Step 3 - Configure CRL Monitor
The CRL Monitor module is used by the XKMS Service to check the certificate status/revocation information for the CAs are registered in the Trust Manager that have a validation policy set to CRL. Ensure the CRL retrieval policy is configured correctly for the CAs within the ADSS Trust Manager. Also ensure that CRL Monitor is running and it is polling for CRLs for those CAs whose automatic polling is enabled.
For non-registered CAs their current CRL will be pulled dynamically as the first validation request is received and cached until its expiry, or for the period specified in the system properties file. For CAs that over-issue CRLs in advanced of the next update time it is recommended that these are registered so that CRL Monitor can check for such over-issued CRLs and download them on a regular basis. This will optimise validation processing.
For those CAs that require OCSP validation ADSS Server contains an in-built OCSP client and these details are defined within the Trust Manager module. Where required and where licensed, the local OCSP Service could be used to provide OCSP validation authority processing for one or more CAs.
See also
Step 1 - Generate Key and Certificate
Step 2 - Registering CAs
Step 4 - Configuring XKMS Profile
Step 5 - Registering Business Applications
Step 6 - Using the Service Manager