You can run the CICS-supplied transaction CCRL using a terminal
to download certificate revocation lists (CRLs).
- From a terminal, enter the command CEOT TRANIDONLY so
that you can enter the list of URLs in mixed case.
- Enter CCRL url-list,
where url-list is the URL that specifies the location of
the certificate revocation list file that you want to download. You can specify
more than one URL by leaving a space between each URL in the list. For example, you could specify: CCRL http://crl.verisign.com/ATTClass1Individual.crl
http://crl.verisign.com/ATTClass2Individual.crl.
- You are prompted to enter the administrator distinguished name
and password for the LDAP server. This allows CICS to update the LDAP server
with the CRLs that it downloads. The administrator name and password
are specified in the file slapd.conf. For more information about configuring
this file, see Configuring an LDAP server for CRLs
CICS downloads the CRLs from the URLs that you have specified and
store them in the LDAP server. You will receive confirmation that all of the
lists were downloaded. If CICS experiences a problem, for example the URL
is not valid, you will receive an error message.
To set up regular updates, you can use a START command. See
Running CCRL from a START command.