Administration → Security Administration → Authentication Realms and Users → PKI Certificate Authentication Configuration → Configuring Polling for Certificate Revocation Lists
To handle large Certificate Revocation Lists (CRL), a CRL poller service can be run as part of the server startup. This service downloads the updated CRL for all enabled PKI Certificate authentication realms once a day. Downloaded lists are stored within the Deployment Automation profile folder:
<sda_profile>/var/cache/pkiThe CRL poller service downloads CRL lists only if the following are true:
If you use the Internal PKI certificate revocation, you do not need to configure this. See Creating PKI Certificate Authentication Realms.
To configure the poller service:
crlPollerEnabled: If set to true, the poller service runs; if set to false, it doesn't
crlPollerStartHour: Set to an integer value from 0 through 23 in 24 hour time format. If this is not set, the default is 0.
In the following example, the poller is enabled and the start hour is 0, which means it runs at midnight.
<pkiConfig> <crlPollerEnabled>true</crlPollerEnabled> <crlPollerStartHour>0</crlPollerStartHour> </pkiConfig>
Copyright © 2011–2016 Serena Software, Inc. All rights reserved.