Certificate revocation
Revocation can be configured in the revocationPolicy section of the .json file. The table below describes its parameters. In the SDMC administration console, the equivalent parameters are found in Policies > Authorities.
For more information on how to configure the feature, refer to the section Adding certification authorities and configuring certificate revocation control in the Administration guide.
| Parameter | Type Description | Prescribed values | SDMC |
|---|---|---|---|
| checkCertificateRevocation | Optional. Indicates whether certificate revocation must be verified. |
true, false |
N/A |
| displayWarningDBCorrupted | Shows a warning message when the local CRL database is corrupted. |
true, false |
N/A |
| displayWarningDBDeleted | Shows a warning message when the local CRL database has been erased. |
true, false |
N/A |
| fileTimeOutInSeconds | Maximum time in seconds allocated to downloading the CRL from a file. | Positive integer. | N/A |
| httpTimeOutInSeconds | Maximum time in seconds allocated to downloading the CRL from an HTTP link. | Positive integer. | N/A |
| issuers | List of authority certificates and recovery certificates to be used in your policies. | ||
|
certificateID: Unique ID of the certificate in the policy. You will find the identifier in the list of certificates in the certificateData section of the .json file. |
Unique |
||
|
crlDownloadFrequency: Frequency with which the CRL is downloaded. Allowed values are:
|
OnFirst WhenExpired, Always, Never |
N/A | |
| methods: List of CRL download methods. | Add from library | ||
| type: Type of revocation method. | "CRL" "OCSP" |
N/A | |
| url: URL used for the download. | String | N/A | |
| ldapTimeOutInSeconds | Maximum time in seconds allocated to downloading the CRL from a LDAP link in seconds. | Positive integer. | N/A |
| validityDurationInDays | CRL validity in days. |
Positive integer. |
Validity period of revocation lists |