Configuration of CRL checking

WebSEAL must know the location of the CRL list in order to perform CRL checking. Stanza entries for the location of the LDAP server that can be referenced for CRL checking during client-side certificate authentication are found in the [ssl] stanza of the WebSEAL configuration file:

[ssl]
#crl-ldap-server = server-name
#crl-ldap-server-port = port-id
#crl-ldap-user = webseal-admin-name
#crl-ldap-user-password = admin-password

Stanza entries for the location of the LDAP server that can be referenced for CRL checking during authentication across SSL junctions are found in the [junction] stanza of the WebSEAL configuration file:

[junction]
#crl-ldap-server = server-name
#crl-ldap-server-port = port-id
#crl-ldap-user = webseal-admin-name
#crl-ldap-user-password = admin-password

By default, CRL checking is disabled (stanza entries are commented out). To enable CRL checking during certificate authentication, uncomment each stanza entry and enter the appropriate values.

A null value for the crl-ldap-user stanza entry indicates that the SSL authentication mechanism should bind to the LDAP server as an anonymous user.