CRL distribution points
A CA specifies in the certificate where we can obtain revocation information. These details are not provided by WebSEAL or the GSKit library.
Although rare, a certificate can have more than one CDP. The primary reason for more than one CDP is to offer different protocols such as LDAP and HTTP. If a certificate is configured with more one CDP, WebSEAL contacts each CDP until a valid result is returned.
We can use Certificates from different CAs. Each CRL is signed by each CA so they cannot be confused. Each certificate contains its own CDP.
Parent topic: Key management
Related concepts
- Key management overview
- Key management in the Local Management Interface
- Client-side and server-side certificate concepts
- Configuration of the WebSEAL key database file
- Certificate revocation in WebSEAL
- Configuration of the CRL cache
- Use of the WebSEAL test certificate for SSL connections