Oracle® Fusion Middleware
Part 15. Certificate filters

This filter enables validation of certificates against a Certificate Revocation List (CRL) that has been published by a Certificate Authority (CA). The CRL is retrieved from the specified URL and is cached by the server for certificate validation. The filter automatically fetches a potentially updated CRL from this URL when the criteria specified in the Automatic CRL Update Preferences section are met.

The topic on the CRL (Static) filter shows a typical CRL-based policy that first uses a Find Certificate filter to find the certificate, which is stored in a certificate message attribute. It then uses a Copy/Modify Attributes filter to copy this certificate attribute to the certificates attribute by selecting its Create list attribute setting. This certificates attribute is then used by the CRL-based filter.

You can use the same approach with the CRL (Dynamic) filter instead of the CRL (Static) filter. For more details, see Static CRL certificate validation.

Configure the following fields on the CRL (Dynamic) window:

Name:

Enter an appropriate name for the filter.

CRL Import URL:

Enter the full URL of the CRL to use to validate the certificate, or browse to the CRL location.

Automatic CRL Update Preferences:

Typically, a CA publishes an updated CRL at regular intervals. You can configure the filter to dynamically pull the latest CRL published by the CA at specified intervals. Select one of the following update options: