Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > Keeping revocation information up to date
Keeping revocation information up to date
Help | Content Gateway | Version 8.1.x
It is recommended that before your site accepts certificates, it checks the status of the certificate to ensure that it has not been revoked. There are two methods of doing this: through CRLs (see Certificate revocation lists) and through OCSP (see Online certification status protocol (OCSP)).
Certificate revocation lists
Use the Configure > SSL > Validation > Revocation Settings page to configure how Content Gateway keeps revocation information current. By default, Content Gateway downloads CRLs on a daily basis.
1.
For daily downloads of the CRLs, select Download the CRL at, and select the time when the CRL download occurs.
2.
Click Apply.
Use this page as well if you need an immediate CRL update.
1.
Click Update CRL Now to download the CRLs at a time other than that specified.
 
Note 
2.
Click View CRL Update Progress to see the status of the update.
For more information on certificate revocation lists, see RFC 3280.
Online certification status protocol (OCSP)
OCSP is a protocol that operates on a request/response basis. That is, when a site wants to verify the revocation status of a certificate, it sends a request to the CA about the status of the certificate. The CA then responds, confirming the validity (or revocation) of the certificate.
OCSP, because it is dealing with requests, rather than downloading CRLs, can provide improved performance. However, not all CAs provide responses, so CRLs can provide information about the status of more certificates.
Content Gateway enables you to cache OCSP responses about the revocation state of a certificate. Caching responses may be useful in environments with high amounts of SSL traffic and where saving bandwidth is important.
Use Configure > SSL > Validation > Revocation Settings to configure how Content Gateway keeps revocation information current.
1.
2.
Click Apply.
For more information on OCSP, see RFC 2560.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working With Encrypted Data > Keeping revocation information up to date
Copyright 2016 Forcepoint LLC. All rights reserved.