To configure the CRL manually:
- Double click on the imported CA certificate.
The Configure Trusted CA dialog is displayed.
- In the Revocation Configuration section, select Configure Revocation Checks Manually.
- If the latest CRL is not available, select Use Expired CRLs for Revocation Checks to use the expired CRL for revocation.
- In the Revocation Check Mode field, do one of the following to validate the user certificate.
- Select Check only CRLs for Revocation to use only the CRLs.
- Select Check only OCSP Responder for Revocation to use only the OCSP Responders.
- Select First Check CRLs then OCSP Responder for Revocation to use the CRL. If all the CRLs are expired, use the OCSP Responders.
- Select First Check OCSP Responder Then CRLs for Revocation to use the OCSP Responders. If all the Responders are offline or unavailable, use the CRLs.
- Click to add the CRL.
- To add a CRL published on a HTTP server:
- In the CRL Type field, select CRL is located on a HTTP server.
- In the URL field, specify the HTTP URL to access the CRL
- To upload a CRL file downloaded from the CA:
- In the CRL Type field, select CRL is available as a File.
- In the CRL file field, click Browse to upload the CRL file.
- To add a OCSP Responder:
- In the CRL Type field, select HTTP URL for OCSP Responder.
- In the URL field, specify the HTTP URL.
- In the Certificate field, click Browse to upload the OCSP Responder Signing Certificate.
- Click Try Reading CRL.
The NetWitness Platform UI displays the extracted information from the CRL.
If the HTTP URL is located on the HTTPS location, the NetWitness Platform does not validate the web server certificate of the HTTP server on which the CRL is located.
- Click Save.
The CRL file is added to the NetWitness Platform.
Previous Topic:Import Server Certificate and Trusted CA Certificate
Next Topic:Enable PKI Authentication
You are hereTable of Contents > (Optional) Set Up Public Key Infrastructure (PKI) Authentication > Configure PKI Authentication > (Optional) Configure the CRL Manually