User Access Manager Help >> Operation Guide >> User Access Policy >> Service Parameters >> Certificate >> Root Certificate >> CRL

CRL

CRL configuration is the second step in the root certificate configuration procedure.

Perform this task to set the CRL periodical update parameters.

Operation Procedure

1. On the CRL configuration page, select Enable CRL Periodical Update, select an update type (HTTP/HTTPS or LDAP), and enter the update interval, update time, and link. If the LDAP update type is selected, enter the admin DN and password in the Admin DN and Admin Password fields.
2. Click OK.

Parameters

• Enable CRL Periodical Update: Select this option to enable UAM to periodically retrieve the most recent CRL from the CRL distribution point.
• Update Mode: Select the protocol used by UAM to retrieve the CRL from the CRL distribution point. Options are HTTP/HTTPS and LDAP.
• Update Interval (1-30 days): Specify the CRL update interval, in days. The interval starts on the day when the periodical update setting is changed. The value range is 1 to 30 days.
• Update on Hour (0-23): Specify the hour on which the CRL is updated. A value of 0 indicates the CRL will be updated at 00:00.
• Link: Specify the URL of the CRL distribution point. The URL can be in HTTP or LDAP format, for example, http://10.153.146.168/CertEnroll/INC.crl or ldap://10.153.146.168:389/CN=uam168CA,CN=8R2-SQL08R2-155,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=uam168,DC=com. In the LDAP URL, the string “CN=uam168CA,CN=8R2-SQL08R2-155,CN=CDP,CN=Public Key Services,CN=Services,CN=Configuration,DC=uam168,DC=com” can be obtained from the LDAP server. For example, to obtain the string from a Windows Server 2008 LDAP server, right-click the CRL location and select Copy from the shortcut menu. In the copied CRL string, remove ldap:/// and characters that follow the first question mark (?), and replace %20 with a space:
  
• Admin DN: Specify the distinguished name of the LDAP server administrator. This parameter appears when the update type is set to LDAP.
• Admin Password: Specify the password of the LDAP administrator. UAM uses the password to connect to the LDAP server for CRL retrieval. This parameter appears when the update type is set to LDAP.

Precautions

• To modify the CRL settings after the root certificate configuration is complete, access the Root Certificate page, click in the root certificate list, modify the configuration items, and click OK.

Related Topics

• Root Certificate
• Delete Root Certificate
• Import CRL File
• Update CRL