In simple terms, a Certificate Revocation List (CRL) is a type of blocklist of digital certificates that Certificate Authority organizations (CAs) deem as untrustworthy or that they are no longer willing to vouch for. It is a list of digital certificates that have been revoked by the issuing CA.

From release 10.2.1.1 and later, Avaya Aura® supports HTTP proxy to download CRLs. CRL download using a proxy eliminates the requirement for a direct connection to the Certificate Authority (CA), which can be a security risk.

This release supports the HTTP proxy type with basic authentication, which requires a username and password. Alternatively, customers can configure proxy support without authentication. Customers can configure up to three proxies as a maximum at any time.

Customers can configure the frequency with which Avaya Aura® checks for updates to CRLs and downloads a new CRL. To enable this functionality, customers can configure a CRL download job.

System Manager and Session Manager use these configuration settings in tandem. So, it is important to understand the implications of these settings for Session Manager.

Session Manager uses the HTTP proxy settings for both CRL download and Push Notification. The new feature for HTTP proxy overrides any configuration on the Global Settings for Session Manager. Session Manager uses HTTP proxy configurations in priority order, as they appear on the HTTP Proxy screen. For more information, see Administering Avaya Aura® Session Manager.