Federation Manager Guide › Keys and Certificates for Secure Federated Communication › Certificate Revocation List Usage › Designating a CRL

Designating a CRL

You can ensure that only valid certificates are being used for federation-related PKI functions by using CRLs against which certificates can be checked.

For Federation Manager to use a CRL, you have to specify the CRL location.

To specify the location of a CRL

1. From the Certs & Keys tab, select Revocation Lists (CRL).

   The list of configured CRL locations is displayed.

2. Click Add.

   The Add Certificate Revocation List is displayed.

   Note: You can click Help for a description of fields, controls, and their respective requirements.

3. Specify an alias for the CRL and the location (URL) of the certificate revocation list.

   The location has to be a file path for a file CRL. The syntax for the file path is file:/path/filename.

   Examples

   • Windows: file:/c:/crllist.crl
   • Solaris: file://usr/local/crldata/crllist.crl

     The path on Solaris must be all lowercase.

4. Click Save.

The CRL is now added to the key database.