Certificate revocation lists (CRLs) makes known any certificate and key that either client or server users should no longer trust. If data in a certificate changes, for example, a user changes offices or leaves the organization before the certificate expires, the certificate is revoked, and its data appears in a CRL. CRLs are produced and periodically updated by a CA.
To install a CRL obtained from a CA, perform the following steps:
Obtain the CRL as a file from your CA.
Go to the configuration page in the administration console.
Click the Certificates > Certificate Authorities tab.
Click the Install CRL button.
Enter the full path name to the associated file.
Click OK.
If the CRL already exists in the database, a Replace Certificate Revocation List page will appear.
You may need to click Deploy for changes to take effect.
Using CLI
To install a CRL through CLI, execute the following command.
wadm> install-crl --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 data/install-crl/ServerSign.crl |
See CLI Reference, install-crl(1).
Go to the configuration page in the administration console.
Click the Certificates > Certificate Authorities tab.
Select the CRL entry and click Delete.
You may need to click Deploy for changes to take effect.
Using CLI
To delete a CRL through CLI, execute the following command.
wadm> delete-crl --user=admin --password-file=admin.pwd --host=serverhost --port=8989 --config=config1 issuer |
See CLI Reference, delete-crl(1).