Certificate revocation list collection
Use this page to determine the location of the certificate revocation list (CRL) known to the application server. The Application Server checks the CRL to determine the validity of the client certificate. A certificate found in a certificate revocation list might not be expired, but is no longer trusted by the certificate authority (CA) that issued the certificate. The CA might add the certificate to the certificate revocation list if it believes that the client authority is compromised.
View the console panel for the collection certificate store on the cell level.
- Click Security > JAX-WS and JAX-RPC security runtime.
- Under additional properties, click Collection certificate store.
- Click the name of a configured collection certificate store or create a new collection certificate store first.
- Under Additional properties, click Certificate revocation list > New to specify the path to a new list or click the name of the certificate revocation list to modify its path.
View the console panel for the collection certificate store on the server level.
- Click Servers > Server Types > WebSphere application servers > server_name.
- Under Security, click JAX-WS and JAX-RPC security runtime.
In a mixed node cell with a server using Websphere Application Server version 6.1 or earlier, click Web services: Default bindings for Web Services Security.
- Under Additional properties, click Collection certificate store.
- Click the name of a configured collection certificate store or create a new collection certificate store first.
- Under Additional properties, click Certificate revocation list > Newto specify the path to a new list or click the name of the certificate revocation list to modify its path.
View the console page for the collection certificate store on the application level.
- Click Applications > Application Types > WebSphere enterprise applications > application_name.
- Under Modules, click Manage modules > URI_name.
- Under Web Services Security Properties, we can access collection certificate stores for the following bindings:
- For the Request generator, click Web services: Client security bindings. Under Request generator (sender) binding, click Edit custom > Collection certificate store.
- For the Request consumer, click Web services: Server security bindings. Under Request consumer (receiver) binding, click Edit custom > Collection certificate store.
- For the Response generator, click Web services: Server security bindings. Under Response generator (sender) binding, click Edit custom > Collection certificate store.
- For the Response consumer, click Web services: Client security bindings. Under Response consumer (receiver) binding, click Edit custom > Collection certificate store.
- Click the name of a configured collection certificate store or create a new collection certificate store first.
- Under Additional properties, click Certificate revocation list > New to specify the path to a new list or click the name of the certificate revocation list to modify its path.
- Under Additional properties, we can access collection certificate stores for the following bindings:
- For the Response receiver binding, click Web services: Client security bindings. Under Response receiver binding, click Edit.
- Under Additional properties, click Collection certificate store > certificate_store_name.
- Under Additional properties, click X.509 certificates.
- Click New and specify the path to the certificate revocation list.
Certificate revocation list path
Location where we can find the list of certificates that are not valid.
Related tasks
Configure the collection certificate store for the generator binding on the application level
Certificate revocation list configuration settings Collection certificate store collection Collection certificate store configuration settings