A Certificate Authority (CA) may wish to publish a Certificate Revocation
List (CRL) to a file. In such cases, the Enterprise Gateway can load the revoked
certificates from the file-based CRL and validate user certificates against it.
Because the CRL is typically signed by the CA that owns it, the certificate
of the CA that issued the CRL must be imported into the
Certificate Store before this filter can work correctly.
In addition, the Static CRL Certificate Validation filter
requires the certificates message attribute to be set
by a predecessor.
Important Note:
Typically, a CA publishes a new CRL, containing the most up-to-date
list of revoked certificates at regular intervals. However,
the Static CRL Certificate Validation filter does not
automatically update the CRL when it is loaded from a local file. If you
need to automatically retrieve updated CRLs from a particular URL, you
should use the Dynamic CRL Certificate Validation
filter.
|