Revoke Certificate page configuration

The Identity Management (IdM) tool in SecureAuth® Identity Platform (formerly SecureAuth IdP) contains the Revoke Certificate page. As an administrator, use this page to view and revoke user certificates.

Prerequisites

A realm for the Revoke Certificate page with the following tabs configured before setting up the Post Authentication tab:

Overview
Data
Workflow
Multi-Factor Methods

Identity Platform configuration

Go to the Data tab.

In the Membership Connection Settings section, set the following to restrict this realm to to only administrators in the Group Permissions subsection.

User Group Check Type	Set to Allow Access.
User Groups	Enter the group name to which administrators belong. For example, Admins.
Groups Field	The groups field in the data store directory containing the group information for each user.

Save your changes.
Go to the Post Authentication tab.

In the Post Authentication section, set the following.

Authenticated User Redirect	Set to Revoke Certificate.
Redirect To	This field is autopopulated with the post authentication .aspx page. This is appended to the domain name and realm number in the web address bar. For example, Authorized/RevokeCert.aspx.

Save your changes.

Troubleshooting

In some situations, IIS caches the CRL and does not automatically grab the latest CRL for revocation. This can happen in realms using ActiveX plugin from SecureAuth to validate certificates or in realms validating Java certificates.

To force IIS to check for the updated CRL, run the following command as an administrator:

certutil -setreg chain\ChainCacheResyncFiletime @now

In this section:

Revoke Certificate page configuration

Prerequisites

Identity Platform configuration

Optional configurations for token or cookie settings and SSO

Troubleshooting

Search results