For
example, you might use the
USER_INSTALL_ROOT variable to define
a path such as $
USER_INSTALL_ROOT/
mycertstore/
mycrl1 where
mycertstore represents
the name of your certificate store and
mycrl1 represents the
certificate revocation list. For a list of supported variables, click
Environment >
WebSphere variables in the administrative console. The
following list provides recommendations for using certificate revocation
lists:
- If CRLs are added to the collection certificate store, add the
CRLs for the root certificate authority and each intermediate certificate,
if applicable. When the CRL is in the certificate collection store,
the certificate revocation status for every certificate in the chain
is checked against the CRL of the issuer.
- When the CRL file is updated, the new CRL does not take effect
until you restart the Web service application.
- Before a CRL expires, you must load a new CRL into the certificate
collection store to replace the old CRL. An expired CRL in the collection
certificate store results in a certificate path (CertPath)
build failure.