The CICS-supplied transaction CCRL allows you to download
and store certificate revocation lists (CRLs) that can be used in
the SSL handshake to determine if client certificates are valid.
Before you begin
You need to configure an LDAP server to specify which certificate
authorities you want to use and to create an administrator id and
password. See Configuring an LDAP server for CRLs for
detailed instructions.
About this task
Certificate revocation lists are available from certificate
authorities such as Verisign. They are kept in CRL repositories that
are available on the World Wide Web and can be downloaded and stored
in an LDAP server. To populate the LDAP server and update certificate
revocation lists, use the CICS-supplied transaction CCRL. You can
run the CCRL transaction from a terminal or using a START command.
Use the START command to schedule regular updates.
Procedure
- Specify the name of the LDAP server in the system initialization
parameter CRLPROFILE.
- Run the CCRL transaction