Configuration of the CRL cache
GSKit allows WebSEAL to perform CRL checking on client-side certificates and certificates from SSL junctions. To improve CRL checking performance, we can cache the CRL from a particular Certificate Authority (CA). Subsequent CRL checks are made against this cached version of the list.
The settings for the two configuration file stanza entries discussed in this section are passed directly to the GSKit utility. For further information about GSKit functionality, refer to the GSKit documentation.
- Set the maximum number of cache entries
- Set the GSKit cache lifetime timeout value
- Enable the CRL cache
Parent topic: Key management
Related concepts
- Key management overview
- Key management in the Local Management Interface
- Client-side and server-side certificate concepts
- Configuration of the WebSEAL key database file
- Certificate revocation in WebSEAL
- CRL distribution points
- Use of the WebSEAL test certificate for SSL connections