Removing a certificate revocation list

The certificate authority (CA) publishes a Certificate Revocation List (CRL) that contains a list of revoked certificates. CRLs are made publicly available so that anyone can verify whether a certificate that was used to sign a message is valid. The CRL ensures the integrity of the signatures, which are based on the expected level of trust that is associated with the type of certificate. In AS4 Microservice, you can remove lists of revoked certificates that you and your partners use to authenticate certificates.

About this task

By default, a CA maintains an expired CRL in the database and keeps it in the directory at the last known publicized Certificate Distribution Point. However, you can remove the expired CRL from AS4 Microservice to clean out the database and guard against CRL-related performance impact.

Procedure

  1. Log in to AS4 Microservice with the necessary access credentials.
  2. Select Security > Certificate Revocation List.
  3. In the certificate revocation list collection page, click the expired CRL distribution point.
  4. In the detailed view page for the certificate, click Remove in the appropriate section.
  5. Click OK to confirm the removal of the CRL and return to the certificate collection page.