7.5. Enabling Revocation Checking

Revocation checking means that a Certificate System subsystem verifies that a certificate is both valid and not revoked when an agent or administrator attempts to access the instance's secure interfaces. This leverages a local OCSP service (either a CA's internal OCSP service or a separate OCSP responder) to check the revocation status of the certificate.

OCSP configuration is covered in Section 7.6, “Using the Online Certificate Status Protocol (OCSP) Responder”.

See Enabling Automatic Revocation Checking on the CA in the Red Hat Certificate System  Planning, Installation, and Deployment Guide.

See Enabling Certificate Revocation Checking for Subsystems in the Red Hat Certificate System  Planning, Installation, and Deployment Guide.