EnableCRL Method—Determines whether To Check the Certificate Revocation List (CRL) for Revoked Certificates

Programming Guides › Programming Guide for Perl › CLI Policy Management Methods › Certificate Mapping Methods › EnableCRL Method—Determines whether To Check the Certificate Revocation List (CRL) for Revoked Certificates

EnableCRL Method—Determines whether To Check the Certificate Revocation List (CRL) for Revoked Certificates

The EnableCRL method sets or retrieves the flag that determines whether to check the Certificate Revocation List (CRL) for revoked certificates.

Syntax

The EnableCRL method has the following format:

Netegrity::PolicyMgtCertMap‑>EnableCRL([ckCRLFlag])

Parameters

The EnableCRL method accepts the following parameter:

ckCRLFlag (int)

(Optional) Specifies whether to check certificates against the CRL:

1 specifies that certificates should be checked
0 specifies that certificates should not be checked

Return Value

The EnableCRL method returns one of the following values:

The new or existing flag setting
-1 if the call was unsuccessful

Remarks

A CRL is a list of revoked X.509 client certificates published by the Certificate Authority. Comparing a certificate against a CRL is one way to ensure that certificates are valid. When a user with such a certificate tries to access a protected resource, SiteMinder finds the user's certificate in the CRL and rejects the authentication.

Before you enable CRL checking, call the method PolicyMgtCertMap‑>CRLUserDirectory to specify the user directory where the CRL is located.

Email CA about this topic