Configuration of CRL checking
WebSEAL must know the location of the CRL list in order to perform CRL checking. Stanza entries for the location of the LDAP server that can be referenced for CRL checking during client-side certificate authentication are found in the [ssl] stanza of the WebSEAL configuration file:
[ssl] #crl-ldap-server = server-name #crl-ldap-server-port = port-id #crl-ldap-user = webseal-admin-name #crl-ldap-user-password = admin-password
Stanza entries for the location of the LDAP server that can be referenced for CRL checking during authentication across SSL junctions are found in the [junction] stanza of the WebSEAL configuration file:
[junction] #crl-ldap-server = server-name #crl-ldap-server-port = port-id #crl-ldap-user = webseal-admin-name #crl-ldap-user-password = admin-password
By default, CRL checking is disabled (stanza entries are commented out). To enable CRL checking during certificate authentication, uncomment each stanza entry and enter the appropriate values.
A null value for the crl-ldap-user stanza entry indicates the SSL authentication mechanism should bind to the LDAP server as an anonymous user.
Parent topic: Certificate revocation in WebSEAL