Contents
This filter is responsible for validating certificates against a Certificate Revocation List (CRL) that has been published by a Certificate Authority (CA). The CRL is retrieved from the specified URL and is cached by the server for certificate validation. The filter automatically fetches a potentially updated CRL from this URL when the criteria specified in the Automatic CRL Update Preferences section are met.
Configure the following fields on the CRL (Dynamic) screen:
Name:
Enter an appropriate name for the filter.
CRL Import URL:
Enter the full URL of the CRL to use to validate the certificate. Alternatively, you can browse to the location of the CRL by clicking the button.
Automatic CRL Update Preferences:
Typically, a CA publishes an updated CRL at regular intervals. You can configure the filter to dynamically pull down the latest CRL published by the CA at specified intervals. Select the appropriate update option from the following:
-
Do not update:
The filter never attempts to automatically retrieve the latest CRL.
-
Update on "next update" date:
The CRL published by the CA contains a Next Update date, which indicates the next date on which the CA publishes the CRL. You can choose to dynamically retrieve the updated CRL on the Next Update date by selecting this option. This effectively synchronizes the server with the CA updates.
-
Update every number of days:
The filter retrieves the CRL every number of days specified.
-
Trigger update on cron expression:
You can enter a cron expression to determine when to perform the automatic update.
