|
|
|
A Certificate Revocation List (CRL) is issued by a Certificate Authority to its subscribers. The list contains serial numbers of certificates that are invalid or have been revoked. When a request to access a server is received, the server allows or denies access based on the CRL.
If you are using CRLs, the key database must point to a current CRL to help Federation Manager enforce secure access. If Federation Manager tries using a revoked partner certificate, you will see an error message.
You are not required to have a CRL for each root CA in the system. If there is no CRL for the root CA, Federation Manager assumes that all certificates signed by that CA are trusted certificates.
The Federation Manager key database accepts file-based CRLs in Base64 or binary encoding. To add and maintain a CRL, use the Federation Manager UI.
Note: This release of Federation Manager does not support the Online Certificate Status Protocol (OCSP).
| Copyright © 2010 CA. All rights reserved. | Email CA about this topic |