Updating a certificate revocation list

The certificate authority (CA) that issues a digital certificate can revoke the certificate any time the certificate validity period ends before its actual expiration data. For example, a certificate is revoked if the integrity of the certificate is compromised. The CA publishes a Certificate Revocation List (CRL) that contains a list of revoked certificates. CRLs are made publicly available so that anyone can verify whether a certificate that was used to sign a message is valid. The CRL ensures the integrity of the signatures, which are based on the expected level of trust that is associated with the type of certificate. In AS4 Microservice, you can also update lists of revoked certificates that you and your partners use to authenticate certificates.

About this task

In AS4 Microservice, the Certificate Revocation List feature manages the lists that are referenced by CA certificates.

Important: Large CRLs can cause performance issues. If you give a shorter lifespan to certificates, they must be renewed more frequently but the size of the CRL is not as large. Another way to control CRL size is to partition a base CRL. In this way, you can control the amount of data that is replicated and the size of the data object that partners download when they perform revocation checks on certificates. You partition base CRLs by renewing the CA key. This creates a partitioned CRL for all certificates that are issued after the key is renewed.

Procedure

  1. Log in to AS4 Microservice with the necessary access credentials.
  2. Select Security > Certificate Revocation List.
  3. In the collections page, select the CRL..
  4. Click Edit and modify the content.
  5. Click Save to save the digital certificate and return to the CA Certificates collection page.