Adding certification authorities and configuring certificate revocation control

SDMC makes it possible to add certificates from your certification authorities to your security policies, so that the SDS Enterprise agent can monitor users' certificate trust chain.

It also allows you to set up revocation control, which is the only way to indicate that a user's certificate must no longer be used. For example, if the owner of the certificate no longer belongs to a group, if the user's key may have been compromised, or if the user has obtained another certificate.

Revocation control can be performed either thanks to a Certificate Revocation List (CRL) or thanks to the OCSP protocol. In this case, the OCSP responder’s URL address must be specified in the certificate.

Such data is generated by the administrator of the public key infrastructure (PKI) that the organization uses.

SDMC makes it possible to list the CRL distribution points for every certification authority that issues certificates to your users. This list is specific to each security policy.

SDS Enterprise agents download CRLs from the indicated distribution points so that the validity of users' certificates can be verified.