Show TOC

 How the Certificate Check Revocation Service WorksLocate this document in the navigation structure

If a certificate that is presented to the AS Java contains a CRL distribution point for the issuing CA, the Certificate Revocation Check service checks the CRL from this distirbution point to see whether the certificate has been revoked.

The first time that a CRL for a specific CA is checked, the Certificate Revocation Check service saves the default configuration in the corresponding profile, depending on use case for which the certificate was presented. An entry is stored in the CA's profile for each CRL distribution point provided by the CA. If no profile or corresponding entry exists for the CA's CRL being checked, it is automatically created.

The service also downloads the CA's CRL from the CRL distribution point and saves it in the CRL cache. For future checks, the service uses the CRL contained in the cache. If the CRL in the cache is expired, the service downloads the newest version from the CA's CRL distribution point.