Certificate Revocation/Expiry Status Verification
-
CTI Connections with JTAPI /TAPI applications.
-
LDAP Connection between Unified Communications Manager and SunOne servers.
-
IPSec Connections
The enterprise parameter Certificate Revocation and Expiry allows you to control the certificate validation checks. The revocation and expiry check parameter is enabled on the Enterprise Parameter page of Unified Communications Manager. The certificate expiry for the long lived sessions is not verified, when the enterprise parameter value is disabled.
The certificate revocation service is active for LDAP and IPSec connections, when the Enable Revocation is selected on the Operating System Administration of Unified Communications Manager and revocation and expiry check parameter is set to enabled. The periodicity of the check for IPSec connections are based on the Check Every value. The revocation check for the certificate is not performed, if the Enable Revocation check box is unchecked.
Note |
The GeneralizedTime values for X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) profile must be expressed in Greenwich Mean Time (GMT) and must include seconds (i.e., times are YYYYMMDDHHMMSSZ), even when the number is zero. GeneralizedTime values must not include the fractional seconds. If the peer entity offers a certificate which violates this rule or a certificate is loaded in the trust stores from the peer entities, then it could possibly fail the certificate verification process. |