Certificate revocation

Revocation can be configured in the revocationPolicy section of the .json file. The table below describes its parameters. In the SDMC administration console, the equivalent parameters are found in Policies > Authorities.

For more information on how to configure the feature, refer to the section Adding certification authorities and configuring certificate revocation control in the Administration guide.

Parameter Type Description Prescribed values SDMC
checkCertificateRevocation Optional. Indicates whether certificate revocation must be verified.

true,

false

N/A
displayWarningDBCorrupted Shows a warning message when the local CRL database is corrupted.

true,

false

N/A
displayWarningDBDeleted Shows a warning message when the local CRL database has been erased.

true,

false

N/A
fileTimeOutInSeconds Maximum time in seconds allocated to downloading the CRL from a file. Positive integer. N/A
httpTimeOutInSeconds Maximum time in seconds allocated to downloading the CRL from an HTTP link. Positive integer. N/A
issuers List of authority certificates and recovery certificates to be used in your policies.  
 

certificateID: Unique ID of the certificate in the policy. You will find the identifier in the list of certificates in the certificateData section of the .json file.

Unique
character string

 
 

crlDownloadFrequency: Frequency with which the CRL is downloaded.

Allowed values are:

  • "onFirstCryptoOperation" (default value) the first time an encryption or decryption operation is conducted,

  • "WhenExpired" when the certificate expires,

  • "always" every time a certificate is used,

  • "never" never download the CRL.

OnFirst
Crypto
Operation,

WhenExpired,

Always,

Never

N/A
  methods: List of CRL download methods.   Add from library
  type: Type of revocation method. "CRL"
"OCSP"
N/A
  url: URL used for the download. String N/A
ldapTimeOutInSeconds Maximum time in seconds allocated to downloading the CRL from a LDAP link in seconds. Positive integer. N/A
validityDurationInDays CRL validity in days.

Positive integer.
(max 365)

Validity period of revocation lists