Officer Operations - Revocation Lists

From the Officer menu, you can view the list of loaded revocation lists and the related information.

  1. Click Revocation Lists.

    • You can re-order the list by clicking any of the headers (For example, This Update, Next Update, Issuer, List #, Serial Numbers, or Entries).

    • The up or down arrow next to the header indicates whether the column is sorted in a descending or an ascending order.

    • For the first time you click a header link, the column will be sorted in a descending order. To sort it in an ascending order, click the header link again.

      Note: When the logged-in user also has the administrator role, the entries in the Issuer column are displayed as links that can be used to display the Issuer Details page.

Viewing the Details of Revocation Lists

  1. To view the details for the certificate issuer of a particular revocation list, click on the magnifying glass to the left of the CRL.

  2. The Revocation List Detail page lists details for a single revocation list. The Revocation List Entries area lists details for individual entries. You can re-order this list by clicking any of the headers (that is, Serial Number, Revoke Date, or Reason Code).

  3. Click return to revocation lists to return to the previous page.

Registering a Revocation List

In order to generate OCSP responses, you must register a revocation list for a CA.

However, it is possible for Validation Authority to pre-generate basic OCSP responses for an issuer when no certificates and no CRLs are registered for that issuer. The status of all generated responses is valid. The range of serial numbers for valid responses starts from 1 to the value of the "serial numbers after the highest revoked serial number" that you configure in the OCSP Response List Preregeneration Configuration page.

Note: Production systems use data sources to register and periodically update revocation lists, see section Administrator Operations - Jobs.

  1. On the Revocation Lists page, click Register a New Revocation List.

  2. Browse for the revocation list, and then click Register Revocation List.

    You can only register revocation lists issued by CAs that are registered with the Validation Authority. A revocation list will be ignored if it is not more recent than the current revocation list for its issuer.

    Alternatively, click Cancel to return to the Revocation Lists page.

    Note: It can take considerable time to register a large revocation list.