Configure CRL Caching

You can configure the Validation Extension to download and cache X.509 certificate revocation lists periodically for use during certificate revocation status checking. You can also configure the Validation Extension to download MiniCRLs from a ActivID Validation Authority. You can specify that the Validation Extension will first check the revocation status of a certificate based on the stored CRLs and MiniCRLs or after exhausting all OCSP validation options (that is, configured issuer-responder mappings, the AIA field, and fallback responders). The CRL or MiniCRL is identified to the Validation Extension by URL.  MiniCRL is a compact representation of a list of revoked certificates that can be consumed by relying parties.

Topics in this section: