crl-ldap-server
Use the crl-ldap-server stanza entry in the [ssl] stanza to specify the LDAP server that WebSEAL can contact for CRL checking during client-side certificate authentication.
crl-ldap-server = server_nameDescription
Specifies the Server to be contacted to obtain Certificate Revocation Lists (CRL).
Options
server_name This parameter can be set to one of two types of values:
- The name of the LDAP server to be referenced as a source for Certificate Revocation Lists (CRL) during authentication across SSL junctions. If this is used, you may also need to set the following parameters:
- crl-ldap-server-port
- crl-ldap-user
- crl-ldap-user-password
- The literal string “URI”. In the case where no direct LDAP Server is available, this allows GSKit to obtain revocation information from LDAP or the HTTP Servers as specified by the CA in the CRL Distribution Point (CDP) extension of the certificate.
Usage:
This stanza entry is optional.
Default: None.
Example:
crl-ldap-server = diamond.example.com