
+if [ -z "$CRL_DISTRIBUTION_POINTS" ]; then
+	CRL_DISTRIBUTION_POINTS="URI:http://$(/usr/sbin/univention-config-registry get hostname).$(/usr/sbin/univention-config-registry get domainname)/ucsCA.crl"
+
 if test -e "$SSLBASE/password"; then
 	PASSWD=`cat "$SSLBASE/password"`
 else
@@ -178,6 +185,7 @@ 
 # issuerAltName           = issuer:copy
 # nsCertType              = sslCA, emailCA, objCA
 # nsComment               = signed by Univention Corporate Server Root CA
+crlDistributionPoints	= $CRL_DISTRIBUTION_POINTS
 
 [ v3_req ]