Managing Certificate Revocation Lists (CRL)

Certificate revocation lists (CRLs) makes known any certificate and key that either client or server users should no longer trust. If data in a certificate changes, for example, a user changes offices or leaves the organization before the certificate expires, the certificate is revoked, and its data appears in a CRL. CRLs are produced and periodically updated by a CA.

To Install a CRL

To install a CRL obtained from a CA, perform the following steps:

1. Obtain the CRL as a file from your CA.

2. Go to the configuration page in the administration console.

3. Click the Certificates > Certificate Authorities tab.

4. Click the Install CRL button.

5. Enter the full path name to the associated file.

6. Click OK.

   ---

   Note –

   If the CRL already exists in the database, a Replace Certificate Revocation List page will appear.

   ---

7. You may need to click Deploy for changes to take effect.

   ---

   Note –

   Using CLI

   To install a CRL through CLI, execute the following command.

   wadm> install-crl --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 data/install-crl/ServerSign.crl

   ---

   See CLI Reference, install-crl(1).

To Delete a CRL

1. Go to the configuration page in the administration console.

2. Click the Certificates > Certificate Authorities tab.

3. Select the CRL entry and click Delete.

4. You may need to click Deploy for changes to take effect.

   ---

   Note –

   Using CLI

   To delete a CRL through CLI, execute the following command.

   wadm> delete-crl --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 issuer

   See CLI Reference, delete-crl(1).

   ---