Add a CRL Entry

The Configure Revocation List dialog lets you add a CRL entry to the certificate data store.
casso10
HID_add-crl
The Configure Revocation List dialog lets you add a CRL entry to the certificate data store.
The dialog contains the following settings:
  • Issuer Alias
    Specifies the Certificate Authority that is issuing the CRL.
  • URL
    Specifies the URL for the Certificate Authority issuing the CRL.
    Limit:
    File CRL or LDAP CRL location
    • File CRL syntax must be file://
      path
      /
      filename
      Windows Example:
      file:///c:/crls/crllist.crl
      UNIX Example:
      file:///usr/local/crldata/crllist.crl
      The path on Solaris must be all lowercase.
    • LDAP CRL syntax must be: ldap://
      server:port
      /
      entry_point_to_crl
      Windows/UNIX Example:
      ldap://crlserver1.ca.com:987/uid=crl1,dc=ad,dc=mycompany,dc=com
  • Grace Period (days)
    Indicates the delay, in days, from when a certificate is revoked and the time the certificate becomes invalid. During the grace period,
    CA Single Sign-On
    can use a revoked certificate.
    Certificates listed in a CRL are not considered revoked
    until
    the grace period expires. This grace period gives the customer time to update the partnership certificate so that the partnership does not suddenly stop working.