IBM HTTP Server for WebSphere Application Server, Versão 6.1
             Sistemas Operacionais: AIX, HP-UX, Linux, Solaris, Windows , z/OS

             Personalize o índice e os resultados da procura

SSL certificate revocation list

This section provides information on identifying directives for certificate revocation list (CRL) and those supported in global servers and virtual hosts.

Certificate revocation provides the ability to revoke a client certificate given to IBM HTTP Server by the browser when the key becomes compromised or when access permission to the key gets revoked. CRL represents a database which contains a list of certificates revoked before their scheduled expiration date.

If you want to enable certificate revocation in IBM HTTP Server, publish the CRL on a Lightweight Directory Access Protocol (LDAP) server. Once the CRL is published to an LDAP server, you can access the CRL using the IBM HTTP Server configuration file. The CRL determines the access permission status of the requested client certificate.

Identifying directives needed to set up a certificate revocation list. The SSLClientAuth directive can include two options at once:

The CRL option turns CRL on and off inside an SSL virtual host. If you specify CRL as an option, then you elect to turn CRL on. If you do not specify CRL as an option, then CRL remains off. If the first option for SSLClientAuth equals 0/none, then you cannot use the second option, CRL. If you do not have client authentication on, then CRL processing does not take place.

Identifying directives supported in global or server and virtual host. Global server and virtual host support the following directives:
CRL checking follows the URIDistributionPoint X509 extension in the client certificate as well as trying the DN constructed from the issuer of the client certificate. If the certificate contains a CRL Distribution Point (CDP), then that information is given precedence. The order in which the information is used is as follows:
  1. CDP LDAP X.500 name
  2. CDP LDAP URI
  3. Issuer name combined with the value from the SSLCRLHostname directive



Related concepts
Certificates
Related reference
SSL directives
Tópico de Conceito    

Termos de Uso | Feedback

Última atualização: Feb 19, 2009 4:14:16 PM CST
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.ihs.doc/info/ihs/ihs/cihs_crlinssl.html