|
|
|
You can ensure that only valid certificates are being used for federation-related PKI functions by using CRLs against which certificates can be checked.
Important! Federation Manager explicitly requests LDAP CRLs in binary transfer encoding, using the certificateRevocationList;binary LDAP attribute. This means that the CRL data must be stored in this attribute. When a Certificate Authority (CA) publishes a CRL using the LDAP protocol, it must return the CRL data in binary format, in accordance with RFC4522 and RFC4523.
For Federation Manager to use a CRL, you have to specify the CRL location.
To specify the location of a CRL
The list of available CRL locations is displayed.
The Add Certificate Revocation List is displayed.
Note: You can click Help for a description of fields, controls, and their respective requirements.
The location has to be a file path for a file CRL and an LDAP search path for an LDAP CRL.
The CRL is now added to the key database.
| Copyright © 2011 CA. All rights reserved. | Email CA Technologies about this topic |