Before you begin
For information about certificate revocation checking, see X.509 Certificate Revocation Checking.
If you Enable automatic realm restart in the default security realm, you do not need to restart WebLogic Server after enabling certificate revocation checking.
By default, when WebLogic Server checks a certificate's revocation status, it uses OCSP. If OCSP returns the certificate's status as "unknown," WebLogic Server then checks CRLs. However, you can change the checking method and order by selecting one of the following alternatives:
After you finish
After you enable certificate revocation checking in the domain, you can optionally do the following: