You can configure CICS® to use certificate revocation lists (CRLs) to check
the validity of client certificates being used in SSL negotiations.
To use certificate revocation lists, you must install and configure
an LDAP server. Details on how to perform these tasks can be found in z/OS® V1R4.0
Security Server LDAP Server Admin and Use.
A certificate revocation list details the revoked certificates from
a certificate authority. Certificate authorities keep these lists in CRL
repositories that are available on the world wide web and can be downloaded
and stored in an LDAP server. To populate the LDAP server and update certificate
revocation lists, use the CICS-supplied transaction CCRL. You also need to
authorize CICS to access the LDAP server. To use CRLs, follow these steps: