test

Sun Java System Web Server 6.1 SP12 Administrator's Guide

Installing and Managing CRLs and CKLs

Certificate revocation lists (CRLs) and compromised key lists (CKLs) expose any certificates and keys that client or server users should no longer trust. If data in a certificate changes, for example, a user changes offices or leaves the organization before the certificate expires, the certificate is revoked, and the data appears in a CRL. If a key is tampered with or otherwise compromised, the key and its data appear in a CKL. CRLs and CKLs are produced and periodically updated by a CA.

ProcedureTo install a CRL or CKL

To obtain a CRL or CKL from a CA, perform the following steps:

  1. Obtain the CA’s URL for downloading CRLs or CKLs.

  2. Enter the URL in your browser window.

  3. Follow the CA’s instructions for downloading the CRL or CKL to a local directory.

  4. Access either the Administration Server or the Server Manager and choose the Security tab.

    In the Server Manager you must first select the server instance from the drop-down list.

  5. Click the Install CRL/CKLs link.

  6. Select either:

    • Certificate Revocation List

      or

    • Compromised Key List

  7. Enter the path name of the associated file.

  8. Click OK.

    • If you selected Certificate Revocation List, the Add Certificate Revocation List page appears listing CRL information.

    • If you selected Compromised Key List, the Add Compromised Key List page appears listing CKL information.

    Note –

    If a CRL or CKL list already exists in the database, a Replace Certificate Revocation List or Replace Compromised Key List page appears.

  9. Click Add.

  10. Click OK.

  11. For the Server Manager, click Apply.

  12. Restart for changes to take effect.

Managing CRLs and CKLs

To manage CRLs and CKLs, perform the following steps

ProcedureTo manage CRls and CKls

  1. Access either the Administration Server or the Server Manager and choose the Security tab.

    From the Server Manager you must first select the server instance from the drop-down list.

  2. Click the Manage CRL/CKLs link.

    The Manage Certificate Revocation Lists /Compromised Key Lists page appears with all installed Server CRLs and CKLs listed along with their expiration dates.

  3. Select a Certificate Name from either the Server CRLs or Server CKLs list.

  4. Choose:

    • Delete CRL

    • Delete CKL

  5. For the Server Manager, click Apply.

  6. Restart for changes to take effect.