Add a New LDAP CRL Data Source

You can use LDAP CRL sources to load one or more CRLs from a directory server.

  1. On the Data Sources page, click add a new LDAP CRL data source.

  2. In the Name field, enter the name that the directory server that will use to identify this LDAP CRL data source. This name must be unique across all other data sources.

  3. To prevent data from being retrieved periodically from the data source when the Data Sources job runs, clear the Enabled option.

  4. In the LDAP ID field, enter the identifier for this LDAP data source, which must be unique across other LDAP sources.

  5. If you have multiple data sources, you can select a data source from the Fallback Data Source Name drop-down list. Choose name of the CRL Source to use as fallback if the connection to this source fails. This is the ID of the CRL source that will be used if a connection to the primary CRL source fails. When setting a chain of fallback data sources, you must not set up a loop of fallback sources that causes the last fallback source in the chain to point back to the primary CRL source.

  6. To pre-fill the LDAP Query Parameters input fields with one of the following options:

    • Option 1: Specify a CRL distribution point URL.

      If you have a URL from which Validation Authority can retrieve a CRL, then enter it in the CRL distribution point URL field, and click Pre-fill Form. Validation Authority tests that data source automatically.

    • Option 2: Specify the LDAP Server data manually if you do not have a CRL distribution point URL.

      If you use a listed CA (Entrust, Verizon UniCERT, Microsoft, Identrust) as your directory server in the Choose LDAP type drop-down list, then select it in order to use the appropriate template.

    If not, select Canonical CA.

  7. To erase all entered data from this form, select Clear all fields from the drop-down list. The template will pre-fill the fields in the form with examples of appropriate values for the type of CA that you selected.

    Be careful of the type of CRL data that you want to load. For example, when using a Microsoft CA to provide delta CRLs, change the values in the LDAP Filter, Return Attribute List, and the CRL Attribute fields from certificateRevocationList to deltaRevocationList;binary.

  8. Follow the steps in sections Configure a LDAP Query Parameters and Register Certificate.

  9. After you have entered the necessary information to configure the data source, test the data source.

    If the test is successful, then a list of CRLs is displayed. If the test is unsuccessful, then an error message is displayed next to the appropriate entry that caused the error. If there are multiple problems with the configuration, then you might only receive a single error message.

  10. When the problem is resolved, test the configuration again. The next error message is displayed.

  11. When the test has been completed successfully, click Save Data Source to save your changes. Alternatively, click Cancel to return to the Data Sources page without saving your changes.

Modify a LDAP CRL Data Source

To modify a LDAP CRL data source, click on the magnifying glass icon to the left of the LDAP CRL Source on the Data Sources page. The LDAP Query Parameters section will be simplified.

After you have entered the necessary information to modify the data source, test the data source.