Lightweight Directory Access Protocol (LDAP) server, LDAP server, certificate revocation list (CRL), CRL" /> Specifying the location of LDAP servers that hold certificate revocation lists (CRLs)
Home

 

Specifying the location of LDAP servers that hold certificate revocation lists (CRLs)

On a WebSphere MQ client system, we can specify the location of Lightweight Directory Access Protocol (LDAP) servers that hold certificate revocation lists (CRLs) in the following ways. They are listed in order of decreasing precedence.

  1. When a WebSphere MQ client application issues an MQCONNX call

  2. Using a client channel definition table

  3. Using Active Directory on Windows

See the relevant sections for more information about each of these ways.

The intention is that each LDAP server holds the same CRLs. The reason for configuring more than one LDAP server with CRLs is to provide higher availability. If one LDAP server is not available when it is required, a WebSphere MQ client can attempt to access another.




 

Home