Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Cloud Service Automation4.80.0002

Administer > Configuration > Common Access Card > Configure Certificate Revocation

Configure Certificate Revocation

You will need to revoke a certificate if it has been compromised in any way or if an employee leaves your organization.

The following are the methods to revoke a certificate:

Configure CSA to use a Certificate Revocation List (CRL)
Configure CSA to Use a Certificate Revocation List Distribution Point (CRL DP)
Configure CSA to Use the Online Certificate Status Protocol (OCSP)

Configure CSA to Use a Certificate Revocation List

The following is an example of how to revoke a certificate that was generated by the certificate authority and publish a Certificate Revocation List (CRL) that contains this certificate ID in the list. The CRL must already exist. You will download and save it in a folder on the system where CSA is installed and point to its location using the ca-revocation-url parameters.

Copy the CRL file to the system where CSA is installed (for example, copy it to the
<crl_file_directory> directory).
In the CSA_HOME\jboss-as\standalone\configuration\standalone.xml file, add the ca-revocation-url="<crl_file>" attribute to the <truststore path="<location of truststore>" keystore-password="<truststore password>"/> element.

For example, change the following from:

<authentication> <truststore path="<location of truststore>" keystore-password="<truststore password>"/> </authentication>

to:

<authentication> <truststore path="<location of truststore>" keystore-password="<truststore password>" ca-revocation-url="<crl_file>"/> </authentication>
Log in to the Cloud Service Management Console or the Marketplace Portal using a revoked certificate. The Secure Connection Failed message should display in the browser.

After restarting CSA (described below), you should log in to the Cloud Service Management Console or the Marketplace Portal using a revoked certificate. The Secure Connection Failed message should display in the browser.

Configure CSA to Use a Certificate Revocation List Distribution Point

To enable a Certificate Revocation List Distribution Point (CRL DP), edit the CSA_HOME\jboss-as\standalone\configuration\ standalone.xml file and enable revocation and CRL DP by adding the following lines under <system-properties>:

<property name="com.sun.net.ssl.checkRevocation" value="true"/> <property name="com.sun.security.enableCRLDP" value="true"/>

Configure CSA to Use the Online Certificate Status Protocol

To enable the Online Certificate Status Protocol (OCSP), do the following:

Edit the CSA_HOME\jboss-as\standalone\configuration\ standalone.xml file and enable revocation by adding the following line under <system‑properties>:

<property name="com.sun.net.ssl.checkRevocation" value="true"/>
Edit the CSA_JRE_HOME\lib\security\java.security file and uncomment the following line (where CSA_JRE_HOME is the directory in which the JRE that is used by CSA is installed):

ocsp.enable=true

Send Help Center feedback