Table of Contents
Advertisement
CAUTION
Managing the Certificate Revocation List
By revoking a certificate, you are notifying other users that the certificate is no
longer valid. You make this notification by publishing a list of the revoked
certificates, called the certificate revocation list (CRL), to an LDAP directory. This list
is publicly available and ensures that revoked certificates are not misused.
NOTE
Viewing or Examining CRLs
In some cases, you may need to view or examine the CRL, for example, prior to
manually updating the directory with the latest CRL.
Only a Certificate Manager agent can view the CRL.
To view or display the CRL:
Go to the Certificate Manager Agent Services page (see "Accessing Agent
1.
Services" on page 25). You must submit the proper client certificate to get
access to this page.
Click Display Certificate Revocation List to display the form for viewing the
2.
CRL.
Select the CRL that you want to view. (If your administrator has created
3.
multiple issuing points, you will see them in the "Issuing point" drop-down
list. Otherwise, you'll only see the master CRL.)
Whether you are revoking a single certificate or a list of certificates,
be extremely careful that you have selected the correct one or that
the list contains only the certificates you want to revoke. Once you
confirm a revocation operation, there is no way to undo it.
Certificate Management System is currently the only Netscape
server that can check the revocation status of the certificates that it
issues. With Certificate Management System, therefore, you can use
the certificate revocation status to control access. On other Netscape
servers, you must use other forms of access control. For example,
you can remove individual users from access groups to prevent
them from accessing the server.
Managing the Certificate Revocation List
Chapter 4
Finding and Revoking Certificates
65
Advertisement
Table of Contents
