Certificate revocation list collection

Use this page to determine the location of the certificate revocation lists (CRL) known to WebSphere Application Server. The Application Server checks the CRLs to determine the validity of the client certificate. A certificate that is found in a certificate revocation list might not be expired, but is no longer trusted by the certificate authority (CA) that issued the certificate. The CA might add the certificate to the certificate revocation list if it believes that the client authority is compromised.

To view the administrative console panel for the collection certificate store on the cell level, complete the following steps:

  1. Click Security > Web services.

  2. Under additional properties, click Collection certificate store.

  3. Click the name of a configured collection certificate store or create a new collection certificate store first.

  4. Under Additional properties, click Certificate revocation lists.

To view the administrative console panel for the collection certificate store on the server level, complete the following steps:

  1. Click Servers > Application servers > servername.

  2. Under Security, click Web services: Default bindings for Web services security.

  3. Under Additional properties, click Collection certificate store.

  4. Click the name of a configured collection certificate store or create a new collection certificate store first.

  5. Under Additional properties, click Certificate revocation lists.

To view this administrative console page for the collection certificate store on the application level, complete the following steps:

  1. Click Applications > Enterprise applications > appname.

  2. Under Related items, click EJB modules Web modules > URI_name.

  3. Under Additional properties, one can access collection certificate stores for the following bindings:

  4. Click the name of a configured collection certificate store or create a new collection certificate store first.

  5. Under Additional properties, click Certificate revocation lists.

  6. Under Additional properties, one can access collection certificate stores for the following bindings:

  7. Under Additional properties, click Collection certificate store > certificate_store_name.

  8. Under Additional properties, click X.509 certificates.

  9. Click New and specify the path to the certificate revocation list.

To add a certificate revocation list for a v5.x application, complete the following steps:

  1. Click Applications > Enterprise applications > appname.

  2. Under Related items, click EJB modules Web modules > URI_name.

Certificate revocation list path

Specifies the location where one can find the list of certificates that are not valid.