The CRL Monitor module is used by the Signing Service to check the certificate revocation information for the CAs that are registered in the Trust Manager with validation policy set to "Local CRL Cache". Ensure the CRL retrieval policy is configured correctly for the CAs within the ADSS Trust Manager. Also ensure that CRL Monitor is running and it is polling for CRLs for those CAs whose automatic polling is enabled.

For non-registered CAs their current CRL will be pulled dynamically as the first validation request is received and cached until its expiry, or for the period specified in the system properties file. For CAs that over-issue CRLs in advanced of the next update time it is recommended that these are registered so that CRL Monitor can check for such over-issued CRLs and download them on a regular basis.  This will optimise validation processing.

For those CAs that require OCSP validation ADSS Server contains an in-built OCSP client and these details are defined within the Trust Manager module. Where required and where licensed, the local OCSP Service could be used to provide OCSP validation authority processing for one or more CAs.


See also

Step 1 - Generating Keys and Certificates
Step 2 - Registering CAs
Step 4 - Configuring Signing Profile
Step 5 - Registering Business Applications
Step 6 - Using the Service Manager