Accessing CRLs and ARLs
This section describes:
- Accessing CRLs and ARLs with a queue manager
- Accessing CRLs and ARLs with a WebSphere MQ client
- Accessing CRLs and ARLs using WebSphere MQ Explorer
- Accessing CRLs and ARLs with the Java client and JMS
Note that in this section, information about Certificate Revocation Lists (CRLs) also applies to Authority Revocation Lists (ARLs).
On the following platforms, WebSphere MQ maintains a cache of CRLs and ARLs that have been accessed in the preceding 12 hours:
- i5/OS from V5R2M0 onwards
- UNIX systems
- Windows systems
- z/OS systems
When the queue manager or WebSphere MQ client receives a certificate, it checks the CRL to confirm that the certificate is still valid. WebSphere MQ first checks in the cache, if there is a cache. If the CRL is not in the cache, WebSphere MQ interrogates the LDAP CRL server locations in the order they appear in the namelist of authentication information objects specified by the SSLCRLNamelist attribute, until WebSphere MQ finds an available CRL. If the namelist is not specified, or is specified with a blank value, CRLs are not checked.
- Accessing CRLs and ARLs with a queue manager
- Accessing CRLs and ARLs with a WebSphere MQ client
- Accessing CRLs and ARLs with the Java client and JMS
Parent topic:
Working with Certificate Revocation Lists and Authority Revocation Lists
sy12700_