In the Certification Authorities area, select the certification authorities to remove and click the Delete button.
|
IMPORTANT: If the removed public key certificate contains a revocation information point of distribution, the associated CRL or the OCSP responder is NOT removed from EAM PKA: the revocation status of users’ certificates will still be updated by the EAM PKA revocation engine. However, the enrollment of a user’s certificate emitted by the removed certification authority will be denied. |
|
IMPORTANT: You can use EAM PKA without checking the revocation status of users’ certificates. However, for obvious security reasons, this is strongly discouraged. |
To perform the tasks described in this section, you must have the following administration role:
In this section:
In most cases, the URL of a revocation information point of distribution is included in a public key certificate. When importing the public key certificate of a certification authority, EAM Console automatically imports the associated revocation information point of distribution.
However, in some cases, CA certificates do not use the same CRL than users’ certificates. It is then necessary to manually import the URL of CRLs that publish the revocation status of these users’ certificates.
Procedure
|
NOTE: This version of EAM PKA supports HTTP (http://...), FTP (ftp://...) in addition to local files (file://...) as a valid protocol to collect CRLs. Future version may support alternative protocols such as LDAP. |
In most cases, the URL of a revocation information point of distribution is included in a public key certificate. When importing the public key certificate of a certification authority, EAM Console automatically imports the associated revocation information point of distribution.
However, in some cases, CA certificates do not use the same OCSP responder than users’ certificates. It is then necessary to manually import the OCSP responders that publish the revocation status of these users’ certificates.
Procedure
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy