The PGP Universal Server Certificate Revocation List (CRL) service monitors the status of keys and their associated certificates. The service is enabled by default.
When enabled, the Certificate Revocation List (CRL) service can automatically generate and publish a CRL, add certificates to the CRL when their key is revoked, and allow you to download the CRL via HTTP or LDAP.
To Edit CRL service settings:
Login to the PGP Universal Server admin interface.
Click Services > Certificate Revocation.
Select the Edit button. The Edit Certification Revocation page appears.
In the URLs field, type the URL(s) you want to be stamped into the CRL Distribution Point (DP) when the PGP Universal Server creates a certificate for a key. Type one URL per line.
Note: To use the default CRL DP location, enter only the protocol and hostname of the URL (for example, https://examplehostname:port) and the rest of the path is stored correctly in generated certificates (for example, https://examplehostname:port/crl/RevokedCertificates.crl).
To use a custom CRL DP location, you must enter the complete URL. Custom CRL DP locations are not modified in any way.
In the Regeneration field, type the number of days for which a CRL is valid. The default is 7 days. When the threshold is reached, a new CRL is generated.
In the Interfaces fields, type an interface and port you want stamped into the CRL DP for accessing the CRL via HTTP.
You must configure one interface for each HTTP URL you type in the URLs field. You can create additional interface/port combinations by clicking the plus-sign icon and typing the appropriate information.
The interfaces you configure have no effect on accessing the CRL via LDAP.
Imported Document ID: TECH149743
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.