Certificate revocation lists (CRLs) are a common method to track probable rogue certificates. These are certificates that can no longer be trusted because the private key has become “public knowledge,” when using a public key infrastructure.
CCISSF allows for the use of CRLs. To use this feature, place a generated CRL in the default CRL location of $CAILOCL0000\crl.pem.
Using CRLs is not useful when using the CCISSF default certificate, since this certificate is the same across all nodes. You can use this feature only when generating your own certificates.
Note: The ccisslcfg utility can override these default file locations.
|
Copyright © 2010 CA.
All rights reserved.
|
|