000021512 - Does CVS cache CRLs? in RSA Certificate Verification Server 1.0

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000021512
Applies ToRSA Keon Certificate Verification Server 1.0
Sun Solaris
IssueDoes CVS cache CRLs? in RSA Certificate Verification Server 1.0
Caching behavior of CVS
CauseA CA issues multiple CRLs to prevent CRL size from growing. For example:

department X CA issues end-entity certificates for users in department Y and users in department Z.

End-entity certificate for user in department Y has a CRL Distribution point for department Y.

End-entity certificate for user in department Z has a CRL Distribution point for department Z.

The CRL for validating end-entity certificates for users in department Y has an issuing Distribution Point for department Y.

The CRL for validating end-entity certificates for users in department Z has an issuing Distribution Point for department Z.

With this configuration, the question arises: Does CVS cache CRL for department Y and for department Z?
ResolutionRSA Keon Certificate Verification Server 1.0 does cache RLs per DN value specified in an IDP extension. Or as a direct answer, "Yes".
Legacy Article IDa23310

Attachments

    Outcomes