Previous Topic: Certificate Cache Refresh PeriodNext Topic: Changing the Policy Server Super User Password

Policy Server GuidesPolicy Server Administration GuideCertificate Data Store ManagementDefault Revocation Grace Period

Default Revocation Grace Period

The default revocation grace period is the delay, in days, from when a certificate is revoked and the time the certificate becomes invalid. During the grace period, CA SiteMinder® can use a revoked certificate before it becomes invalid. After the certificate becomes invalid, it is no longer active and CA SiteMinder® cannot use it.

This default grace period applies to CRLs and OCSP responders. If you do not specify a value for the CRL grace period when adding a CRL to the system, CA SiteMinder® uses the default grace period. If you do not configure an OCSP grace period in the SMocsp.conf file, CA SiteMinder® uses the default grace period. The individual grace period settings for a CRL or OCSP take precedence over this default grace period value.

Follow these steps:

  1. Log in to the Administrative UI.
  2. Select Infrastructure, X509 Certificate Management, CDS Settings.
  3. Enter a new value for the revocation grace period, in days. The default is 0, which means that when a certificate is revoked it becomes invalid immediately.
  4. Click Save.

The revocation grace period is defined.