Use this page to specify a list of certificate revocations that check the validity of a certificate. The application server checks the certificate revocation lists (CRL) to determine the validity of the client certificate. A certificate that is found in a certificate revocation list might not be expired, but is no longer trusted by the certificate authority (CA) that issued the certificate. The CA might add the certificate to the certificate revocation list if it believes that the client authority is compromised.
Specifies a fully qualified path to the location where you can find the list of certificates that are not valid.
For portability reasons, it is recommended that you use the WebSphere Application Server variables to specify a relative path to the certificate revocation list. This recommendation is especially important when you are working in a WebSphere Application Server Network Deployment environment. For example, you might use the USER_INSTALL_ROOT variable to define a path such as $USER_INSTALL_ROOT/mycertstore/mycrl where mycertstore represents the name of your certificate store and mycrl represents the certificate revocation list. For a list of the supported variables, click Environment > WebSphere variables in the administrative console.
Related reference
Certificate revocation list collection
Collection certificate store collection
Collection certificate store configuration settings