A certificate revocation
      list (CRL) is a time-stamped list of digital certificates that have been
      revoked by the certificate authority (CA) that issued them. Each CRL is
      signed by a CA and made freely available in a public repository.
      When configuring certificate revocation checking in a WebLogic
      domain, you can customize the following CRL settings:
      
        - Whether to enable updates from CRL distribution points, which are
        used to update the CRL local cache.
- The CRL cache refresh setting. The refresh setting is expressed as
        a percentage of a CRL validity period that, when reached, forces a
        refresh from the distribution point. For example, for a validity
        period of 10 hours, a value of 10% specifies that after one hour, the
        cached CRL expires and a fresh CRL is required. The refresh occurs
        when the CRL is next required.
- The timeout setting that limits the wait time for CRL downloads
        from distribution points. Setting a timeout helps minimize blocked
        threads and also reduces the system’s vulnerability to denial of
        service attacks.
To customize the CRL configuration in WebLogic Server: