Enabling revocation information

Last Updated : Oct 03, 2022 |

About this task

Use this procedure to enable revocation information in identity certificates issued by the Certificate Manager CA. You can do this during a fresh installation or upgrade.

When revocation is enabled, certificates contain extensions related to CRL, OCSP, or both. If Certificate Manager is configured to add CRL-related extensions to certificates, it issues a CRL every 24 hours with a validity of 7 days. You can download the CRLs from http://<cluster_FQDN>/ejbca/publicweb/webdist/certdist?cmd=crl&format=PEM&issuer=CN%3DCertificate+Manager+CA%2cO%3DAvaya.

Procedure

On the cert-manager tab of the solution configuration spreadsheet, add config:certmgmt-service:service:ProvideRevocationInfo= with one of the following values:

Value	Description
BOTH	Certificate Manager adds both CRL and OCSP information to certificates issued post-installation or post-upgrade.
CRL_ONLY	Certificate Manager only adds CRL information to certificates issued post-installation or post-upgrade.
OCSP_ONLY	Certificate Manager only adds OCSP information to certificates issued post-installation or post-upgrade.

For example, if you want both CRL and OCSP information to be included in certificates, add config:certmgmt-service:service:ProvideRevocationInfo=BOTH in the solution configuration spreadsheet.

If you change the value of config:certmgmt-service:service:ProvideRevocationInfo while upgrading, changes to revocation information only affect new certificates that are issued after the upgrade.

Send Feedback

AVAYA DOCUMENTATION CENTER

No results found

AVAYA DOCUMENTATION CENTER

No results found

Deploying Avaya Analytics™ for Avaya Oceana®

Enabling revocation information

About this task

Procedure