Table of Contents
Advertisement
NOTE
If a CRL download URL uses the HTTPS or the LDAPS protocol,
verify with the CA that the certificate for the CRL server has not
been revoked. Enterprise Server will not communicate with a client
or server with a revoked certificate.
At startup, Enterprise Server does not yet have any CRLs stored in
memory, so if the certificate has been revoked, the initial CRL
update succeeds. However, once the CRL that lists the revoked
certificate is stored in memory, subsequent update attempts will fail.
If you have enabled the option Shut down server if CRL updates fail,
Enterprise Server shuts down after the first failed update attempt. If
not, Enterprise Server continues to run, but it cannot update the
CRL.
In the Update Interval field, specify the maximum amount of time in minutes
7.
to allow between CRL downloads.
At startup, Enterprise Server downloads all CRLs configured for automatic
downloading. To determine the time of the next download, Enterprise Server
uses this value or the time specified in the Next Update field of the CRL,
whichever is sooner. Not all CRLs have a Next Update field, however, so you
must specify an update interval for each CRL.
To determine an appropriate update interval, consider the network
connectivity and available bandwidth at your site and how often the CRL is
updated.
In the Maximum Age field, specify the time in minutes you want Enterprise
8.
Server to wait past the time indicated in the CRL's Next Update field before
determining that the CRL is too old to be valid.
To avoid unnecessary shutdowns, Netscape recommends that you set this
value no lower than
differences between the Enterprise Server host and the CA's CRL download
server. Clocks on different servers can be out of sync, and the CA can still be
generating a new CRL at Next Update time.
If you have not enabled the option Shut down server if CRLs are too old or if
the CRL does not have a Next Update field, the value specified in this field has
no impact. Accept the default value of 60 minutes.
(minutes) and take into account possible system time
5
Chapter 5
Configuring Remote CRLs
Securing Your Enterprise Server
105
Advertisement
Table of Contents
Related Manuals for Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
Related Products for Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 08-2002 ADMINISTRATOR
- Netscape NETSCAPE CONSOLE 6.0 - MANAGING SERVERS
- Netscape NETSCAPE DIRECTORY SERVER 6.01
- Netscape NETSCAPE DIRECTORY SERVER 6.02
- Netscape NETSCAPE DIRECTORY SERVER 6.1 - DEPLOYMENT
- Netscape NETSCAPE DIRECTORY SERVER 6.2 - GATEWAY CUSTOMIZATION
- Netscape NETSCAPE ENTERPRISE SERVER 6.0 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTERPRISE SERVER 6.1 - NSAPI PROGRAMMER GUIDE
- Netscape NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - AGENT GUIDE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.1 - ADMINISTRATOR
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - CUSTOMIZATION
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - PLUG-IN
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.0 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.01 - COMMAND-LINE
- Netscape NETSCAPE MANAGEMENT SYSTEM 6.2 - COMMAND-LINE