When you use digital certificates to authenticate hosts, you can ensure that those certificates are valid by configuring certificate revocation checking. This feature checks the certificate revocation lists (CRLs) specified by the CRL Distribution Point (CDP) field of the certificate to determine whether the certificate has been revoked.
In Extra!, you can enable CRL checking for all sessions that use Secure Shell certificates and for 3270 sessions that use Micro Focus SSL/TLS security settings.
To enable CRL checking for a Secure Shell session
With a session file open, choose
> .On the left, select
.On the
tab, click the button.In the
dialog box, click the tab.Select either
or .NOTE:If CRL checking is enabled in Internet Explorer (via the
option), will be selected by default in all Extra! SSH sessions.Your settings are saved to an SSH configuration scheme. CRL checking will be applied in all sessions that use this SSH configuration scheme.
To enable CRL checking for an SSL/TLS session (3270 only)
With a session file open, choose
> .On the left, select
.On the
tab, click the button.In the
dialog box, make sure that is set to SSL v3.0, TLS v1.2 or TLS v1.0.Under
, select one or both of the following:A digitally signed list of certificates that have been revoked by the Certification Authority. Certificates identified in a CRL are no longer valid.
A protocol (using the HTTP transport) that can be used as an alternative to CRL checking to confirm whether a certificate is valid. An OCSP responder responds to certificate status requests with one of three digitally signed responses: "good", "revoked", and "unknown". Using OCSP removes the need for servers and/or clients to retrieve and sort through large CRLs.
NOTE:Unlike SSH sessions, this CRL setting is independent of the Internet Explorer CRL option
.