Identify the certificate revocation lists (CRLs) that define a list
of digital certificates which have been revoked. Revoked certificates should not give the
Sybase Unwired Platform device user access to the
Unwired Server runtime.
Administrators can configure certificate revocation lists (CRLs) to check
if any of the certificates in the path are revoked. A series of URIs define the CRL
location.
- Using Sybase Control Center, open the
CertificateAuthenticationLoginModule and CertificateValidationLoginModule used by
your security configuration.
- For the CRL property, define one or more URIs. If using multiple
URIs, each must be indexed.
The index number used determines the order in which CLRs are
checked. This example uses two URI, each indexed accordingly so that the Verisign CRL
comes first.
crl.1.uri=http://crl.verisign.com/ThawtePersonalFreemailIssuingCA.crl
crl.2.uri=http://crl-server/
Next
Note: While CRL applies to a particular login module, OCSP determines certificate status
server-wide. Administrators must edit the
%JAVA_HOME%/jre/security/java.security file to enable OCSP. Then
in the login modules, set the Enable Revocation Checking property to true. For
information, see Enabling OCSP.