CRL distribution points

A CA specifies in the certificate where you can obtain revocation information. These details are not provided by WebSEAL or the GSKit library.

Although rare, a certificate can have more than one CDP. The primary reason for more than one CDP is to offer different protocols such as LDAP and HTTP. If a certificate is configured with more one CDP, WebSEAL contacts each CDP until a valid result is returned.

You can use Certificates from different CAs. Each CRL is signed by each CA so they cannot be confused. Each certificate contains its own CDP.

Parent topic: Key management
Related concepts:
Key management overview
Key management in the Local Management Interface
Client-side and server-side certificate concepts
Configuration of the WebSEAL key database file
Certificate revocation in WebSEAL
Configuration of the CRL cache
Use of the WebSEAL test certificate for SSL connections