Configuring Internal Revocation Verification

Before you can use the Internal PKI certificate revocation verification option, you must configure the server to support this. If you use the External PKI certificate revocation, you do not need to configure this. See Creating PKI Certificate Authentication Realms.

To configure the server for internal revocation verification:

  1. Navigate to the Common Tomcat conf directory. For example: C:\Program Files\Micro Focus\common\tomcat\8.5\webapps\da\conf
  2. Edit the following file: server.xml
  3. Edit the Connector entry that you added or modified in Configuring the Server to Support PKI Certificates. Add the attribute crlFile=”../list.crl, where list.crl is a file that contains your certificate revocation list, as shown in the following example.
    <Connector port="8643" SSLEnabled="true"
                   scheme="https" secure="true" sslProtocol="TLS" 
                   sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"
                   maxHttpHeaderSize="8192"
                   maxThreads="150" minSpareThreads="25"
                   enableLookups="false" disableUploadTimeout="true"
                   acceptCount="100"
    			            keystoreFile="conf/sample-ssl.jks" 
                   keystorePass="microfocus" keyAlias="tomcat"
                   truststoreFile="conf/sample-ssl.jks" truststorePass="serena" 
                   clientAuth="true" crlFile=”../list.crl”/>	 
    	
The Revocation Source Type of Internal can now be used to verify against the specified certificate revocation list.