For
example, you might use the
USER_INSTALL_ROOT variable to define
a path such as
$USER_INSTALL_ROOT/mycertstore/mycrl1 where
mycertstore represents
the name of your certificate store and
mycrl1 represents
the certificate revocation list. For a list of supported variables,
click in the administrative console.
The following list provides recommendations for using certificate
revocation lists:
- If CRLs are added to the collection certificate
store, add the
CRLs for the root certificate authority and each intermediate certificate,
if applicable. When the CRL is in the certificate collection store,
the certificate revocation status for every certificate in the chain
is checked against the CRL of the issuer.
- When the CRL file
is updated, the new CRL does not take effect
until you restart the web service application.
- Before a CRL
expires, you must load a new CRL into the certificate
collection store to replace the old CRL. An expired CRL in the collection
certificate store results in a certificate path (CertPath)
build failure.