Access Keys:
Skip to content (Access Key - 0)

Log In

Certificate Revocation using Certificate Revocation Lists (CRL)

CRLs are lists of certificates that are no longer valid or that have been revoked by a Certification Authority (CA). The NHIN CA will maintain this list of revoked certificates and can be downloaded dynamically through the use of the "CRLDistributionPoints" certificate extension from the X.509 v3 certificate standard. For this release, CRL functionality is implemented through the following modification of the GlassFish domain.xml file:

<!-- CRL configuration begin -->
<jvm-options>-Dcom.sun.net.ssl.checkRevocation=true</jvm-options>
<jvm-options>-Dcom.sun.security.enableCRLDP=true</jvm-options>
<jvm-options>-Djava.security.debug=certpath</jvm-options>
<!-- CRL configuration end -->

To disable CRL capability for a CONNECT deployment, removal or the disablement via XML comment of the above lines in the domain.xml file is all that is needed.

For more information on CRL in CONNECT, please see http://developer.connectopensource.org/display/CONNECTWIKI/Certificate+Validation+Using+Certificate+Revocation+Lists
Adaptavist Theme Builder (3.3.3-conf210) Powered by Atlassian Confluence 3.0.2, the Enterprise Wiki.
Free theme builder license