Match Certificate to CRL (Sun Java System Federation Manager 7.0 User's Guide)

Sun Java System Federation Manager 7.0 User's Guide

Previous: Subject DN Attribute Used to Search LDAP for Certificates
Next: Issuer DN Attribute Used to Search LDAP for CRLs

Match Certificate to CRL

Specifies whether to compare the user certificate against the Certificate Revocation List (CRL) in the LDAP Server. The CRL is located by one of the attribute names in the issuer's SubjectDN. If the certificate is on the CRL, the user is denied access; if not, the user is allowed to proceed. This attribute is, by default, not enabled.

Note –

Certificates should be revoked when the owner of the certificate has changed status and no longer has the right to use the certificate or when the private key of a certificate owner has been compromised.

Previous: Subject DN Attribute Used to Search LDAP for Certificates
Next: Issuer DN Attribute Used to Search LDAP for CRLs