A certificate revocation list (CRL) is a time-stamped list of digital certificates that have been revoked by the certificate authority (CA) that issued them. Each CRL is signed by a CA and made freely available in a public repository.

When configuring certificate revocation checking in a WebLogic domain, you can customize the following CRL settings:

• Whether to enable updates from CRL distribution points, which are used to update the CRL local cache.
• The CRL cache refresh setting. The refresh setting is expressed as a percentage of a CRL validity period that, when reached, forces a refresh from the distribution point. For example, for a validity period of 10 hours, a value of 10% specifies that after one hour, the cached CRL expires and a fresh CRL is required. The refresh occurs when the CRL is next required.
• The timeout setting that limits the wait time for CRL downloads from distribution points. Setting a timeout helps minimize blocked threads and also reduces the system’s vulnerability to denial of service attacks.

To customize the CRL configuration in WebLogic Server: