Identify the certificate revocation lists (CRLs) that define revoked
digital certificates. Revoked certificates should not give the SAP Mobile Platform device user access to the SAP Mobile Server runtime.
Administrators can configure CRLs to check if any of the certificates in
the path are revoked. A series of URIs define the CRL location.
- Using SAP Control Center, open the
CertificateAuthenticationLoginModule and CertificateValidationLoginModule used by
your security configuration.
- Define one or more URIs for the CRL property. If you are using
multiple URIs, each must be indexed. The index number used determines the order in
which CLRs are checked.
This example uses two URI, each indexed accordingly so that the
Verisign CRL comes first.
crl.1.uri=http://crl.verisign.com/ThawtePersonalFreemailIssuingCA.crl
crl.2.uri=http://crl-server/
Next
Note: While CRL applies to a particular login module, Online Certificate
Status Protocol (OCSP) determines server-wide certificate status. Administrators must
edit the %JAVA_HOME%/jre/security/java.security
file to enable OCSP. Then in the login modules, set the Enable Revocation Checking
property to true. For information, see Enabling
OCSP.