Installing Certificate Revocation Lists 
Certificate Revocation List files (CRLs) provided by a Certification Authority (CA) identify credentials, that can no longer be trusted. CRLs prevent you from applying a digital signature that is no longer valid, and let you know when digital signatures on incoming documents are invalid. CRLs should be updated on a regular basis (for example, daily or weekly).
They are identified by the CRL distribution point (CRLdp), which is specified as a URL in the certificate itself. The following values must be specified when you install the CRL:
CRL Value |
Description |
|---|---|
URL |
Must match the URL found in the CRLdp field of the certificate. |
Filename |
The file name of the CRL. |
Caution
If you do not specify a URL/file name combination, the server will not have access to CRLs so that signatures chaining off that Trusted Anchor are considered invalid. However, if the certificate does not contain a CRLdp field to identify a URL for its CRLs, revocation checking cannot be performed and the server will consider the signatures as always valid.
Note
On UNIX systems, the directories and files that contain the trust configuration information must be accessible by the SAP Web AS admin account, by default <sid>adm.
Procedure
Start the SAP NetWeaver Administrator via the address http://<server>:<port>/nwa .
<server>: AS Java where the ADS are installed
<port>: HTTP port of the AS Java
Choose
Configuration Management 
Infrastructure Management Adobe Document Services 
.In the left pane, choose Configuration.
Select Certificate Revocation Lists from the list and choose Add New Object.
Specify the URL of the CRL you installed.
In the CRL File field, choose the name of the CRL file, and save.
Restart the Document Services Trust Manager service and the PDF Manipulation Module service for the changes to take effect.
More information: Starting or Stopping an ADS-Relevant Service