Configuring certificate revocation lists

When using client certificates to control access for client devices, if you have a device which has been compromised you can blacklist that device by using a Certificate Revocation List.

A certificate revocation list (CRL) is a list of revoked certificates by serial number. CRLs are associated with a specific certificate authority which issues the CRL and corresponding certificates. To use a CRL in Eclipse Amlen, you must configure a CRL profile. Only one CRL can exist inside a CRL profile. The CRL profile must be associated with a security profile. The UseClientCertificate property of the associated security profile must be set to true. Ensure that at least one trusted certificate is associated with the security profile that you are using.