Set Up Certificate Revocation List

Certificate Revocation List (CRL) validation occurs when OCSP validation has failed or the server has been configured not to validate OCSP.

Prior to validating CRL, configure the server to run a scheduled business process to download CRL from the CRL distribution point every four hours. You can obtain the CRL distribution point from the certificate authority website or from the certificate.

Use the GET_CRL_PROCESS business process to create a scheduled business process with necessary CRL distribution point and proxy settings.

If the server is unable to find the CRL of a certificate, the validation continues. If the certificate is revoked, the server suspends the user and no further transactions are allowed.