Sec/User Mgmt: Step 5: Import Certificate Revocation List

Document created by RSA Information Design and Development on Jul 28, 2016
Version 1Show Document
  • View in full screen mode
 

A CRL is a file that contains a list of revoked certificates with details such as the serial number and revocation date of each certificate. Typically a certificate is revoked to avoid any compromise of the certificate by unauthorized users. For example, if a Security Analytics user resigns from an organization, then the user's certificate must be revoked by the issuing CA to avoid any certificate compromise. 

You can import the CRL issued by your trusted CA and set up the Refresh interval so Security Analytics can use the CRL to block unauthorized users from accessing Security Analytics.  

You can import a CRL file into Security Analytics server using:

  • Security Analytics User Interface (UI)
  • Command Line

Import CRL file using Security Analytics UI

To import CRL file using Security Analytics UI:

  1. In the Security Analytics menu, select  Administration > Security.
    The Security view is displayed with the Users tab open.
  2. Click the Settings tab.
  3. In the CRLs section, clickicon_add.png.
    The CRLs dialog is displayed.
    10.5.0.2_Crl.png
  4. Click Browse to upload the CRL file.
  5. Click Save. 
    The CRL file is successfully added to the Security Analytics server.

Import CRL file using Command Line

To import CRL file using Command Line:

Copy the CRL file(s) to the following directory in the Security Analytics server appliance:
/opt/rsa/carlos/crl
The CRL file is successfully added to the Security Analytics server.

Note: DER encoded is the supported CRL file format.

Security Analytics uses the updated CRL file in the next CRL cache refresh depending on the CRL Refresh Interval Settings.

You are here: Set Up Public Key Infrastructure (PKI) Authentication > Configure PKI Authentication > Step 5. Import Certificate Revocation List

Attachments

    Outcomes