Installing and Managing CRLs and CKLs
Certificate revocation lists (CRLs) and compromised key lists (CKLs) make known any certificates and keys that either client or server users should no longer trust. If data in a certificate changes, such as when a user changes offices or leaves the organization before the certificate expires, the certificate is revoked, and its data appears in a CRL. If a key is tampered with or otherwise compromised, the key and its data appear in a CKL. Both CRLs and CKLs are produced and periodically updated by a CA. Contact your specific CA to obtain these lists.
This section describes how to install and manage CRLs and CKLs.
To Install CRLs or CKLs
-
Obtain a CRL or CKL from your CA and download it to a local directory.
-
Access either the Administration Server or the Server Manager and click the Security tab.
-
Click the Install CRL/CKL link.
-
Select either:
-
Type the full path name to the associated file and click OK.
The Add Certificate Revocation List or Add Compromised Key List page appears, listing CRL or CKL information. If a CRL or CKL already exists in the database, a Replace Certificate Revocation List or Replace Compromised Key List page appears.
-
Add or replace the CRL or CKL.
To Manage CRLs and CKLs
-
Access either the Administration Server or the Server Manager and click the Security tab.
-
Click the Manage CRL/CKL link.
The Manage Certificate Revocation Lists /Compromised Key Lists page appears, listing all installed CRLs and CKLs and their expiration dates.
-
Select a certificate from either the Server CRLs or Server CKLs list.
-
Select Delete CRL or Delete CKL to delete the CRL or CKL. .
-
Quit to return to the management page
- © 2010, Oracle Corporation and/or its affiliates