A CRL is a file that contains a list of revoked certificates with details such as the serial number and revocation date of each certificate. Typically a certificate is revoked to avoid any compromise of the certificate by unauthorized users. For example, if a Security Analytics user resigns from an organization, then the user's certificate must be revoked by the issuing CA to avoid any certificate compromise.
You can import the CRL issued by your trusted CA and set up the Refresh interval so Security Analytics can use the CRL to block unauthorized users from accessing Security Analytics.
You can import a CRL file into Security Analytics server using:
- Security Analytics User Interface (UI)
- Command Line
Import CRL file using Security Analytics UI
To import CRL file using Security Analytics UI:
- In the Security Analytics menu, select Administration > Security.
The Security view is displayed with the Users tab open.
- Click the Settings tab.
- In the CRLs section, click.
The CRLs dialog is displayed.
- Click Browse to upload the CRL file.
- Click Save.
The CRL file is successfully added to the Security Analytics server.
Import CRL file using Command Line
To import CRL file using Command Line:
Copy the CRL file(s) to the following directory in the Security Analytics server appliance:
/opt/rsa/carlos/crlThe CRL file is successfully added to the Security Analytics server.
Note: DER encoded is the supported CRL file format.
Security Analytics uses the updated CRL file in the next CRL cache refresh depending on the CRL Refresh Interval Settings.